During a DLP (Data Loss Prevention) audit, I had to find a way to physically copy files off a Windows computer that had all forms of USB storage blocked. While enumerating USB policies, I noticed that, from my black-box perspective, only policies against storage devices were in place. Using a microcontroller and a neat browser feature called WebSerial, I found a way to exfiltrate documents without installing any additional software. This post tells the journey of that discovery.
Sometimes programs do not have a proxy option and/or ignore the system-wide proxy. In this case, you can try a tool like proxychains. Despite this, some developers want to hide something so badly that they even ignore or circumvent such options. For those cases, or just for convenience, you need to interact with the traffic after it has left your client. This guide will show you how to set up mitmproxy on a Raspberry Pi 4 to sniff both ethernet and Wi-Fi traffic.
Together with the camera from my D-Link DCS-5222L post, I bought a D-Link DNR-322L. This is a network recorder/NAS for D-Link cameras. During the break I took from pwning the camera, I looked at this device instead and rather quickly found a way to run code. As always I try to document what I did step by step rather than just show you the exploit.