redsiege / egress-assess Goto Github PK

I'm pretty confident this was a debugging statement for you at some point that made it into master:

https://github.com/FortyNorthSecurity/Egress-Assess/blob/master/EgressAssess.ps1#L357

Generate-CreditCards drops a file named CCData.txt

The following command...
date; IEX (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/ChrisTruncer/Egress-Assess/master/Invoke-EgressAssess.ps1‘); Invoke-EgressAssess -client http -IP x.x.x.x -ResolveDNS -Proxy -Datatype identity -Size 5 -Loops 1 -Verbose; date;

Returns the following results...
Thursday, October 08, 2015 11:38:35 AM
VERBOSE: [] Testing server connection
VERBOSE: [] Server is UP on secure.malofsky-schwartz.com.
VERBOSE: [*] HTTP Server Running on secure.malofsky-schwartz.com port 80.
VERBOSE: Uploading data...

VERBOSE: [] Transfer complete!
VERBOSE: [] 0 loops remaining..
VERBOSE: Uploading data..

VERBOSE: [] Transaction Complete.
VERBOSE: [] Exiting..
Thursday, October 08, 2015 11:38:38 AM

It would be a great feature to have to generate the fake data so that we could use it to zip up and upload to something like google drive, mega.nz, etc. As well as using native SSH clients (SCP) and FTP clients.

Invoke-EgressAssess -client none -Datatype cc -Size 50 -Outfile cc.txt

It'd be nice if you could specify the port to send data on in the Powershell version. You can set the server port number for the listener server-side, but not the client-side. For example, I can't test FTP data over port 1234 because the powershell client doesnt accept an alternate port.

I am a Chinese security researcher, very happy to use Egress-assessment, I would like to add gh0st Trojan simulation traffic, how to simulate the implementation?

Powershell is dead, a c# version would be amazing

When running the following command...
Invoke-EgressAssess -client http -IP X.X.X.X -ResolveDNS -Proxy -Datatype ssn -Size 5 -Loops 1 -Report c:\temp\report.txt -Verbose
I get this error...
VERBOSE: Report File = c:\temp\report.txt
Unable to find type [ordered]: make sure that the assembly containing this type is loaded.
At line:1019 char:34

•         $EAreport = [ordered] <<<< @{
  

  • CategoryInfo : InvalidOperation: (ordered:String) [], ParentContainsErrorRecordException
  • FullyQualifiedErrorId : TypeNotFound

VERBOSE: [] Testing server connection
VERBOSE: [] Server is UP on .
VERBOSE: [] FTP Server Running on port 21.
VERBOSE: [] Generating 50 MB of Credit Cards (1500000)...

[+] received output:
VERBOSE: [*] Uploading data..

[+] received output:
VERBOSE: [] Error, tranfer failed with error:
VERBOSE: Exception calling "UploadString" with "2" argument(s): "The remote server returned an error: 227 Entering passive mode (,234,183).
."
VERBOSE: [] Exiting..

Tried with ufw fw rules in place and also opening up the server to allow any connection to and from FTP. Still the same error comes up.

Please add RAR file as a data type for exfil

• Server
  ./Egress-Assess.py --server smb

• Client
  ./Egress-Assess.py --client smb --file /root/secrets.txt --ip 10.0.0.10
  ##############################################################

smbclient \\10.0.0.10\DATA -N -c "put secrets.txt"
WARNING: The "syslog" option is deprecated
secrets.txt does not exist
[+] File Transmitted!
##############################################################

Notice that the file paths to secrets.txt are different.
Same thing works fine with https.

I am facing the timeout error on Exfiltration using HTTPS.

On Server:
p@kali:~/Egress-Assess$ sudo ./Egress-Assess.py --server https

On Client :
PS C:\Users\Egress-Assess-master> Invoke-EgressAssess -client https -datatype cc -Verbose -ip 9.73.2.1
VERBOSE: [] Testing server connection
VERBOSE: [] Server is UP on 9.73.2.1.
VERBOSE: [*] Error, tranfer failed with error:
VERBOSE: Exception calling "Connect" with "2" argument(s): "A connection attempt failed because the connected party did not properly respond after a period of
time, or established connection failed because connected host has failed to respond 9.73.2.1:443"
PS C:\Users\Egress-Assess-master>

But when I browse 9.73.2.1:443 using browser, i can see the request. Any help.

This is less of an issue and more like a comment on how to fix it, you mention to generate a server.pem "on the same level as Egress-Assess" but in the https web server code you specify the following certificate path
cert_path = helpers.ea_path() +\ '/protocols/servers/serverlibs/web/server.pem'
This results in the code not being able to find the certificate unless it is located here -> {EGRESS-PATH}/protocols/servers/serverlibs/web/server.pem.
You can easily fix that and even integrate the ssl certificate creation with the code itself.

DNS client is sending malformed data when using the powershell client of Egress-Assess.

It would be cool to keep a running log somewhere on disk of the transfers that were done. The source IP, protocol, data size, type, etc. That way the user can reference it after the terminal has been closed.

[+] received output:
VERBOSE: [] Testing server connection
VERBOSE: [] Server is UP on .
VERBOSE: [] You did not provide a data type to generate.
VERBOSE: [] DNS file transfers currently not supported.