How to Transfer Data via Monitor Pixel Color Values (Monitor Screen as Covert channel)
Assume that you want to transfer data from one machine to another machine. If you use public email services, FTP or any other protocols, you will be easily get caught by software implemented like DLP(Data loss prevention). So, here we can Exfiltrate data via monitor pixel color values(Monitor Screen as Convert channel).
Data Exfiltration Scenario: Attacker has windows 10 machine located in India and same machine with VMware console or VNC running with another windows 10 located in united states.Now Assume India wants to send data to united states.
Display protocols such as RDP are blocked, such that it is not possible to transfer files.Here we can use Screen Interfaces as Channel for data exfiltration.
Download the PTP RAT HERE
PTP-RAT is a proof-of-concept tool for exfiltrating data over screen interfaces, it encodes data in pixel color values and flashing the remote screen to send the exfiltrated data.Each screen flash starts with a header that allows data theft via the screen.
PTP-RAT Client
- Above Figure illustrates the windows 10 located in united states with PTP-RAT is acting as Client to receive data from screen interface.
- The receiver is activated, it is waiting for a reply from PTP server to complete Sampling process with the Nyquist rate.
- Successful completion of sampling process will deliver exfiltrated data via the screen.
NOTE: Nyquist rate is the minimum rate at which a signal can be sampled without introducing errors.