GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released.
GhostTunnel use 802.11 Probe Request Frames and Beacon Frames to communicate and doesn’t need to establish a wifi connection. Exactly, it communicates by embedding data in beacon and probe requests. We publish the GhostTunnel server and windows agent implemented in c/c++.
The agent doesn’t need elevated privileges, it uses the system wifi api to send the probe request and receive the beacon. such as on windows, uses the Native WiFi API. So you can implement the corresponding agent on other platforms. The server runs on linux, you need one or two usb wifi card that supports monitor mode and packet injection to run it.
Also Read Getsploit v0.2.2 – Command Line Utility For Searching And Downloading Exploits
./ghosttunnel [interface]
./ghosttunnel [interface1] [interface2]
COMMANDS:
sessions = list all clients
use = select a client to operate, use [clientID]
exit = exit current operation
wget = download a file from a client, wget [filepath]
quit = quit ghost tunnel
help = show this usage help
apt-get install pkg-config libnl-3-dev libnl-genl-3-dev
server:
cd src
make
windows client:
Microsoft Visual Studio 2015
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…