See how to use the Python exfiltration toolkit to exfiltrate data in this video.
- [Instructor] I've got two terminals set up…and positioned in the PyExfil HTTPS folder.…And I'll run one as the target,…which is exfiltrating data, the HTTPS Client,…and the other is the collector, the HTTPS Server.…I've also got Wireshark running in the background…so we can see what's sent.…I'll start at my collector.…The collector's now waiting for traffic.…On the second terminal, I'll initiate the exfiltration.…
We can see that in collector terminal,…a handshake has been detected,…the connection has been made and the data's being sent.…The exfiltrator tells us…that it's loaded the /etc/passwd file…and then advises that it's been sent in one chunk.…The collector confirms it has the file…and has written it into the collection folder.…It's now waiting for another exfiltration to occur.…Let's close the collector…and have a look at the exfiltration file.…
We can see this is indeed the /etc/passwd file.…Let's now have a look at what we captured in Wireshark.…We can see the standard HTTPS Client…and Server Hello packets,…
- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS
Skill Level Advanced
Ethical Hacking: Penetration Testingwith Lisa Bock1h 29m Intermediate
Penetration Testing Essential Trainingwith Malcolm Shore2h 29m Intermediate
Penetration Testing: Advanced Kali Linuxwith Malcolm Shore2h 22m Intermediate
1. Preparing the Lab
Next steps1m 38s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.