Bash Data Exfil

    Not unlike the previous post, PowerShell Data Exfil, this is another example of how we would move data outside the network using email.  This time, we're using a simple Bash script that base64 encodes the data, calls Sendmail, and exfiltrates the data to a Gmail account.  By default, Gmail will not allow what it considers "less secure apps" to send data but a simple flip of the switch will solve that issue.  As a final point, we're obviously not confined to using Gmail, I would suggest using a provider that supports TLS rather than sending this over port 25. 

    In Gmail, we "Allow less secure apps" :


    -f From
    -u Subject
    -t To
    -s Server
    -o Options
    -xu Username
    -xp Password
    -m Message


    We give our script execute permissions and then we execute it -- the result:


    We dump the base64 into a file, decode it, unzip it:


    And we successfully exfil data using Gmail.


    © 2020 sevenlayers.com