Original Source & Inspiration: http://www.shellntel.com/blog/2015/9/16/powershell-cc-memory-scraper * Non-resident credit card memory scraper, now improved the obfuscation technique using -EncodedCommand * One-liner PowerShell script/downloader essentially does its dirty work without any additional malware corpus on the host * Great for penetration tests of various merchants or for PCI-DSS audit compliance
2 Comments
Source: Python for Black Hat
I. tcp_client.py (base64-encoded exfiltrated data) 1. Create a socket object 2. Connect the client 3. Send some Base64-encoded data 4. Receive data response = II. tcp_server.py 0.0.0.0:9999 (original and decoded) 1. Send something 2. Print out what the client sends 3. Send back a packet 4. Spin up our client thread to handle incoming data |
AuthorVitali Kremez Archives
July 2016
Categories |