Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
July 21, 2017, 02:49:59 14:49


Login with username, password and session length


Pages: [1]
Print
Author Topic: How to copy files without being traced?  (Read 406 times)
0 Members and 1 Guest are viewing this topic.
automotivesharekb
Inactive

Offline Offline

Posts: 4

Thank You
-Given: 6
-Receive: 3


« on: July 09, 2017, 07:23:36 07:23 »

Hello all,

Just want to know how can we copy files from one computer without being traced? Win7 with bitlocker - so no usb boot possible.
If we create a temp server on target computer and then access it from other computer - will it be traced?
Ex: Python's inbuilt server script

What are your views?
Logged
bobcat1
Active Member
***
Offline Offline

Posts: 160

Thank You
-Given: 1433
-Receive: 30


« Reply #1 on: July 09, 2017, 09:01:14 09:01 »

Hi
Use HTML email server like gmail
open new email & attache a file - don't send it, save the email (in gmail sever)
on the other side reopen the email and down load the file
(only work 's if you have internet access on the local machine)

All the best

Bobi
Logged
automotivesharekb
Inactive

Offline Offline

Posts: 4

Thank You
-Given: 6
-Receive: 3


« Reply #2 on: July 09, 2017, 07:05:53 19:05 »

Thank you Bobi,

But the data is huge and email is not option... Sad
Logged
SB7
Active Member
***
Offline Offline

Posts: 232

Thank You
-Given: 119
-Receive: 555


Cry Havoc and let slip the dogs of war


« Reply #3 on: July 09, 2017, 09:51:33 21:51 »

Small possibility ..If you have bitlocker user password , and are not running TPM ( highly unlikely) you could try dislocker on a boot USB . It should decrypt the drive into a virtual NFTS volume.
If you are running Bitlocker/TPM then I'm afraid to use dislocker you would need the Bitlocker recovery password. 
In my younger days I got the IT guy to cough up the AD recovery password because I "needed" to run system restore...and of course I needed to disable bitlocker for that :-)

Depending on your setup , IMHO I'm afraid you don't have too many options.
Logged
optikon
Cracking Team
Hero Member
****
Offline Offline

Posts: 658

Thank You
-Given: 554
-Receive: 1823


« Reply #4 on: July 10, 2017, 01:21:47 01:21 »

Hello all,

Just want to know how can we copy files from one computer without being traced? Win7 with bitlocker - so no usb boot possible.
If we create a temp server on target computer and then access it from other computer - will it be traced?
Ex: Python's inbuilt server script

What are your views?


If I recall, bitlocker protection has been cracked, decryption software available. Does that help?
Logged

I can explain this to you. I can't comprehend it for you.
fpgaguy
Junior Member
**
Offline Offline

Posts: 89

Thank You
-Given: 105
-Receive: 87


« Reply #5 on: July 10, 2017, 09:26:06 21:26 »

couple things you can try

1/ transfer over serial port via xmodem/zmodem, etc

2/ If you don't have physical access but have video access you can use something called paperback which puts up a ecc'd bitmap on the screen (think large QR code) - you will need to be able to install a binary and make some modifications to it - then take 1000's of screenshots or record video and postprocess
(see ollydbg.de/Paperbak/index.html) - similarly you cant print that copy if possible.

3/ install a VM with vmware which will likely allow you to mount a USB image

4/ add another system to the network with an email server that accepts large files, and point your email client there

there's always a method

Logged
automotivesharekb
Inactive

Offline Offline

Posts: 4

Thank You
-Given: 6
-Receive: 3


« Reply #6 on: July 11, 2017, 07:56:55 19:56 »

Small possibility ..If you have bitlocker user password , and are not running TPM ( highly unlikely) you could try dislocker on a boot USB . It should decrypt the drive into a virtual NFTS volume.
If you are running Bitlocker/TPM then I'm afraid to use dislocker you would need the Bitlocker recovery password. 
In my younger days I got the IT guy to cough up the AD recovery password because I "needed" to run system restore...and of course I needed to disable bitlocker for that :-)

Depending on your setup , IMHO I'm afraid you don't have too many options.


Thank you SB7

I have heard about dislocker but not yet tried. I could not find the direct bootable USB with dislocker. Do you have some leads?

Posted on: July 11, 2017, 07:53:50 19:53 - Automerged

couple things you can try

1/ transfer over serial port via xmodem/zmodem, etc

2/ If you don't have physical access but have video access you can use something called paperback which puts up a ecc'd bitmap on the screen (think large QR code) - you will need to be able to install a binary and make some modifications to it - then take 1000's of screenshots or record video and postprocess
(see ollydbg.de/Paperbak/index.html) - similarly you cant print that copy if possible.

3/ install a VM with vmware which will likely allow you to mount a USB image

4/ add another system to the network with an email server that accepts large files, and point your email client there

there's always a method



hello fpgaguy,

Thank you for the paperback idea... I am having doubt of these methods, it might be easily traced.

Posted on: July 11, 2017, 07:55:00 19:55 - Automerged

If I recall, bitlocker protection has been cracked, decryption software available. Does that help?


Dear optikon, thank you for the reply. I have heard about it but not sure where to get the actual software. I googled for few, but most of them needs the harddisk to be removed from original machine and use it in other machine. If any bootable solution exists with USB or net boot - will be useful.
Logged
SB7
Active Member
***
Offline Offline

Posts: 232

Thank You
-Given: 119
-Receive: 555


Cry Havoc and let slip the dogs of war


« Reply #7 on: July 12, 2017, 01:11:43 01:11 »

auto...  one the best forensic linux disks is caine live USB>CD, it has dislocker complied and built in , along with tons of other excellent tools.
Cracking bitlocker usually requires a memory dump or hib file, ( unless brute forcing , which really isn't an option.. as it's normally AES-XTS ( CBC)  with diffuser etc) )  which would normally require file/application installation or at least copying , all of which would be logged.. hence why a forensic approach , on an unmounted OS is advisable.
On our global enterprise , everything a user does is logged.. and I mean everything ...Being a "backup IT guy" allows me to see , in real time everything a user does without their knowledge ( as they consented the minute they joined us... All hardware activity, every file accessed and when, all the way web traffic ,including SSL decryption, behavioral monitoring tools that can correlate seeming unrelated events across the enterprise.   ...If people only knew .. 
Step lightly as you might never know just what is being tracked.
« Last Edit: July 12, 2017, 01:16:19 01:16 by SB7 » Logged
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC