Tuesday, 19 April 2016

Data Exfiltration via HTTP / Web server logs

Hi ,

I was just working on project, and got an Idea of exfiltrating data via HTTP!......
This might be already know to you, but adding here for documenting purpose.

Scenario :
What is if you have access to a victim machine and quickly want to ex filtrate some very important figures/key data or may be anything.

First thing is copy all your data in this case attacker wants to exfiltrate some victim credentials.

Simply paste data after attackers domain name / IP this will generate Logs at attackers web server.
Attacker will simply open web server log file and read the ex-filtrated data i.e credentials.

Attackers opens web server logs and look for ex-filtrated data

Attacker replaces by default encoded characters and view credentials

Although its very simple trick but its works in real environment!..

No comments:

Post a Comment