Last active
March 15, 2024 21:13
-
-
Save ppmathis/dbd420e6f18169b85918 to your computer and use it in GitHub Desktop.
PowerShell Portknocker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Remove old readonly constants from session | |
Remove-Variable -Name KNOCK_DESTINATION -Force -ErrorAction SilentlyContinue | |
Remove-Variable -Name KNOCK_VALID_TYPES -Force -ErrorAction SilentlyContinue | |
Remove-Variable -Name KNOCK_PORTS -Force -ErrorAction SilentlyContinue | |
Remove-Variable -Name KNOCK_EXE_TARGET -Force -ErrorAction SilentlyContinue | |
# === SCRIPT CONFIGURATION === | |
Set-Variable KNOCK_DESTINATION -Option ReadOnly -Value "1.2.3.4" | |
Set-Variable KNOCK_VALID_TYPES -Option ReadOnly -Value ("TCP", "UDP") | |
Set-Variable KNOCK_PORTS -Option ReadOnly -Value ((1, "TCP"), (2, "TCP"), (3, "UDP"), (4, "UDP")) | |
Set-Variable KNOCK_EXE_TARGET -Option ReadOnly -Value "mstsc /v:$KNOCK_DESTINATION /prompt" | |
# === END OF SCRIPT CONFIGURATION === | |
# Knock all configured ports in the correct order | |
$KNOCK_PORTS | foreach { | |
$knockPort = $_[0] | |
$knockType = $_[1] | |
# Make sure that no invalid knock type was specified | |
if ( -Not $KNOCK_VALID_TYPES.Contains($knockType) ) { | |
Write-Error "Invalid knock type specified: $knockType" | |
Exit(1) | |
} else { | |
Write-Host "Knocking $knockType port $knockPort..." | |
# Execute the port knock, either TCP or UDP | |
switch($knockType) { | |
"TCP" { | |
$tcpClient = New-Object System.Net.Sockets.TcpClient | |
$tcpClient.BeginConnect($KNOCK_DESTINATION, $knockPort, $null, $null) | Out-Null | |
$tcpClient.Close() | Out-Null | |
} | |
"UDP" { | |
$udpClient = New-Object System.Net.Sockets.UdpClient | |
$udpClient.Connect($KNOCK_DESTINATION, $knockPort) | Out-Null | |
$udpClient.Send([byte[]](0), 1) | Out-Null | |
$udpClient.Close() | Out-Null | |
} | |
} | |
# Wait a second to make sure that our firewall gets the packets in the right order | |
sleep 1 | |
} | |
} | |
# Start the configured service | |
Write-Host "Open sesame!" | |
Write-Host "Executing target command...: $KNOCK_EXE_TARGET" | |
Invoke-Expression -Command $KNOCK_EXE_TARGET |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment