PAYLOAD: ICMP Data Exfiltration - USB Rubber Ducky/Exfiltration [PAYLOAD MINUTE]
Вставка
- Опубліковано 13 гру 2023
- Delving into the ICMP Data Exfiltration payload by TW-D for the USB Rubber Ducky, this time on [PAYLOAD MINUTE]
Payloads → payloads.hak5.org
____________________________________________
Hak5: Cyber Security Education, Inspiration & Community since 2005.
____________________________________________
Shop → hakshop.myshopify.com/
Subscribe → ua-cam.com/users/Hak5Darr...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - Наука та технологія
I tried this. There's now a van with "Flowers By Irene" parked outside me house... how long does it take to deliver flowers?
Ha didn't know about space before command trick, quite fun! Btw I don't know what are you doing with video encoding/colors but it now has some 90s vibe which looks cool! :)
VERY very GOOD video
Thnx Darren! 🎉
Awesome man!
Thank you 👍
Great content creator
Interesting method
Fascinating
Would be nice to have a link to the actual payload to see what it actually does and maybe try it out.
a variant of this technique was presented at a very early toorcon in san diego and at defcon 10… called icmp moonbounce
There's an entire ICMP overlay network, called Project Loki, described in phrack 49-6 too. And implementation discussed in phrack 51-6. ICMP is very cool for bypassing firewalls and the like and this payload could be reshaped to send much larger fragments at a time.
@@catatonicprimeagreed.
very cool. Can we do the same thing with DNS on a windows machine. Be good to get authentication tokens this way.
DNS tunneling is a well-known technique.
Looks alot like the exfil with the dns protocol.
Can it be done on windows 10 and 11?
how to i change keyboard layout
U removed video!?
I tried this and it was all in the logs.
having it use tor would be nice, combine it with evercookie and store it in 7 places would be another session grabber, putting it on mbr part or in ufei areas could make it more resilient like logofail, lastly make it immutable with a flag switch to harden it a bit more #idle chattr
IPS firewalls will catch this as the signature is clear.
that's good to hear. would encrypting the data before transmission help, or is it that there's any extra data in the ICMP packet as compared to what modern machines send?
@@DarrenKitchen the extra data, and basically the way they re-assemble the payload as they scan the icmp replies should be enough to catch it.
A more effective approach involves synchronizing clocks and transmitting a standard ping packet within a designated time frame to convey a single bit's status. While this method may be slower, it significantly enhances the difficulty of detection and decoding, making it challenging for anyone to discern what's going on beyond a typical ping.
I would try hex-encoding the data and using the output values to vary the size of the ICMP packets.
hi
Ping!
Patrick Bateman