Kali Linux

Pulsar : Data Exfiltration And Covert Communication Tool

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets 

Setting up Pulsar

First, getting the code from repository and compile it with following command:

$ cd pulsar
$ export GOPATH=$(shell pwd)
$ go get golang.org/x/net/icmp
$ go build -o bin/pulsar src/main.go

or run:

$ make

Connectors

A connector is a simple channel to the external world, with the connector you can read and write data from different sources.

  • Console:
    • Default in/out connector, read data from stdin and write to stdout
  • TCP
    • Read and write data through tcp connections

tcp:127.0.0.1:9000

UDP

  • Read and write data through udp packet

udp:127.0.0.1:9000

ICMP

  • Read and write data through icmp packet

icmp:127.0.0.1 (the connection port is obviously useless)

You can use option –in in order to select input connector and option –out to select output connector:

–in tcp:127.0.0.1:9000
–out dns:fkdns.lol:2.3.4.5:8989

Handlers

A handler allows you to change data in transit, you can combine handlers arbitrarily.

  • Stub:
    • Default, do nothing, pass through
  • Base32
    • Base32 encoder/decoder

–handlers base32

You can use the –decode option to use ALL handlers in decoding mode

–handlers base64,base32,base64,cipher:key –decode

Example

In the following example Pulsar will be used to create a secure two-way tunnel on DNS protocol, data will be read from TCP connection (simple nc client) and resend encrypted through the tunnel.

[nc 127.0.0.1 9000] <–TCP–> [pulsar] <–DNS–> [pulsar] <–TCP–> [nc -l 127.0.0.1 -p 9900]

$ ./pulsar –in tcp:127.0.0.1:9000 –out dns:test.org@192.168.1.199:8989 –duplex –plain in –handlers ‘cipher:supersekretkey!!’
$ nc 127.0.0.1 9000

R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

8 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

8 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

8 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

1 day ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

1 day ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

1 day ago