Last active
January 16, 2020 17:17
-
-
Save VitorDiToro/4c03cc34ba942827f274781ca0fd07a4 to your computer and use it in GitHub Desktop.
Poc to validate if has an RDP connection and get the client IP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _WINSOCK_DEPRECATED_NO_WARNINGS | |
| #define WIN32_LEAN_AND_MEAN | |
| #include <iostream> | |
| #include <string> | |
| #include <winsock2.h> | |
| #include <ws2tcpip.h> | |
| #include <iphlpapi.h> | |
| #include <combaseapi.h> | |
| #pragma comment(lib, "iphlpapi.lib") | |
| #pragma comment(lib, "ws2_32.lib") | |
| #define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x)) | |
| #define FREE(x) HeapFree(GetProcessHeap(), 0, (x)) | |
| HRESULT GetRDPClientAddress(const int RDPPort, std::wstring &IPaddress) | |
| { | |
| HRESULT hr = E_NOTIMPL; | |
| PMIB_TCPTABLE2 pTcpTable; | |
| ULONG ulSize = sizeof(MIB_TCPTABLE); | |
| DWORD dwRetVal = 0; | |
| char szRemoteAddr[128]; | |
| PWSTR ptAddr; | |
| struct in_addr IpAddr; | |
| pTcpTable = (MIB_TCPTABLE2 *) MALLOC(sizeof(MIB_TCPTABLE2)); | |
| if (pTcpTable == NULL) | |
| { | |
| std::wcout << L"\tGetRDPClientAddress: Error allocating memory" << std::endl; | |
| return 1; | |
| } | |
| // Make an initial call to GetTcpTable2 | |
| // to get the necessary size into the ulSize variable | |
| dwRetVal = GetTcpTable2(pTcpTable, &ulSize, TRUE); | |
| if (dwRetVal == ERROR_INSUFFICIENT_BUFFER) | |
| { | |
| FREE(pTcpTable); | |
| pTcpTable = (MIB_TCPTABLE2 *) MALLOC(ulSize); | |
| if (pTcpTable == NULL) | |
| { | |
| std::wcout << L"\tGetRDPClientAddress: Error allocating memory" << std::endl; | |
| return 1; | |
| } | |
| } | |
| // Make a second call to GetTcpTable2 | |
| // to get the actual data we require | |
| dwRetVal = GetTcpTable2(pTcpTable, &ulSize, TRUE); | |
| if (dwRetVal == NO_ERROR) | |
| { | |
| for (int i = 0; i < (int) pTcpTable->dwNumEntries; i++) | |
| { | |
| if ((ntohs((u_short) pTcpTable->table[i].dwLocalPort) == RDPPort) && | |
| (pTcpTable->table[i].dwState == MIB_TCP_STATE_ESTAB)) | |
| { | |
| IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr; | |
| strcpy_s(szRemoteAddr, sizeof(szRemoteAddr), inet_ntoa(IpAddr)); | |
| if (strstr("0.0.0.0", szRemoteAddr) == 0) | |
| { | |
| size_t len = strlen(szRemoteAddr); | |
| ptAddr = static_cast<PWSTR>(CoTaskMemAlloc(sizeof(wchar_t) * (len + 1))); | |
| MultiByteToWideChar(CP_ACP, 0, szRemoteAddr, -1, ptAddr, 128); | |
| IPaddress = ptAddr; | |
| hr = 0; | |
| } | |
| } | |
| } | |
| } | |
| else | |
| { | |
| std::wcout << L"\tGetTcpTable2 failed with " << dwRetVal << std::endl; | |
| FREE(pTcpTable); | |
| return 1; | |
| } | |
| if (pTcpTable) | |
| { | |
| FREE(pTcpTable); | |
| pTcpTable = NULL; | |
| } | |
| return hr; | |
| } | |
| int main(void) | |
| { | |
| std::wstring ip; | |
| const int rdp_port = 3389; | |
| GetRDPClientAddress(rdp_port, ip); | |
| if (!ip.empty( )) | |
| { | |
| std::wcout << L"Has RDP connection by: " << ip.c_str( ) << std::endl; | |
| if (wcscmp(ip.c_str( ), L"10.25.27.108") == 0) | |
| { | |
| std::wcout << L"The IP is whitelisted =D" << std::endl; | |
| } | |
| else | |
| { | |
| std::wcout << L"The IP isn't whitelisted =X" << std::endl; | |
| } | |
| } | |
| else | |
| { | |
| std::wcout << L"Has no RDP connection!" << std::endl; | |
| } | |
| system("PAUSE"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment