README.md
Rendering markdown...
// ----------------------------------------------------
// Programmer : Ebrahim Shafiei (EbraSha)
// Email : [email protected]
// ----------------------------------------------------
// Disclaimer: This tool is intended solely for demonstrating and validating a newly discovered security vulnerability in AnyDesk.
// Unauthorized or illegal use of this tool is strictly prohibited.
using System;
using System.Diagnostics;
using System.Net;
using System.Net.NetworkInformation;
using System.Threading.Tasks;
using System.Collections.Generic;
using System.Text.RegularExpressions;
class Program
{
static string targetProcessName = "";
static async Task Main()
{
string banner = @"
###############################################################
# #
# Abdal AnyDesk Remote IP Detector #
# #
# Demonstration tool for security vulnerability testing #
# in AnyDesk remote connection #
# #
# *** Authorized Use Only *** #
# ----------------------------------------------------------- #
# Programmer: Ebrahim Shafiei (EbraSha) #
# Email : [email protected] #
###############################################################
";
Console.WriteLine(banner);
Console.WriteLine("Starting target IP monitoring on AnyDesk");
// Ask user for the process name to filter (optional)
// Console.Write("Enter the name of the software to filter (leave empty for all): ");
// targetProcessName = Console.ReadLine()?.Trim();
targetProcessName = "AnyDesk";
// Start the monitoring task
Task monitoringTask = MonitorConnectionsAsync();
// Keep the application running
await Task.WhenAll(monitoringTask);
}
// Asynchronous method to continuously monitor connections
static async Task MonitorConnectionsAsync()
{
while (true)
{
try
{
// Display active TCP connections
await Task.Run(() => ListTcpConnections());
// Display active UDP listeners
await Task.Run(() => ListUdpListeners());
// Wait for a short interval before checking again
await Task.Delay(5000); // 5 seconds delay
}
catch (Exception ex)
{
Console.WriteLine($"Error occurred: {ex.Message}");
}
}
}
// Method to list all active TCP connections with associated process names
static void ListTcpConnections()
{
Console.WriteLine("TCP connection detected and examined for target IP leakage.");
IPGlobalProperties ipProperties = IPGlobalProperties.GetIPGlobalProperties();
TcpConnectionInformation[] tcpConnections = ipProperties.GetActiveTcpConnections();
foreach (TcpConnectionInformation connection in tcpConnections)
{
try
{
// Get process ID associated with the connection port
int processId = GetProcessId(connection.LocalEndPoint.Port);
// Get process name if available
string processName = Process.GetProcessById(processId).ProcessName;
// Check if the process name matches the target process name or display all if target is empty
if (processName.ToLower() == "anydesk" && connection.RemoteEndPoint.Port != 443 && connection.RemoteEndPoint.Port != 80)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine($"Process: {processName}");
Console.WriteLine($"Local IP: {connection.LocalEndPoint.Address}, Port: {connection.LocalEndPoint.Port}");
Console.WriteLine($"Remote IP: {connection.RemoteEndPoint.Address}, Port: {connection.RemoteEndPoint.Port}");
Console.WriteLine($"State: {connection.State}");
Console.ResetColor();
Console.ForegroundColor = ConsoleColor.White;
Console.BackgroundColor = ConsoleColor.Red;
Console.WriteLine($"Detected Remote Ip : {connection.RemoteEndPoint.Address}");
Console.ResetColor();
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("------------------------------");
Console.ResetColor();
Console.ReadLine();
}
else
{
/*
Console.WriteLine($"Process: {processName}");
Console.WriteLine($"Local IP: {connection.LocalEndPoint.Address}, Port: {connection.LocalEndPoint.Port}");
Console.WriteLine($"Remote IP: {connection.RemoteEndPoint.Address}, Port: {connection.RemoteEndPoint.Port}");
Console.WriteLine($"State: {connection.State}");
Console.WriteLine("------------------------------");
*/
}
}
catch (Exception ex)
{
//Console.WriteLine($"Could not retrieve process name: {ex.Message}");
}
}
}
// Method to list all UDP listeners
static void ListUdpListeners()
{
Console.WriteLine("UDP connection detected and examined for target IP leakage.");
IPGlobalProperties ipProperties = IPGlobalProperties.GetIPGlobalProperties();
IPEndPoint[] udpListeners = ipProperties.GetActiveUdpListeners();
foreach (IPEndPoint listener in udpListeners)
{
try
{
// Get process ID associated with the listener port
int processId = GetProcessId(listener.Port);
// Get process name if available
string processName = Process.GetProcessById(processId).ProcessName;
// Check if the process name matches the target process name or display all if target is empty
if (string.IsNullOrEmpty(targetProcessName) || processName.Equals(targetProcessName, StringComparison.OrdinalIgnoreCase))
{
if(listener.Port == 7070)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine($"Process: {processName}");
Console.WriteLine($"Local IP: {listener.Address}, Port: {listener.Port}");
Console.WriteLine("------------------------------");
Console.ResetColor();
Console.ReadLine();
}
else
{
/*
Console.WriteLine($"Process: {processName}");
Console.WriteLine($"Local IP: {listener.Address}, Port: {listener.Port}");
Console.WriteLine("------------------------------");
*/
}
}
}
catch (Exception ex)
{
// Console.WriteLine($"Could not retrieve process name: {ex.Message}");
}
}
}
// Helper method to get process ID based on port using netstat
static int GetProcessId(int port)
{
try
{
// Start the netstat process
Process netstat = new Process();
netstat.StartInfo.FileName = "netstat";
netstat.StartInfo.Arguments = "-a -n -o";
netstat.StartInfo.UseShellExecute = false;
netstat.StartInfo.RedirectStandardOutput = true;
netstat.StartInfo.CreateNoWindow = true;
netstat.Start();
// Read the output from netstat
string output = netstat.StandardOutput.ReadToEnd();
netstat.WaitForExit();
// Regular expression to find the process ID associated with the local port
string pattern = $@"\s+TCP\s+\S+:{port}\s+\S+\s+\S+\s+(\d+)";
Regex regex = new Regex(pattern);
Match match = regex.Match(output);
if (match.Success && int.TryParse(match.Groups[1].Value, out int processId))
{
return processId;
}
else
{
throw new Exception("Process ID not found for the specified port.");
}
}
catch (Exception ex)
{
// Console.WriteLine($"Error retrieving process ID: {ex.Message}");
return -1; // Return -1 if the process ID cannot be found
}
}
}