Last updated
Was this helpful?
Last updated
Was this helpful?
SMB (Server Message Block) exfiltration refers to the unauthorized extraction or transfer of data from a compromised network or system using SMB protocols. Attackers can leverage SMB to transfer sensitive or valuable information from an organization's network to an external location.
Tools like can be used to recursively download a SMB share's content.
The previous command generates a json file with the list of accessible files in shares. We may use jq to parse this json output.
To exfiltrate the data from the target, we can compress the data and transfer it via an SMB shared folder hosted on our attacking host.
First, start a SMB server on your attacking host using from impacket
On the target, compress target data
From the target, mount the share folder and copy files to it
MITRE ATT&CK™ - Exfiltration - Tactic TA0010