I'd love some help constructing a "peace offering" exfiltration attack

[velocity05]

Hello, first of all sorry if this is the wrong place to post this... I'm a super newbie but I have an exfiltration attack I need to carry out and was hiping you could help out.

I don't particularly feel comfortable in betting on a period of time alone with the target computer so I'd rather socially engineer it.

I plan to do this by offering to transfer peace offering files off of my USB (likely to be either a rubber ducky or a bash bunny) whilst the payload does its thing.

The main problem I'm having is in the size of the files I plan to exfiltrate they are upwards of 10mb and there may be hundreds.

In order to cover the time it would take to exfiltrate these files, my "peace offering" also needs to be sizeable. 

My question is do you think this is possible and also what tool do you think can best carry out this task?

Any help welcome!!

P.S. My research has lead me to believe that exfiltration isn't possible through wifi pineapple, if this is incorrect please let me me know :)

[SnuSnu]

Maybe you Have the Bash Bunny/ Ducky Use Powershell to upload the files to a file hosting service? Or have an backdoor so you could copy them one at a time but if the server you are targeting is in a closed network or intranet, you might just have to have a pretty big SD card on the ducky. Also, you "peace offering" to buy you time could just be pulling the fire alarm on the other side of the building so everyone would evacuate the place.

[0phoi5]

On ‎15‎/‎04‎/‎2017 at 9:53 PM, velocity05 said:

The main problem I'm having is in the size of the files I plan to exfiltrate they are upwards of 10mb and there may be hundreds.

In order to cover the time it would take to exfiltrate these files, my "peace offering" also needs to be sizeable. 

My question is do you think this is possible and also what tool do you think can best carry out this task?

 

Could you not create a 'run-in-background' program on the user's PC, using the Rubber Ducky, and then set a Task Schedule to run it?

For example, you could create a VBScript file using the Rubber Ducky, in seconds, that simply hides as it runs. No pop-ups.

This would allow a long process, that would take a while (in this case, uploading large files to a web server), to run on the user's PC whilst you are not there. Gather info, send to server location, remove evidence, done.

 

This uses a batch file and a VBS file to run the batch file 'silently'. The process will show in Task Manager whilst it runs, but that's it. Nothing on-screen.

Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "C:\HackAllTheThings.bat" & Chr(34), 0
Set WshShell = Nothing

 

The Rubber Ducky could create the VBS file, the batch file and a task schedule to run the VBS file in around 30 seconds.

Edited April 18, 2017 by haze1434