GhostTunnel – A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel – A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel is a covert backdoor transmission technique that can be utilized in an remoted atmosphere. It can assault the goal by the HID machine solely to launch the payload (agent), then the HID machine might be eliminated after the payload is launched.
GhostTunnel use 802.11 Probe Request Frames and Beacon Frames to speak and does not want to determine a wifi connection. Exactly, it communicates by embedding knowledge in beacon and probe requests. We publish the GhostTunnel server and home windows agent applied in c/c++. The agent does not want elevated privileges, it makes use of the system wifi api to ship the probe request and obtain the beacon. akin to on home windows, makes use of the Native WiFi API. So you may implement the corresponding agent on different platforms. The server runs on linux, you want one or two usb wifi card that helps monitor mode and packet injection to run it.


  • Covertness.
  • No interference with the goal’s current connection standing and communications.
  • Can bypass firewalls.
  • Can be used to assault strictly remoted networks.
  • Communication channel doesn’t rely on the goal’s current community connection.
  • Allow as much as 256 purchasers
  • Effective vary as much as 50 meters
  • Cross-Platform Support.
  • Can be used to assault any machine with wireless communication module, we examined this assault on Window 7 as much as Windows 10, and OSX.


  • Server Only want one or two wi-fi community playing cards that helps packet injection and monitor mode, like TP-LINK TL-WN722N, Alfa AWUS036ACH. Usage:
     ./ghosttunnel [interface]
     ./ghosttunnel [interface1] [interface2]
      classes = listing all purchasers
      use = choose a shopper to function, use [clientID]
      exit = exit present operation
      wget = obtain a file from a shopper, wget [filepath]
      give up = give up ghost tunnel
      assist = present this utilization assist
  • Client Release the payload to the goal system (solely home windows shopper revealed) and execute it.

Function Implementation

  • Shell command Create a distant shell.
  • Download file The file most dimension restrict is 10M and may solely obtain one file at a time.
  • You can add different capabilities as wanted.


Server Requirements

apt-get set up pkg-config libnl-3-dev libnl-genl-3-dev libpcap0.8-dev


 cd src
home windows shopper:
 Microsoft Visual Studio 2015


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.