sensepost / DET

(extensible) Data Exfiltration Toolkit (DET)
MIT License
819 stars 189 forks source link

AES256 Encryption #3

Closed ryanohoro closed 8 years ago

ryanohoro commented 8 years ago

Created AES encryption/decryption functions and removed XOR in both the python and powershell versions. Encryption was moved from the plugins back to det.py so the raw files are encrypted first. This prevents payloads from having to be a multiple of a block length, conflicts with very small payload sizes and reducing the impact of payload size randomization.

PaulSec commented 8 years ago

Hey there,

First of all, thanks a lot for your pull request(s). I checked the AES implementation and that works perfectly, kudos!

However, only the payload is encrypted and the rest of the data can be retrieved easily by base64 decoding the packet. What would you think, instead, about encrypting the entire data and transmitting it? Keen to discuss about this.

Cheers!

ryanohoro commented 8 years ago

Well, my first thought was to do a second encryption operation for the header, but for the register packet, which is pretty long already, the filename field is arbitrary which makes separating the two sections difficult. Ultimately the objective was to preserve the capability of packet length randomization, but if you don't mind all packets being a multiple of 16 bytes, I could move the encryption to the send/receive functions. Otherwise some design changes are in order for the headers.

PaulSec commented 8 years ago

I see, that makes sense now :+1: