-
Notifications
You must be signed in to change notification settings - Fork 0
/
Service1.cs
232 lines (202 loc) · 9.52 KB
/
Service1.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Linq;
using System.ServiceProcess;
using System.Text;
using System.Threading.Tasks;
using System.Net;
using System.Net.Sockets;
using Microsoft.Win32;
using System.Net.Mail;
using System.Threading;
using System.Net.Http;
using System.IO;
namespace RDP_Enabler
{
public partial class Service1 : ServiceBase
{
private System.Timers.Timer _timer;
private System.Timers.Timer _informTimer;
public System.DateTime _timerStartTime = DateTime.Now;
private readonly int _port = 10010; // Replace with your desired port number
private readonly string email_smtp_server = "smtp.yourserver.com"; // Replace this with your E-Mail SMTP server
private readonly string email_sending_address = "yourname@yourserver.com"; // Replace this with your E-mail address which you will use to send
private readonly string email_username = "yourname@yourserver.com"; // Replace this with your E-mail username to authenticate which you will use to send
private readonly string email_password = "yourpassword"; // Replace this with your password which you will use to send
private readonly int SMTP_PORT = 587; // This is 587 or 25 depending on your ISP.
private readonly string recivers_emailaddress = "reciver@domain.com"; // Replace this with the email address of the reciever. You can use the same sending address if you want to recieve in the same mailbox.
private TcpListener _tcpListener;
public bool couldNotSendMail = false;
public Service1()
{
InitializeComponent();
}
protected override async void OnStart(string[] args)
{
await Task.Delay(3000);
// Thread.Sleep(3000);
_tcpListener = new TcpListener(IPAddress.Any, _port);
_tcpListener.Start();
_tcpListener.BeginAcceptTcpClient(HandleTcpClient, _tcpListener);
_timer = new System.Timers.Timer();
_timer.Interval = 10 * 60 * 1000; // 10 minutes in milliseconds
_timer.AutoReset = true;
_timer.Elapsed += OnTimerElapsed;
_timer.Start();
_informTimer = new System.Timers.Timer();
_informTimer.Interval = 10 * 1000; // 10 seconds to try sending Inform
_informTimer.AutoReset = true;
_informTimer.Elapsed += InformOnTimerElapsed;
_informTimer.Start();
DisableRdpAccess();
InformStart();
}
private void InformOnTimerElapsed(object sender, System.Timers.ElapsedEventArgs e)
{
// Restart timer
InformStart();
}
private async void InformStart()
{
string publicIpAddress = await GetPublicIPaddress();
Console.WriteLine($"Public IP address: {publicIpAddress}");
if (publicIpAddress == null) { publicIpAddress = "NO EXTERNAL IP"; }
IPHostEntry hostEntry = Dns.GetHostEntry(Dns.GetHostName());
IPAddress serverIpAddress = hostEntry.AddressList.FirstOrDefault(ip => ip.AddressFamily == AddressFamily.InterNetwork);
if (serverIpAddress == null)
{
// Handle the case where the server's IP address could not be determined. You could also add a logger function here.
}
else
{
try
{
SendStartupMail(serverIpAddress.ToString() + " - PublicIP: " + publicIpAddress.ToString(), _port);
_informTimer.Stop();
}
catch
{
// Console.Write("CANNOT SEND EMAIL");
_informTimer.Start();
}
}
}
private void OnTimerElapsed(object sender, System.Timers.ElapsedEventArgs e)
{
// Check if there has been any RDP activity in the past 15 minutes
// If not, disable RDP access here
DisableRdpAccess();
// Restart timer
_timer.Start();
}
protected override void OnStop()
{
_tcpListener.Stop();
}
private static async Task<string> GetPublicIPaddress()
{
var client = new HttpClient();
try
{
var response = await client.GetAsync("https://api.ipify.org"); // You can use this or another site to get your public IP address
response.EnsureSuccessStatusCode();
var ipAddress = await response.Content.ReadAsStringAsync();
return ipAddress;
}
catch
{
// hello
}
return null;
}
private void HandleTcpClient(IAsyncResult ar)
{
var tcpListener = (TcpListener)ar.AsyncState;
var tcpClient = tcpListener.EndAcceptTcpClient(ar);
// Extract client IP address
var clientEndpoint = (IPEndPoint)tcpClient.Client.RemoteEndPoint;
var clientIpAddress = clientEndpoint.Address;
string clientIPstring = clientIpAddress.ToString();
// Enable RDP access here
EnableRdpAccess();
var writer = new StreamWriter(tcpClient.GetStream());
writer.WriteLine("HTTP/1.1 302 Found");
writer.WriteLine("Location: http://www.google.com"); // This is to fake the attackers. They are redirected to this page but at the same time, the port is now open for 10 minutes for RDP
writer.WriteLine("Connection: close");
writer.Flush();
// Close the TCP client connection
tcpClient.Close();
// Resume listening for incoming connections
_tcpListener.BeginAcceptTcpClient(HandleTcpClient, _tcpListener);
TimeSpan elapsedTime = DateTime.Now - _timerStartTime;
int elapsedSeconds = (int)elapsedTime.TotalSeconds;
if (elapsedSeconds >= 40)
{
try
{
SendAlertemail(clientIPstring);
}
catch
{
_timerStartTime = DateTime.Now;
}
_timerStartTime = DateTime.Now;
}
_timer.Stop();
_timer.Start();
tcpClient.Close();
_tcpListener.BeginAcceptTcpClient(HandleTcpClient, _tcpListener);
}
private static void EnableRdpAccess()
{
const string keyName = @"SYSTEM\CurrentControlSet\Control\Terminal Server";
const string valueName = "fDenyTSConnections";
using (var key = Registry.LocalMachine.OpenSubKey(keyName, true))
{
key?.SetValue(valueName, 0, RegistryValueKind.DWord);
}
}
private static void SendAlertemail(string clientIPstring)
{
var myVars = new Service1();
var smtpClient = new SmtpClient(myVars.email_smtp_server, myVars.SMTP_PORT);
smtpClient.UseDefaultCredentials = false;
smtpClient.EnableSsl = false;
smtpClient.Credentials = new NetworkCredential(myVars.email_username, myVars.email_password);
smtpClient.DeliveryMethod = SmtpDeliveryMethod.Network;
var mailMessage = new MailMessage();
mailMessage.From = new MailAddress(myVars.email_sending_address);
mailMessage.To.Add(myVars.recivers_emailaddress);
mailMessage.Subject = "ATTENTION - " + clientIPstring + " - RDP Access Enabled for 10 minutes.";
mailMessage.Body = "RDP access has been enabled for 10 minutes by IP: " + clientIPstring;
smtpClient.Send(mailMessage);
}
private static void SendStartupMail(string serverIPstring, int _portnumber)
{
var myVars = new Service1();
var smtpClient = new SmtpClient(myVars.email_smtp_server, myVars.SMTP_PORT);
smtpClient.UseDefaultCredentials = false;
smtpClient.EnableSsl = false;
smtpClient.Credentials = new NetworkCredential(myVars.email_username, myVars.email_password);
smtpClient.DeliveryMethod = SmtpDeliveryMethod.Network;
var mailMessage = new MailMessage();
mailMessage.From = new MailAddress(myVars.email_sending_address);
mailMessage.To.Add(myVars.recivers_emailaddress);
mailMessage.Subject = "RDP DISABLED by RESTART of Service. The PC is at: " + serverIPstring + " - RDP Access Disabled.";
mailMessage.Body = "RDP access has been disabled in intenal IP: " + serverIPstring + "\r\n\r\nEnable Port: " + _portnumber + "\r\n\r\n"; // You are being informed about the IP in case of your PC is stolen :)
smtpClient.Send(mailMessage);
}
private static void DisableRdpAccess()
{
const string keyName = @"SYSTEM\CurrentControlSet\Control\Terminal Server";
const string valueName = "fDenyTSConnections";
using (var key = Registry.LocalMachine.OpenSubKey(keyName, true))
{
key?.SetValue(valueName, 1, RegistryValueKind.DWord);
}
}
}
}