How to send a custom 'TCP' packet, without sudo - without three-way handshake

0
votes

I am trying to send a TCP (and later an ICMP) packet that does not use raw sockets, does not go through the three-way handshake, and does not use sudo. I have tried various methods in python's scapy module, and in python's socket module, without success.

I understand that without the three-way handshake, TCP isn't necessarily TCP - it is basically UDP, but I am testing various ways to exfiltrate data from a network, that may go undetected.

Basically this is the working UDP version, I need working ICMP and TCP versions that do not use a raw socket, and therefore do not require admin/root privileges.

A solution in GO or Python is preferable, ideally I need to run on MacOS, Linux, and (mainly) Windows.

UDP_IP = "127.0.0.1"
UDP_PORT = 5005
MESSAGE = "Data to exfiltrate"

sock = socket.socket(socket.AF_INET, # Internet
             socket.SOCK_DGRAM) # UDP
sock.sendto(MESSAGE, (UDP_IP, UDP_PORT))
2
pythonsocketsnetworkinggotcp

2 Answers

4
votes

In short — you cannot, at least not under Linux.

You are trying to send a packet without obeying TCP's state machine. The kernel will not allow you to do that without using a packet socket (either directly or through a library such as pcap or scapy), and raw sockets require the CAP_NET_RAW capability, which is normally only granted to the superuser.

0
votes

TCP is a connection-oriented protocol. In order to establish a TCP connection, you must perform a three-way handshake. The TCP module in you OS will not send data until a connection is established, and any device receiving a TCP segment for a non-existent connection will ignore it.

TCP without the connection is not TCP, but neither is it UDP. TCP and UDP have different protocol headers. You will notice that the TCP header has more fields than the UDP header, and many of those fields will be populated by information from the handshake.

RFC 793, Transmission Control Protocol:

TCP Header Format

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          Source Port          |       Destination Port        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Sequence Number                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Acknowledgment Number                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Data |           |U|A|P|R|S|F|                               |
| Offset| Reserved  |R|C|S|S|Y|I|            Window             |
|       |           |G|K|H|T|N|N|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           Checksum            |         Urgent Pointer        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Options                    |    Padding    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             data                              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        TCP Header Format

RFC 768, User Datagram Protocol:

Format

              0      7 8     15 16    23 24    31
             +--------+--------+--------+--------+
             |     Source      |   Destination   |
             |      Port       |      Port       |
             +--------+--------+--------+--------+
             |                 |                 |
             |     Length      |    Checksum     |
             +--------+--------+--------+--------+
             |
             |          data octets ...
             +---------------- ...

                  User Datagram Header Format