TCP-over-File Tunnel

As of Windows 2003, Terminal Services supports the sharing of local folders with clients by default; this tool can be used to tunnel multiple simultaneous TCP connections through shared files.

As of Windows 2003, Terminal Services supports the sharing of local folders with clients by default; this tool can be used to tunnel multiple simultaneous TCP connections through shared files.

This is very useful if, during a penetration test, you can connect to a server via RDP deep within a data centre and would like to forward ports but all traditional covert channels such as reverse connections and DNS tunnelling are blocked.

It is often the experience of the author that too much reliance is made upon locked down GUIs and so it is assumed it would be difficult for an attacker to directly attack other servers with the data centre. Combined with Metasploit’s meterpreter, this tool can be used to tunnel exploits through RDP to attack otherwise inaccessible servers.

It must be noted that a custom virtual channel could be implemented for the same purpose, rather than relying on shared files. However, tunnelling connections through files was chosen as this is often desired functionality and so might be a business requirement. Additionally, this tool could potentially be useful in other environments outside of RDP.