Home

Awesome

P4wnP1 - WiFi covert channel - Client agent (experimental Proof of Concept) by MaMe82

Experimental client agent for P4wnP1 WiFi covert channel. The channel communicates via 802.11 Probe Requests and Responses. This means it doesn't depend on the client beeing associated with any WiFi network. Additionally the covert channel doesn't depend on the 802.11 frequency (channel) in use, in case the client is connected to an existing WiFi. The agent doesn't need elevated user privileges to work, as it utilitzes unprivileged functions of the Win32 Native WiFi API.

The code isn't cleaned so far and is considered experimental not stable.

Implementation is done in a NET based dynamic library, to allow easy loading and invocation from an existing PowerShell runspace (has to be loaded from a 32 bit PowerShell).

The PoC binds a SubProcess to the channel (cmd.exe), once it is up and running.

The code includes an executable PE file (WiFiTest), which isn't used by the final payload. The entry method of the DLL is NWiFi.NativeWifi.run() !

This is a PoC - What this is not:

Additional details