Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: Holiday project, ideas welcome

  1. #21

    Default

    Quote Originally Posted by KMDave View Post
    Ok, so I've got the basic system set up so far I think.

    Now my question is, I am planning to have an script triggered on the server once a certain knock is received. My question is what would be the best language for the listener on the Windows side? The goal is a quite universal listener, which shouldn't require any additional tools installed (like Perl/Python).
    I thought about either C# or Java for adding future platform independency.
    While java is certainly platform independent, it needs to have a compatible version of java on the host, and that could cause problems. Your best bet IMHO would be to stick with "C" code and just make sure that it can compile on both windows and linux. You may need 2 versions (nix and windows), but that should only require minor modifications to the base code.

    Just for completeness (I don't think this applies to you though) If you aren't familiar with C, you could do it in python/perl and then use a py2exe or perl2exe tool to bundle it up in an .exe for windows, but I've never really liked those tools since they bloat up the base code so much. YMMV.

    Good Luck...

  2. #22
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Shame its not just linux, in which case write a bash script to monitor /var/log/kernel for a certain line, have that trigger another script... very simple.. :hug: Linux
    wtf?

  3. #23
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well the first part is at least Linux So that could be quite easy but I don't want to rely on logfiles.
    I am planning to use the libpcap to look for the knock.
    Also the perlscript will trigger a simple bash script I think, maybe Perl.
    Tiocfaidh ár lá

  4. #24
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    So, the two weeks went by that fast I can hardly believe it.
    Just had a couple days to work on the project since I've been sick almost all the time.

    But the first implementation is done.

    I can wake up my desktop machine via a WOL command issued on my server. And after a short sleep if it needs to wake up the desktop it will send a "knock" to the desktop which will then start Team Viewer, take a screenshot and send it to my emailaddress.
    The only thing I am struggling with is the port knocker, which is basically working, but only if i send the knock from the server to the server. Not working as intended but I'll figure that detail out too.

    Note that this is just the first implementation and I am far from done, just want to keep you updated on what's going on.

    What needs to be done:
    - Listener on desktop will be run as a service
    - Implement multiple possible commands which can be send to the desktop to start different apps
    - Implement security for the communication to the desktop
    - Write an own portknocker with Pcap, so that the port doesn't need to be open.

    Yeah that's it so far i think.
    Tiocfaidh ár lá

  5. #25
    Junior Member the_rooster's Avatar
    Join Date
    Apr 2008
    Posts
    25

    Default

    Hey KMDave,

    hxxp://netresearch.ics.uci.edu/kfujii/jpcap/doc/download.html

    these folks put out a great java wrapper to libpcap that allows you to code a custom listener really quick and easy. they have packages for windows, debian, and from source which i have verified works on freeBSD if you end up going with the PF firewall. Or if you want to stick with straight c I pasted below a simple libpcap listener i wrote (warning....my c skills are not that great, found using Jpcap to be a lot easier) to work with my own port knocking/single packet auth app.


    #include <stdio.h>
    #include <pcap.h>
    #include <string.h>
    #include <stdlib.h>
    #include <signal.h>
    #include <sys/wait.h>



    int
    main(int nothing , char *args[]) {


    pid_t javaPid;
    printf("running from project executable");
    char errbuf[PCAP_ERRBUF_SIZE];
    char *default_device;
    struct pcap_pkthdr h;
    pcap_t *ph;
    u_char *packet;
    int *i = 0;
    int *portToMatch = atoi(args[1]);
    printf("portToMatch = %d \n" , portToMatch);
    default_device = "eth0";//pcap_lookupdev(errbuf);// should work to figure out interfaces

    if (!default_device) {
    fprintf(stderr, "%s \n", errbuf);
    exit(1);
    }

    printf("Opening %s \n", default_device);//for debugging
    ph = pcap_open_live(default_device, BUFSIZ, 1, 0, errbuf);

    printf("Capturing on %s \n", default_device);//for debugging

    //while (i < 1000){// if you want temp run
    while (1){
    packet = (u_char *)pcap_next(ph, &h);
    i++;

    char portFound[5];
    char match[5];

    (void)sprintf(portFound , "%02x%02x" , packet[36], packet[37]);//for debugging

    (void)sprintf(match , "%x" , portToMatch);//for debugging

    if (strcmp(portFound , match) == 0){// only want to match on dst port args[1]

    printf("packet size = %d \n" , h.len);
    printf("ending byte = %02x \n" , packet[h.len - 1]);
    printf("portFound = %s \n" , portFound);
    printf("match = %s \n" , match);
    //dst port
    printf("dst port in hex = %02x %02x \n", packet[36], packet[37]);
    // source ip
    printf("source ip in hex = %02x%02x%02x%02x\n",
    packet[26], packet[27], packet[28], packet[29]);

    char *catTest;
    char temp[256];
    int z = 42;
    int x = 0;
    int imalloc = h.len;
    catTest = (char*)malloc(imalloc);

    catTest[0] = '\0';

    printf("catTest length = %d\n", strlen(catTest));

    for (z; z < h.len; z++){
    temp[0] = '\0';
    sprintf(&temp[0] , "%02x" , packet[z]);
    strcat(catTest, temp);
    x++;
    }
    //printf("catTest = %s \n" , catTest); for debugging

    char param[1000];
    param[0] = '\0';
    //make call to java program for decrypting payload
    sprintf(&param[0] , "%s %02x%02x%02x%02x " ,
    "java -cp /home/bob/vpnProject/build/classes/:/opt/bc/bcprov-jdk16-138.jar test.PacketReader " , packet[26],
    packet[27], packet[28], packet[29]);

    if (sizeof catTest < sizeof param) {
    strcat(param , catTest); //throw the payload in
    }

    if ((javaPid = fork()) == 0) {
    printf("forked correctly \n");
    execl("/bin/sh", "sh", "-c", param, NULL );
    exit(0);
    }

    }

    }

    printf("Done. \n");
    exit(0);
    }

  6. #26
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Thanks a lot for your input the_rooster. I will definately check it out. I am still learning a lot but I also love to learn new things.

    And thanks to all of you who already gave comments and suggestions so far. I will keep you updated on whats going on.
    Tiocfaidh ár lá

  7. #27
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    A quick update:

    I've got the portknock working via the internet finally. It was one of the last things I would have thought of:

    The server had a different time than the client. So keep in mind to always check the date on servers and clients

    Monday will be the big day, for the first real test
    Tiocfaidh ár lá

  8. #28
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Sorry, but a new a avenue for consideration.

    I know about SSH, I use it regularly, but since I got access to an external system I decided to go around my PC's and do it all properly into one system (most were allowing 'just passwords').

    But today I decided to go around and lock them down properly, even internally (yes I know technically speaking there is no difference as someone could break into one machine then be 'internal').

    So today I have spent about three hours on this and linked up five different machines, I:
    Created a pub/priv key pair, where the identifying key (id_rsa) requires a key to be used
    Only saved this priv key to the two machine that are behind the second strict firewall and are each updated FC9 machines with Selinux (the other machines need the USB stick with the key on)
    Planted the public key (id_rsa.pub) onto each machine so they accept my priv key login request
    Changed each machine to not accept root login through ssh
    Changed each machine to not accepting password login or GSSAPI
    Only accepting public key auth
    Ensured username on each machine is the same
    Double checked that all file permissions (id_rsa, authorized_hosts, and the other (excuse the vino in me)) are appropriate (read only for current user etc etc etc)
    (also did things like adding machine into the hosts file)

    I didn't do anything amazing, or worth writing home about, but was nice little excersize and practise. Plus the bonus that I can log into any machine now with
    ssh firewall

    instead of
    ssh 192.168.1.254 -l andyfirewall -p 59901 <<then enter password for machine which due to human nature are different on different machines>>

    (port 59901 as I know password auth is weak so tried to add another layer of obscurity/security to hide the service)

    Sorry for direction change, but something else to think about for a rainy day.

    Edit - Vino typos
    &#119;&#116;&#102;&#63;

  9. #29
    Junior Member Jac01's Avatar
    Join Date
    Nov 2006
    Posts
    63

    Default

    Quote Originally Posted by KMDave View Post
    A quick update:

    I've got the portknock working via the internet finally. It was one of the last things I would have thought of:

    The server had a different time than the client. So keep in mind to always check the date on servers and clients

    Monday will be the big day, for the first real test
    Although you are "done" with the portknocking you may want to have a look at the following... it may be exactly what you are looking for... it may not be... who knows... anyways... thought I would attempt to help out.

    h t t p:/ /w w w .zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

  10. #30
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I am far from done

    I've just got my first implementation done, but there is still a lot to do.

    Thanks for the link Jac01.

    Also thanks Andy, I thought about something like the keypairs when implementing SSH
    Tiocfaidh ár lá

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •