A Dropbox, sometimes also called a Jump Box, is a small device that you can hide somewhere within the physical location that you are targeting. Getting the device into the location will sometimes take other skills, such as social engineering, or even a little breaking and entering, to get the device into the location. A Dropbox can also be a box sent by the Security Consultant firm to be installed on a network for pen testing from a remote location.
These days, small, fully-fledged computers are cheap and easy to configure. There are also devices on the market that are specifically designed for this use and are ready to go right out of the box. The Raspberry Pi is a small computer on a board that runs a full Linux distro and can be configured for this work. Two devices made for this use are the Wi-Fi Pineapple and the Pwnie Express. The Wi-Fi Pineapple is our personal favorite. It comes with two separately configurable Wi-Fi access points and a CAT5 interface. It is only slightly larger than a pack of cigarettes. Having the two Wi-Fi radios and a CAT5 connector makes this device capable of connecting and pivoting from any network.
So, now you have to sneak this onto the network. For a wired network, a perennial favorite intrusion is the friendly telco guy approach. Employee badges can be easily found for various companies on the Internet. Making a badge is also an easy process. You can find out who provides telco services for your target during your passive footprinting phase. Once you have your badge, you show up at the target location carrying your tool bag and laptop, go to the front desk and say "Hi I'm here from Telco Provider. We had a ticket turned in that the Internet is running slow." You'll be surprised how easily this works to get in the door and be lead directly to the Phone Closet. Once in the Phone Closet, you can hide and connect your preconfigured Dropbox. When it fires up, it phones home and you are in!
For a less intrusive method, if your target has Wi-Fi in the office, you can use it as your attack vector. This is where the two Wi-Fi radios come in to play. One can be used to attack and connect to the target network and the other can be used as your connection to pivot from. The folks at Pineapple will even sell you a battery that lasts around 72 hours. With this arrangement, your "evil package" can even be easily hidden in the bushes and run without AC power. Captured data can also be copied to a flash card on the device, if being in the area during your attack isn't feasible and you can't phone home to the evil server.
When doing your physical recon of a location, look for cabling running outside the building. Sometimes, when expansions are done at a location, the people running the cable will run a drop on the outside of a building just to make the installation easier, but as we see, this leaves a door open to attack. With a good hiding place, a couple of RJ45 connectors, and a cheap switch, you can get access to a wired network.