• Stars
    star
    275
  • Rank 149,796 (Top 3 %)
  • Language
    C
  • License
    GNU Lesser Genera...
  • Created over 8 years ago
  • Updated over 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A TCP packet diverter for Windows platform

divertTCPconn

Author: Arno0x0x - @Arno0x0x

This program is a fork of hwfwpass and simply proposes a slight modification in the way it runs. I made this fork to fit my specific needs which required a slight rewriting of the initial hwfwpass code.

DivertTCPconn relies on the windivert library and must be run with administrator rights on a Windows system of any kind.

What 'divertTCPconn' does

DivertTCPconn captures TCP incoming traffic on any network interface and, based on the TCP destination port, diverts the traffic to another local TCP port.

[WARNING]: divertTCPconn only works on TCP connection

Example: To divert incoming traffic initially aimed at port TCP-80 to another TCP port, for instance 8080:

c:\> divertTCPconn 80 8080

In which circumstances can it be useful

You can use this trick in a few situations:

  1. When certain local firewalls (eg: ZenWorks) blocks traffic to TCP port (eg: 445), divertTCPconn captures traffic before it reaches the local firewall and can then be redirected to another local port of your choice
  2. When a local service is already running on the local machine and is listening on a port you want to use (because, say it's the only port opened through another firewall you need to pass traffic through),divertTCPconn captures the traffic before the actual service and can then be redirected to another local port of your choice
  3. To screw things up like redirecting SSH or RDP traffic to a dumb port :-)

Usage

divertTCPconn original_dstport new_dstport [disablechecksum] [debug]

Examples:

c:\> divertTCPconn 445 8445 

c:\> divertTCPconn 8081 2020 disablechecksum debug

disablechecksum: when this parameter is set, it will disable the calculation of the TCP or IP checksums. It is useful when the network adapter driver does the checksum calculations (offload).

debug: print debug info on the screen about the original and modified traffic.

Release binary

The provided release binaries (compiled_binaries folder) should be good to go an any Windows system, they come along with the required DLL.

Compilation notes

In case you want to compile it by yourself, just open the Visual Studio solution file, it should compile straight away as all libs and dependencies are included.

You might want to update the WinDivert library:

  • Download most recent WinDivert lib from the official website
  • Update packages in windivert_32_lib or windivert_x64_lib directories
  • Copy the compiled windivert files (dll, sys) to the compiled divertTCPconn directory (32/64, debug/release)

Known problems, errors:

error: failed to open the WinDivert device (5)

Solution: Start the executable with administrator level privileges. Check if the DLL and SYS file is in the same directory.

error: msvcrxxx.dll is missing:

Solution: Download the corresponding Microsoft Visual Studio redistributable files, and either install it, or put the DLL's in the same directory where the divertTCPconn binary is.

  • msvcr110.dll -> Visual studio 2012
  • msvcr120.dll -> Visual studio 2013

Always install the same architecture (32/64 bit) of the DLL as it is the binary. Additional information: the windivert dll file has been compiled with VS2013, and divertTCPconn has been compiled with VS2015

Limitations:

  1. The bind shell should listen on the same interface where the service with original_dstport listens. The driver can't forward the traffic to the "non-existent" loopback interface.
  2. Only TCP traffic is supported at the moment.

More Repositories

1

DNSExfiltrator

Data exfiltration over DNS request covert channel
JavaScript
802
star
2

EmbedInHTML

Embed and hide any file in an HTML file
HTML
462
star
3

PowerShellScripts

Collection of PowerShell scripts
PowerShell
434
star
4

ShellcodeWrapper

Shellcode wrapper with encryption for multiple target languages
Python
410
star
5

WSC2

A WebSocket C2 Tool
Python
366
star
6

CSharpScripts

Collection of C# scripts
C#
326
star
7

NtlmRelayToEWS

ntlm relay attack to Exchange Web Services
Python
325
star
8

DBC2

DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication.
PowerShell
269
star
9

DNSDelivery

DNSDelivery provides delivery and in memory execution of shellcode or .Net assembly using DNS requests delivery channel.
PowerShell
148
star
10

TwoFactorAuth

Two Factor Authentication web portal written in PHP
PHP
119
star
11

TCPRelayInjecter

Tool for injecting a "TCP Relay" managed assembly into unmanaged processes
C++
119
star
12

WebDavC2

A WebDAV PROPFIND C2 tool
Python
116
star
13

ObfuscateCactusTorch

When CactusTorch meets WebDavDelivery and obfuscation
Python
64
star
14

TCPRelayInjecter2

Tool for injecting a "TCP Relay" managed assembly into an unmanaged process
C#
62
star
15

ReflectiveDnsExfiltrator

Data exfiltration using reflective DNS resolution covert channel
JavaScript
54
star
16

WebDavDelivery

A WebDAV PROPFIND covert channel to deliver payloads
Visual Basic
53
star
17

TermGate

A web application for running shell commands interactively on your server
PHP
21
star
18

BluecoatURLFilteringBypass

Bluecoat proxies URL filtering bypass PoC
JavaScript
14
star
19

MOBACMapsSources

Mobile Atlas Creator Additionnal map sources
11
star
20

NmapScripts

Collection of Nmap scripts
Lua
11
star
21

MultibyteEncodedShellcode

An AV evasion technique using multibyte xor encoding of shellcode
9
star
22

Docker-Dnscat2

Dockerfile and ressources for Dnscat2
Shell
8
star
23

GimmeTheFile

Proof of concept for bypassing corporate web proxies filtering and antiviruses
PHP
8
star
24

DeliverXLLviaHTML

Deliver encrypted XLL embeded in HTML file
7
star
25

Docker-Socator

Dockerfile and ressources for Socat + Tor
Shell
7
star
26

ShellScripts

Collection of shell scripts
Shell
6
star
27

HttpProxy

A simple HttpProxy for NodeJS
JavaScript
6
star
28

Docker-Cryptpad

Dockerfile and ressources for CryptPad application
JavaScript
5
star
29

Docker-DBC2

Dockerfile and ressources for DBC2
1
star
30

Docker-Koadic

Dockerfile and ressources for Koadic
1
star