Data Exfiltration without ever making a connection. Using TCP header space.

Related tags

Networkingtcpwned
Overview

TCPwned

PoC toy code to exfiltrate data without ever making a TCP connection. This will never show up in firewall logs, much less, actually be monitored as there is never even a valid TCP session. This is pretty obscure, and requires raw sockets on the victim, but if it is sensitive enough, this could be useful. Network middleboxes will break this if they are full proxies, meaning there is a connection from client to proxy, and a separate connection from proxy to server.

Example Video

Method

We are using the two-byte window field in the TCP header, and crafting packets that place chunks of data into that field and send SYN packets out. The remote side needs not run an actual service, and the server will actually send RST back to the client, but none of that matters. We are merely shipping data one-way to be reassembled. Considering there is no full handshake, this would be considered connectionless, and has no guarantee of delivery or validity. Similar to UDP transport.

Usage

Victim

Run the victim.py script to pull a secret and send it.

Attacker

Run the attacker.py script on a remote system. It will listen for 60 seconds and receive anything it hears on port 4444. After receiving the data, it will reassemble and print to screen.

Owner
Internet plumber, security engineer, distinguished engineer at Presidio. Husband, father, person. Brought to you by Carl's Jr.
GitHub Repository
Linkedin Connection Automation

Why spend an hour+ a week, connecting with the correct people on LinkedIn when you can go for lunch and let your computer do the hard work?

1 Nov 29, 2021
the objective of this project is to create a Node Js server with a Python client

Socket.io-Server-client Objective The objective of this project is to send data real time ,we use socket.io(server, client) on this project Server Nod

Reda Ennakouri 5 Mar 07, 2022
🎥 PYnema is a simple UDP server written in python, allows you to watch downloaded videos.

🎥 PYnema is a simple UDP server written in python, allows you to watch downloaded videos.

Jan Kupczyk 1 Jan 16, 2022
School Project using Python Sockets and Personal Encryption Method.

Python-Secure-File-Transfer School Project using Python Sockets and Personal Encryption Method. Installation Must have python3 installed on your syste

1 Dec 03, 2021
A simple hosts picker for Microsoft Services

A simple Python scrip for you to select the fastest IP for Microsoft services.

Konnyaku 394 Dec 17, 2022
The World Most Fastest Proxy Checker In Python, Maybe?!

The World's Most Fastest Proxy Checker In Python, Maybe?! Features Based on Python 3.7+ Save Valid Porixes into the custom file Multi-Thread Fully Asy

Cyber 4 Feb 10, 2022
Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies.

roblox-group-scanner Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies. Usage usage: s

h0nda 43 May 11, 2022
Roadster - Distance to Closest Road Feature Server

Roadster: Distance to Closest Road Feature Server Milliarium Aerum, the zero of

Textualization Software Ltd. 4 May 23, 2022
Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect

wifi-password Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect. Works on macOS and Li

Siddharth Dushantha 2.6k Jan 05, 2023
🐛 Self spreading Botnet based on Mirai C&C Arch, spreading through SSH and Telnet protocol.

HBot Self spreading Botnet based on Mirai C&C Arch, spreading through SSH and Telnet protocol. Modern script fullly written in python3. Warning. This

Ѵιcнч 137 Nov 14, 2022
Display ip2.network active live streams.

Display ip2.network active live streams.

Daeshon Jones 0 Oct 31, 2021
Top server mcpe Indonesia!

server_mcpe Top server mcpe Indonesia! install pkg install python pkg install git git clone https://github.com/Latip176/server_mcpe cd server_mcpe pip

Muhammad Latif Harkat 2 Jul 17, 2022
A simple chat room using socket and threading for handle multiple connections.

• Socket Chat Room was a little project for socket study. It works with a server handling the incoming connections from the clients. Clients send encoded messages while waiting for others clients mes

Guilherme de Oliveira 2 Mar 03, 2022
GNS3 Graphical Network Simulator

GNS3-gui GNS3 GUI repository.

GNS3 1.7k Dec 29, 2022
Desktop application for checking sites connection in a background mode

Site connectivity checker Desktop application for checking site connection in a background mode by sending ICMP messages. Problem and solution Usually

Karina Singatullina 26 Dec 19, 2022
A Python server and client app that tracks player session times and server status

MC Outpost A Python server and client application that tracks player session times and server status About MC Outpost provides a session graph and ser

Grant Scrits 0 Jul 23, 2021
An opensource library to use SNMP get/bulk/set/walk in Python

SNMP-UTILS An opensource library to use SNMP get/bulk/set/walk in Python Features Work with OIDS json list [Find Here](#OIDS List) GET command SET com

Alexandre Gossard 3 Aug 03, 2022
Ping Verification Python Script

Python Script Port Scanner Script WHAT IS IT? Port scanner script using Python. HOW IT WORKS Once the script has been executed, it will request the ta

AC 0 Dec 12, 2021
PySocks lets you send traffic through SOCKS proxy servers.

PySocks lets you send traffic through SOCKS proxy servers. It is a modern fork of SocksiPy with bug fixes and extra features. Acts as a drop-i

1.1k Dec 07, 2022
libsigrok stacked Protocol Decoder for TPM 2.0 transactions from an SPI bus. BitLocker Volume Master Key (VMK) are automatically extracted.

libsigrok stacked Protocol Decoder for TPM 2.0 transactions from an SPI bus. BitLocker Volume Master Key (VMK) are automatically extracted.

Jordan Ovrè 9 Dec 26, 2022