Data Exfiltration without ever making a connection. Using TCP header space.

Related tags

Networkingtcpwned
Overview

TCPwned

PoC toy code to exfiltrate data without ever making a TCP connection. This will never show up in firewall logs, much less, actually be monitored as there is never even a valid TCP session. This is pretty obscure, and requires raw sockets on the victim, but if it is sensitive enough, this could be useful. Network middleboxes will break this if they are full proxies, meaning there is a connection from client to proxy, and a separate connection from proxy to server.

Example Video

Method

We are using the two-byte window field in the TCP header, and crafting packets that place chunks of data into that field and send SYN packets out. The remote side needs not run an actual service, and the server will actually send RST back to the client, but none of that matters. We are merely shipping data one-way to be reassembled. Considering there is no full handshake, this would be considered connectionless, and has no guarantee of delivery or validity. Similar to UDP transport.

Usage

Victim

Run the victim.py script to pull a secret and send it.

Attacker

Run the attacker.py script on a remote system. It will listen for 60 seconds and receive anything it hears on port 4444. After receiving the data, it will reassemble and print to screen.

Owner
Internet plumber, security engineer, distinguished engineer at Presidio. Husband, father, person. Brought to you by Carl's Jr.
GitHub Repository
Lightweight asyncio compatible utilities for consuming broker messages.

A simple asyncio compatible consumer for handling amqp messages.

Mehdi Kamani 3 Apr 10, 2022
Juniper SNMP Migrations For Python

Juniper SNMP Migrations This example will show how to use the PyEZ plugin for Nornir to build a NETCONF connection to a remote device validate that SN

Calvin Remsburg 1 Jan 07, 2022
CSP-style concurrency for Python

aiochan Aiochan is a library written to bring the wonderful idiom of CSP-style concurrency to python. The implementation is based on the battle-tested

Ziyang Hu 127 Dec 23, 2022
A p2p chat app for zephyr

A p2p chat app for zephyr

L3gacy B3ta 4 Jun 02, 2021
Dos attack a Bluetooth connection!

Bluetooth Denial of service Script made for attacking Bluetooth Devices By Samrat Katwal. Warning This project was created only for fun purposes and p

Samrat 1 Oct 29, 2021
A Python Tor template on Gitpod

A Python Tor template on Gitpod This is template configured for ephemeral development environments on Gitpod. prebuild Get Started With Your Own Proje

Ivan Yastrebov 1 Dec 17, 2021
Truetool - A TrueCharts automatic and bulk update utility

truetool A easy tool for frequently used TrueNAS SCALE CLI utilities. Previously

TrueCharts 125 Jan 04, 2023
A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

A Scapy implementation of SMS-SUBMIT and (U)SIM Application Toolkit command packets.

mnemonic 83 Dec 11, 2022
PyBERT is a serial communication link bit error rate tester simulator with a graphical user interface (GUI).

PyBERT PyBERT is a serial communication link bit error rate tester simulator with a graphical user interface (GUI). It uses the Traits/UI package of t

David Banas 59 Dec 23, 2022
It can be used both locally and remotely (indicating IP and port)

It can be used both locally and remotely (indicating IP and port). It automatically finds the offset to the Instruction Pointer stored in the stack.

DiegoAltF4 13 Dec 29, 2022
Simulate Attacks With Mininet And Hping3

Miniattack Simulate Attacks With Mininet And Hping3 It measures network load with bwm-ng when the net is under attack and plots the result. This demo

Geraked 3 Oct 03, 2022
Multipurpose Growtopia Server tools, can be used for newbie to learn things.

Multipurpose Growtopia Server tools, can be used for newbie to learn things.

FelixF 3 Dec 01, 2021
A simple implementation of an RPC toolkit

Simple RPC With Raw Sockets Repository for the Data network course project: Introduction In this project, you will attempt to code a simple implementa

Milad Samimifar 1 Mar 25, 2022
An curated collection of awesome resources about networking in cybersecurity

An ongoing curated collection of awesome software, libraries, frameworks, talks & videos, best practices, learning tutorials and important practical resources about networking in cybersecurity

Paul Veillard, P. Eng 7 Nov 30, 2022
jarbou3 is rat tool coded in python with C&C which can accept multiple connections from clients

jarbou3 Jarbou3 is rat tool with coded in python with C&C which can accept multi

youhacker55 108 Dec 29, 2022
Send files to your friends over network! (100mb max)

PyServed v2.0.1 Made by Shaurya Pratap Singh Installation Using pip(for stable releases.) - $ pip install pyserved Using Git (for latest updates) -

Sblip.dev 4 Mar 22, 2022
Keep your application settings in sync (OS X/Linux)

Mackup Keep your application settings in sync. Table of content Quickstart Usage What does it do Bullsh*t, what does it really do to my files Supporte

Laurent Raufaste 12.8k Jan 08, 2023
This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all the available IP addresses with their MAC addresses on your current Network.

This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all t

Abhinandan Khurana 1 Feb 09, 2022
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package

Build custom OSINT tools and APIs with this python package - It includes different OSINT modules (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whoi

QeeqBox 52 Jan 06, 2023
Secure connection between tenhou Window client and server.

tenhou-secure The tenhou Windows client looks awesome. However, the traffic between the client and tenhou server is NOT encrypted, including your uniq

1 Nov 11, 2021