While pivoting through a client's internal network, you compromise a Windows workstation located behind a strict egress-filtering firewall. Packet captures show that outbound TCP traffic is limited to ports 80 and 443, which are transparently proxied by a web-filtering appliance that performs only URL categorization-there is no SSL/TLS inspection. You have compressed several directories of proprietary CAD drawings that must be exfiltrated to your red-team server on the public Internet. Under these restrictions, which technique offers the most discreet and reliable path to move the data off-site without triggering security controls?
Use a passive-mode FTP client to push the files to an Internet-facing FTP server on port 21
Chunk the archives into HTTPS requests that mimic normal browser traffic over port 443
Request the firewall administrator temporarily open port 22 so you can SCP the data via SSH
Start a Netcat listener on port 1337 and stream the ZIP files in cleartext
Sending the files as encrypted HTTPS POST requests hides the payload inside traffic that already leaves the network every day. Because port 443 is open and the proxy does not break TLS, the content remains opaque to inspection, blending with ordinary browsing. FTP on port 21 and SSH on port 22 will be blocked outright, and a clear-text Netcat listener on a high port is both non-standard and easily detected.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is HTTPS and why does it bypass a web-filtering appliance in this scenario?
Open an interactive chat with Bash
Why is FTP on port 21 unsuitable for this kind of exfiltration?
Open an interactive chat with Bash
What makes manipulating HTTPS POST requests more discreet compared to using Netcat or SCP?