How to Transfer Data via Monitor Pixel Color Values (Monitor Screen as Covert channel)

0
transfer data

Assume that you want to transfer data from one machine to another machine. If you use public email services, FTP or any other protocols, you will be easily get caught by software implemented like DLP(Data loss prevention). So, here we can Exfiltrate data via monitor pixel color values(Monitor Screen as Convert channel).

Data Exfiltration Scenario: Attacker has windows 10 machine located in India and same machine with VMware console or VNC running with another windows 10 located in united states.Now Assume India wants to send data to united states.

Display protocols such as RDP are blocked, such that it is not possible to transfer files.Here we can use Screen Interfaces as Channel for data exfiltration.

Download the PTP RAT HERE

PTP-RAT is a proof-of-concept tool for exfiltrating data over screen interfaces, it encodes data in pixel color values and flashing the remote screen to send the exfiltrated data.Each screen flash starts with a header that allows data theft via the screen.

PTP-RAT Client

  • Above Figure illustrates the windows 10 located in united states with PTP-RAT is acting as Client to receive data from screen interface.
  • The receiver is activated, it is waiting for a reply from PTP server to complete Sampling process with the Nyquist rate.
  • Successful completion of sampling process will deliver exfiltrated data via the screen.

NOTE: Nyquist rate is the minimum rate at which a signal can be sampled without introducing errors.

PTP-RAT Server

  • Above Figure illustrates the India server with PTP-RAT is acting as a server to send data to a PTP-RAT receiver with flashing.
  • Click on the “Send file” button, and choose the file you want to send it.
  • When the file is sent, your screen will be flashed with a gray screen which denotes sampling signal process started.
  • Signal output file (exfiltrated data) will be transferred, a file-save dialog appears on the PTP-RAT receiver, and the file is saved.

NOTE: Flashing with gray screen denotes that sampling of a signal in progress.

Must Read Complete Kali Tools tutorials from Information gathering to Forensics

Transfer data over screen interfaces

  • Above Figure is called as Flashing or Signal Sampling.
  • The mouse pointer disappears and the screen begins to flash with a gray screen as the file is transmitted via the pixel color values.
  • It shows Confidential Data is exfiltrated with a gray screen.

Saving Exfiltrated Data

  • After successfully completing sampling process with the gray screen, a file-save dialog appears on the receiver, and the file is saved.
  • We have successfully received a file, GBhackersLogo.png from PTP sender.

PTP-RAT shows extreme bypass to implemented controls ( Hardware & Software Security Appliances).

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Disclaimer

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. The Authors and www.gbhackers.com  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.