Data Exfiltration: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
Line 1: | Line 1: | ||
There are many different ways to exfiltrate data using many different protocols and tools. Your objective should be to exfiltrate as much as possible without being seen by the blue team/sysadmins. | |||
== Microsoft Exchange == | == Microsoft Exchange == |
Revision as of 22:15, 28 July 2023
There are many different ways to exfiltrate data using many different protocols and tools. Your objective should be to exfiltrate as much as possible without being seen by the blue team/sysadmins.
Microsoft Exchange
- Export all mailboxes:
foreach ($mbx in (Get-Mailbox)){New-MailboxExportRequest -mailbox $mbx.alias -FilePath "\\127.0.0.1\C$\Folder\$($mbx.Alias).pst"}
- Using the Exchange 2010 Mailbox Export features for Mass Exports to PST files: https://www.allabout365.com/2010/07/using-the-exchange-2010-sp1-mailbox-export-features-for-mass-exports-to-pst
Tools and Resources
- Exfiltration: https://book.hacktricks.xyz/generic-methodologies-and-resources/exfiltration
- Guacamaya (42:45 - Exfiltrating files)
- Zip up a directory quickly for easy exfiltration: https://github.com/thoemmi/7Zip4Powershell
- Rclone: https://rclone.org/#about
- WinSCP: https://github.com/winscp/winscp