Need help for exfiltration of data (educational)
by thedarklostsoul - October 28, 2020 at 03:36 PM
#1
Hello Everyone,

i need to exfiltrate data from a machine consider from a vm only by using windows CLI , i dont want to download anything from externally as it will trigger soc alerts, i want to use something built into windows like curl, wmic or powershell for it?

anyone knows about any tools which can be useful here ? even if not builtin windows tools any scripts or other tools used for data exfiltration is highly appreciated
Reply
#2
(October 28, 2020 at 03:36 PM)thedarklostsoul Wrote: Hello Everyone,

i need to exfiltrate data from a machine consider from a vm only by using windows CLI , i dont want to download anything from externally as it will trigger soc alerts, i want to use something built into windows like curl, wmic or powershell for it?

anyone knows about any tools which can be useful here ? even if not builtin windows tools any scripts or other tools used for data exfiltration is highly appreciated

Even older Windows vervions have a native ftp client man. Can be used to upload data to your server.
Reply
#3
(October 28, 2020 at 08:16 PM)dmitrykrassinskyi Wrote:
(October 28, 2020 at 03:36 PM)thedarklostsoul Wrote: Hello Everyone,

i need to exfiltrate data from a machine consider from a vm only by using windows CLI , i dont want to download anything from externally as it will trigger soc alerts, i want to use something built into windows like curl, wmic or powershell for it?

anyone knows about any tools which can be useful here ? even if not builtin windows tools any scripts or other tools used for data exfiltration is highly appreciated

Even older Windows vervions have a native ftp client man. Can be used to upload data to your server.

Thanks Alot Man, i found another way !! 

https://gofile.io/ - its a gui tool but you can upload data with API too
Reply
#4
That is good idea, but there is problem you if they block the file hosting sites. Before you start exfi from machine to outside look to get some site that have category in law or medical ( because of priviacy laws in most country dont inspect traffic to this sits).
Depends on how big file is you want to extract there is much more covert way to do it ( its not easy like api but you have tools to do it automatic ) you can use DNS quertys to trasfer data ( you are limited on size per request). You get domain to point to your dns server and then from machine that on VM you make TXT DNS requests for diffrent subdomains of the main domain and capture data from it.

For the tool you can search google for dns exfil tool . In top of my head i think dnscat can do what you want.
Reply
#5
The link isn't working for me? this happening to anybody else?
Reply
#6
(January 29, 2021 at 08:29 AM)L33THACKER105 Wrote: The link isn't working for me? this happening to anybody else?

are you talking about gofile.io ? yes it is working
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Awesome One Liner Macro Reverse Shell (Educational) thedarklostsoul 2 299 January 31, 2021 at 05:39 PM
Last Post: thedarklostsoul
Hello need help Splunk BluRain 3 247 January 29, 2021 at 08:38 AM
Last Post: L33THACKER105
i need serious help Robski2380 4 472 April 28, 2020 at 02:28 AM
Last Post: bLACkpLAgu33

 Users browsing this thread: 1 Guest(s)