Shame its not just linux, in which case write a bash script to monitor /var/log/kernel for a certain line, have that trigger another script... very simple.. :hug: Linux
While java is certainly platform independent, it needs to have a compatible version of java on the host, and that could cause problems. Your best bet IMHO would be to stick with "C" code and just make sure that it can compile on both windows and linux. You may need 2 versions (nix and windows), but that should only require minor modifications to the base code.Originally Posted by KMDave
Just for completeness (I don't think this applies to you though) If you aren't familiar with C, you could do it in python/perl and then use a py2exe or perl2exe tool to bundle it up in an .exe for windows, but I've never really liked those tools since they bloat up the base code so much. YMMV.
Good Luck...
Shame its not just linux, in which case write a bash script to monitor /var/log/kernel for a certain line, have that trigger another script... very simple.. :hug: Linux
wtf?
Well the first part is at least LinuxSo that could be quite easy but I don't want to rely on logfiles.
I am planning to use the libpcap to look for the knock.
Also the perlscript will trigger a simple bash script I think, maybe Perl.
Tiocfaidh ár lá
So, the two weeks went by that fast I can hardly believe it.
Just had a couple days to work on the project since I've been sick almost all the time.
But the first implementation is done.
I can wake up my desktop machine via a WOL command issued on my server. And after a short sleep if it needs to wake up the desktop it will send a "knock" to the desktop which will then start Team Viewer, take a screenshot and send it to my emailaddress.
The only thing I am struggling with is the port knocker, which is basically working, but only if i send the knock from the server to the server. Not working as intended but I'll figure that detail out too.
Note that this is just the first implementation and I am far from done, just want to keep you updated on what's going on.
What needs to be done:
- Listener on desktop will be run as a service
- Implement multiple possible commands which can be send to the desktop to start different apps
- Implement security for the communication to the desktop
- Write an own portknocker with Pcap, so that the port doesn't need to be open.
Yeah that's it so far i think.
Tiocfaidh ár lá
Hey KMDave,
hxxp://netresearch.ics.uci.edu/kfujii/jpcap/doc/download.html
these folks put out a great java wrapper to libpcap that allows you to code a custom listener really quick and easy. they have packages for windows, debian, and from source which i have verified works on freeBSD if you end up going with the PF firewall. Or if you want to stick with straight c I pasted below a simple libpcap listener i wrote (warning....my c skills are not that great, found using Jpcap to be a lot easier) to work with my own port knocking/single packet auth app.
#include <stdio.h>
#include <pcap.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/wait.h>
int
main(int nothing , char *args[]) {
pid_t javaPid;
printf("running from project executable");
char errbuf[PCAP_ERRBUF_SIZE];
char *default_device;
struct pcap_pkthdr h;
pcap_t *ph;
u_char *packet;
int *i = 0;
int *portToMatch = atoi(args[1]);
printf("portToMatch = %d \n" , portToMatch);
default_device = "eth0";//pcap_lookupdev(errbuf);// should work to figure out interfaces
if (!default_device) {
fprintf(stderr, "%s \n", errbuf);
exit(1);
}
printf("Opening %s \n", default_device);//for debugging
ph = pcap_open_live(default_device, BUFSIZ, 1, 0, errbuf);
printf("Capturing on %s \n", default_device);//for debugging
//while (i < 1000){// if you want temp run
while (1){
packet = (u_char *)pcap_next(ph, &h);
i++;
char portFound[5];
char match[5];
(void)sprintf(portFound , "%02x%02x" , packet[36], packet[37]);//for debugging
(void)sprintf(match , "%x" , portToMatch);//for debugging
if (strcmp(portFound , match) == 0){// only want to match on dst port args[1]
printf("packet size = %d \n" , h.len);
printf("ending byte = %02x \n" , packet[h.len - 1]);
printf("portFound = %s \n" , portFound);
printf("match = %s \n" , match);
//dst port
printf("dst port in hex = %02x %02x \n", packet[36], packet[37]);
// source ip
printf("source ip in hex = %02x%02x%02x%02x\n",
packet[26], packet[27], packet[28], packet[29]);
char *catTest;
char temp[256];
int z = 42;
int x = 0;
int imalloc = h.len;
catTest = (char*)malloc(imalloc);
catTest[0] = '\0';
printf("catTest length = %d\n", strlen(catTest));
for (z; z < h.len; z++){
temp[0] = '\0';
sprintf(&temp[0] , "%02x" , packet[z]);
strcat(catTest, temp);
x++;
}
//printf("catTest = %s \n" , catTest); for debugging
char param[1000];
param[0] = '\0';
//make call to java program for decrypting payload
sprintf(¶m[0] , "%s %02x%02x%02x%02x " ,
"java -cp /home/bob/vpnProject/build/classes/:/opt/bc/bcprov-jdk16-138.jar test.PacketReader " , packet[26],
packet[27], packet[28], packet[29]);
if (sizeof catTest < sizeof param) {
strcat(param , catTest); //throw the payload in
}
if ((javaPid = fork()) == 0) {
printf("forked correctly \n");
execl("/bin/sh", "sh", "-c", param, NULL );
exit(0);
}
}
}
printf("Done. \n");
exit(0);
}
Thanks a lot for your input the_rooster. I will definately check it out. I am still learning a lot but I also love to learn new things.
And thanks to all of you who already gave comments and suggestions so far. I will keep you updated on whats going on.
Tiocfaidh ár lá
A quick update:
I've got the portknock working via the internet finally. It was one of the last things I would have thought of:
The server had a different time than the client. So keep in mind to always check the date on servers and clients
Monday will be the big day, for the first real test
Tiocfaidh ár lá
Sorry, but a new a avenue for consideration.
I know about SSH, I use it regularly, but since I got access to an external system I decided to go around my PC's and do it all properly into one system (most were allowing 'just passwords').
But today I decided to go around and lock them down properly, even internally (yes I know technically speaking there is no difference as someone could break into one machine then be 'internal').
So today I have spent about three hours on this and linked up five different machines, I:
Created a pub/priv key pair, where the identifying key (id_rsa) requires a key to be used
Only saved this priv key to the two machine that are behind the second strict firewall and are each updated FC9 machines with Selinux (the other machines need the USB stick with the key on)
Planted the public key (id_rsa.pub) onto each machine so they accept my priv key login request
Changed each machine to not accept root login through ssh
Changed each machine to not accepting password login or GSSAPI
Only accepting public key auth
Ensured username on each machine is the same
Double checked that all file permissions (id_rsa, authorized_hosts, and the other (excuse the vino in me)) are appropriate (read only for current user etc etc etc)
(also did things like adding machine into the hosts file)
I didn't do anything amazing, or worth writing home about, but was nice little excersize and practise. Plus the bonus that I can log into any machine now with
ssh firewall
instead of
ssh 192.168.1.254 -l andyfirewall -p 59901 <<then enter password for machine which due to human nature are different on different machines>>
(port 59901 as I know password auth is weak so tried to add another layer of obscurity/security to hide the service)
Sorry for direction change, but something else to think about for a rainy day.
Edit - Vino typos
wtf?
Although you are "done" with the portknocking you may want to have a look at the following... it may be exactly what you are looking for... it may not be... who knows... anyways... thought I would attempt to help out.A quick update:
I've got the portknock working via the internet finally. It was one of the last things I would have thought of:
The server had a different time than the client. So keep in mind to always check the date on servers and clients
Monday will be the big day, for the first real test
h t t p:/ /w w w .zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
I am far from done
I've just got my first implementation done, but there is still a lot to do.
Thanks for the link Jac01.
Also thanks Andy, I thought about something like the keypairs when implementing SSH
Tiocfaidh ár lá
Posting Permissions
