A simple realization of SSH reverse tunnel.
Ghost Tunnel is a covert backdoor transmission method, hiding payload in 802.11 Probe-Request and Beacon frames. As it is in the first 3 steps connecting to an AP, it can transfer payload in isolated environments(need physical access first) and bypass firewall. In P4wnP1, it is called WiFi Covert Channel.
To know the principle better, I wrote a Go version.
Inspired by Transferring Backdoor Payloads with BMP Image Pixels, I write a Go version demo
Although it seems not as new and dangerous as can be, concealing payload into bmp pixels to bypass AV is really insteresting.
Recently, I captured a phishing attack sample stealing Tencent QQ users’ passwords, which begins from a stored XSS vulnerability of Kuwo-Music.
AssassinGo is an extensible and concurrency infomation gathering and vulnerability scanning framework in Go.
Just for learn.