UPS. The Undetectable Packet Sniffer. Introducing the TVSG Dev Team. AutoNiN – Software, Team Lead Spyder~1 – Hardware Mystic – Integration JustaBill – Organization. Concept. Place a stealthed hostile packet sniffer on a victim network. Physical concealment
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
The Undetectable Packet Sniffer
Place a stealthed hostile packet sniffer on a victim network. Physical concealment
is to hide in plain sight - posing as an Uninterruptible Power Supply (UPS). Network concealment involves clandestine exfiltration methods like Auto-IP Detection and encrypted UDP tunneling.
Our embedded system had only 1 Ethernet port, so we could not bridge two interfaces together. For simplicity's sake, we ripped a 10/100 hub out of its case and placed it inside ours. Runs off 5v DC, just like the embedded PC.
Thanks Fyodor, you rock!
ups.pl - Master Control Script
Auto-Identify Network (if Configured)
Confirm/Update System Settings
Contact Listening Post
4 Different Methods of Configuring IP:
1. No IP Mode (Dumb Sniffer)
2. Fixed IP Mode (Good for Testing)
3. DHCP Mode (Not very Stealthy!)
4. Stealth IP Mode (Auto-find Subnet/Gateway)
Various Shell Scripts
client.pl & server.pl
2 Different Methods of Communicating:
1. UDP/53 (looks like DNS) beacon to config server
2. TCP/80 (looks like HTTP) reverse shell to LP