Data Exfiltration: Difference between revisions
Jump to navigation
Jump to search
(Data Exfiltration Methods and Techniques) |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
There are many different ways to exfiltrate data using many different protocols and tools. Your objective should be to exfiltrate as much as possible without being seen by the blue team/sysadmins. | |||
== Microsoft Exchange == | == Microsoft Exchange == | ||
* Export all mailboxes: <code>foreach ($mbx in (Get-Mailbox)){New-MailboxExportRequest -mailbox $mbx.alias -FilePath "\\127.0.0.1\C$\Folder\$($mbx.Alias).pst"}</code> | * Export all mailboxes: <code>foreach ($mbx in (Get-Mailbox)){New-MailboxExportRequest -mailbox $mbx.alias -FilePath "\\127.0.0.1\C$\Folder\$($mbx.Alias).pst"}</code> | ||
* Using the Exchange 2010 Mailbox Export features for Mass Exports to PST files: https://www.allabout365.com/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst | |||
== Tools and Resources == | == Tools and Resources == | ||
* Exfiltration: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration | * Exfiltration techniques: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration | ||
* [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (42:45 - Exfiltrating files) | * [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (42:45 - Exfiltrating files) | ||
* Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell | * Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell | ||
* Rclone: https://rclone. | * Rclone: https://github.com/rclone/rclone | ||
* WinSCP: https://github.com/winscp/winscp | |||
* Windows Exfiltration Blog: https://www.ired.team/offensive-security/exfiltration | |||
Latest revision as of 20:40, 31 July 2023
There are many different ways to exfiltrate data using many different protocols and tools. Your objective should be to exfiltrate as much as possible without being seen by the blue team/sysadmins.
Microsoft Exchange
- Export all mailboxes:
foreach ($mbx in (Get-Mailbox)){New-MailboxExportRequest -mailbox $mbx.alias -FilePath "\\127.0.0.1\C$\Folder\$($mbx.Alias).pst"} - Using the Exchange 2010 Mailbox Export features for Mass Exports to PST files: https://www.allabout365.com/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst
Tools and Resources
- Exfiltration techniques: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration
- Guacamaya (42:45 - Exfiltrating files)
- Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell
- Rclone: https://github.com/rclone/rclone
- WinSCP: https://github.com/winscp/winscp
- Windows Exfiltration Blog: https://www.ired.team/offensive-security/exfiltration