Skip to content

Latest commit

 

History

History
96 lines (74 loc) · 3.69 KB

README.md

File metadata and controls

96 lines (74 loc) · 3.69 KB

Issues MIT License LinkedIn

QR Exfil

A web-based no-fix (?) tool to exfiltrate data from a restricted environment using QR codes.
Install »

Table of Contents
  1. About The Project
  2. Installation
  3. Usage
  4. License
  5. Contact
  6. Acknowledgements

About The Project

Do you have RDP or VDI access, but no copy/paste, no outbound network, and need to exfiltrate some sensitive data? This tool provides a method to reliably move files from restricted environments such as these to your own machine. It's web-based, circumventing client-side security controls such as AV/EDR or application control, and usually performant enough to transfer moderately large files (50MB) in a reasonable amount of time (a few hours).

Installation

Run the following:

git clone https://github.com/hack3n/qr-exfil
pip3 install pyzbar pillow pybase64 opencv-python

What you need:

  • Some kind of desktop session on a remote machine
  • A Flipper or a rubber ducky USB

If you need to transfer files from a restricted physical machine as well:

  • A laptop to receive
  • USB video capture card
  • HDMI cable

Usage

Basic usage:

  • Prepare qr-exfil.html to display QR codes on your primary monitor, either within your remote session (RDP or VDI), or using a USB video capture card and displaying the camera on screen.
  • Run reader.py on your host.
  • Start the QR code output on the target.
  • Wait for it to complete, then exit with CTRL + C.
  • Use the util\dump-from-json.py script to get your output file on your host.

This repository includes a number of scripts and utilities that you may require:

  • reader.py - Reads your primary moniter for QR codes and dumps them to a raw.json file.
  • qr-exfil.html - The payload HTML that chunks and displays a local file in rotating QR codes.
  • util\dump-from-json.py - Reads the raw data from raw.json and outputs it to a file output.
  • util\find-missing-ids.py - Reads raw.json and checks that no chunks were missed by the reader.
  • util\make-ducky.py - Converts qr-exfil.html into a ruber ducky script payload to infil into your target environment.
  • util\make-ducky-hex-string.py - Sometimes VDI's can be sensitive with capital letters and special characters, so same as above, but as hex.
  • util\decode-hex.html - Intended to be manually typed out on the target environment to decode the hex inserted by the above script.

License

Distributed under the MIT License. See LICENSE.txt for more information.

Contact

Project Link: https://github.com/hack3n/qr-exfil

Acknowledgments