Data Exfiltration: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
| Line 6: | Line 6: | ||
== Tools and Resources == | == Tools and Resources == | ||
* Exfiltration: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration | * Exfiltration techniques: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration | ||
* [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (42:45 - Exfiltrating files) | * [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (42:45 - Exfiltrating files) | ||
* Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell | * Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell | ||
* Rclone: https://rclone.org/#about | * Rclone: https://rclone.org/#about | ||
* WinSCP: https://github.com/winscp/winscp | * WinSCP: https://github.com/winscp/winscp | ||
Revision as of 01:06, 29 July 2023
There are many different ways to exfiltrate data using many different protocols and tools. Your objective should be to exfiltrate as much as possible without being seen by the blue team/sysadmins.
Microsoft Exchange
- Export all mailboxes:
foreach ($mbx in (Get-Mailbox)){New-MailboxExportRequest -mailbox $mbx.alias -FilePath "\\127.0.0.1\C$\Folder\$($mbx.Alias).pst"} - Using the Exchange 2010 Mailbox Export features for Mass Exports to PST files: https://www.allabout365.com/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst
Tools and Resources
- Exfiltration techniques: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration
- Guacamaya (42:45 - Exfiltrating files)
- Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell
- Rclone: https://rclone.org/#about
- WinSCP: https://github.com/winscp/winscp