An experimental packet tunnelling bind shell using obscure techniques to evade IDS/IPS.
- TCP/UDP (source port encoding)
- ICMP (payload)
- SCTP (chunkdata)
- IPSEC (esp)
- Netflow (V5, netflow record source port encoding)
- Netbios (NBNSQueryRequest, question_name)
NOTE:
- Data encryption is used where applicable.
- Invalid use of protocols should be detected by a properly configured SIEM. (Which is very much the case for the options above!)
Requirements
- python3
- scapy
Usage
root@kali:/opt/potatun# python3 potatun.py -h
usage: potatun.py [-h] [-i I] [-t T] [-m M]
potatun - an experimental packet tunnelling bind shell.
optional arguments:
-h, --help show this help message and exit
-i I send interface (eth0)
-t T send ip:port (10.10.10.1:443)
-m M tunnel mode (udp-c/udp-s, tcp-c/tcp-s, icmp-c/icmp-s,
sctp-c/sctp-s, ipsec-c/ipsec-s, netflow-c/netflow-s, netbios-c/netbios-s)
Netflow (v5 record source port encoding)
UDP (source port encoding)
TCP (source port encoding)
SCTP (chunkdata)
ICMP (payload)
IPSEC (esp)
NetBIOS (NBNSQueryRequest)
Disclaimer
Don't use this script in real-life, bind shells are sketchy, it's purely for research/experimentation, there are a ton of other safe/stable open source options.
Enjoy~