Option Explicit On
Option Strict On
Imports Tamir.IPLib
Imports Tamir.IPLib.Packets
Imports System
Imports System.Text
'''
''' Simple Port Knocking Deamon PoC
''' Ferruh Mavituna - http://ferruh.mavituna.com
'''
'''
'''
''' Doesn't implement encryption
''' Doesn't implement clearing old unfinished sequences which will cause memory issues.
''' Be sure that you are listening to correct interface
''' Requires :
''' Shappcap - http://www.tamirgal.com/home/dev.aspx?Item=SharpPcap
''' WinpCap - 3.1+
'''
''' = Client Example =
''' foreach i [list 50000 50001 50002] {
''' hping send "ip(daddr=192.168.1.13)+tcp(sport=$i,dport=$i,flags=s)"
''' }
'''
'''
Module DramaBridge
'''
''' Port Sequence
'''
'''
Private SesameKey() As Integer = {50001, 50002, 50003}
Sub Main()
Dim Devices As PcapDeviceList = SharpPcap.GetAllDevices()
If (Devices.Count < 1) Then
Console.WriteLine("No device found on this machine")
Return
End If
For devIndex As Integer = 0 To Devices.Count - 1
Dim Device As PcapDevice = Devices(devIndex)
Console.WriteLine("{0}) {1}", devIndex, Device.PcapDescription)
Console.WriteLine()
Console.WriteLine("Name:{0}", Device.PcapName)
Console.WriteLine("IP Address: {0}", Device.PcapIpAddress)
Console.WriteLine("kwinpcapk: {0}", Device.PcapLoopback)
Console.WriteLine()
Next devIndex
Dim CaptureDevice As PcapDevice = SharpPcap.GetAllDevices(1)
Console.WriteLine("Listening :" & CaptureDevice.PcapIpAddress)
With CaptureDevice
AddHandler CaptureDevice.PcapOnPacketArrival, AddressOf PacketArrived
.PcapOpen(True, 1000)
Dim PortFilter As String
If SesameKey.Length = 0 Then
Console.WriteLine("You need to supply a sequence!")
Return
End If
For i As Integer = 0 To SesameKey.Length - 1
PortFilter &= "port " & SesameKey(i).ToString()
If Not (i = SesameKey.Length - 1) Then
PortFilter &= " or "
End If
Next i
Dim Filter As String = "ip and tcp and dst host " & .PcapIpAddress() & " and (" & PortFilter & ")"
.PcapSetFilter(Filter)
Console.WriteLine("Filter: {0}", Filter)
.PcapStartCapture()
Console.ReadLine()
.PcapStopCapture()
Console.WriteLine("Stopped")
.PcapClose()
End With
Console.ReadKey()
End Sub
Private Sub PacketArrived(ByVal sender As Object, ByVal packet As Packet)
Dim TCPPacket As TCPPacket = DirectCast(packet, TCPPacket)
With TCPPacket
Console.WriteLine((.SourceAddress() & ":" & .SourcePort()).PadRight(30) & " > " & .DestinationAddress() & ":" & .DestinationPort())
For keyIndex As Short = 0 To CShort(SesameKey.Length - 1)
If SesameKey(keyIndex) = .DestinationPort() Then
AddToCache(.SourceAddressAsLong, keyIndex)
End If
Next
End With
End Sub
Private States As New Dictionary(Of Long, PacketInformation)(1000)
'''
''' Adds source IP addresses to cache.
'''
''' The source IP.
''' The pos.
Private Sub AddToCache(ByVal sourceIP As Long, ByVal pos As Short)
If Not States.ContainsKey(sourceIP) Then
'If this is first key add to state
If pos = 0 Then
Console.WriteLine("Added IP : " & sourceIP)
States.Add(sourceIP, New PacketInformation(0))
End If
Else
'If right position of the key supplied as correct increase the valid pos
If States(sourceIP).KeyIndex = pos - 1 Then
Console.WriteLine("Moved Pos : " & pos)
States.Item(sourceIP).KeyIndex = pos
'You got it!
If pos = SesameKey.Length - 1 Then OpenSesame(sourceIP)
Else
' Wrong remove the IP (this can cause DoS if attack know this port, need to spoof packets though)
States.Remove(sourceIP)
End If
End If
End Sub
Private Sub OpenSesame(ByVal IPAddress As Long)
Console.WriteLine("Gate opened Hasan - {0}", IPAddress)
End Sub
'''
''' Stores IP address and Cached Time
'''
Private Class PacketInformation
Public KeyIndex As Short
Private AddedTime As DateTime
Public Sub New(ByVal keyIndex As Short)
Me.AddedTime = Now
Me.KeyIndex = keyIndex
End Sub
End Class
End Module