【安全牛学习笔记】ptunnle
来源:互联网 发布:麻将游戏服务端源码 编辑:程序博客网 时间:2024/05/20 23:37
ptunnle
Ping tunnel ICMP隧道工具
- 通过ICMP echo(ping requests)和reply(ping reply)实现隧道
- 适用于防火墙只允许ping出站流量的环境
- 支持多并发连接、性能优
- 支持身份验证
- 需要root权限
- 支持抓包
Win : winpcap
Linux : libpcap
- 工作过程
Proxy、Client、Destination
ptunnle
服务器
- ptunnel -x 1234
客户端
- sudo ptunnel -p proxy -lp 2222 -da destination -dp 22 -x 1234
嵌套SSH隧道
- ssh -CNfg -D 7000 root@127.0.0.1 -p 2222
ptunnel直到目前的最新版仍存在拒绝服务漏洞
- 0.72
root@K:~# ptunnel
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Forwarding incoming ping packtes over TCP.
[inf]: Ping proxy is listening in privileged mode.
^C
root@K:~# ptunnel -x 12345 //隧道密码
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Forwarding incoming ping packtes over TCP.
[inf]: Ping proxy is listening in privileged mode.
Description: LAN -> WAN PING
yuanfh@Bodhi:~$ sudo apt-get install ptunnel
yuanfh@Bodhi:~$ sudo ptunnel -h
ptunnel v 0.72
Usage: ./ptunnel -p <adddr> -lp <port> -da <dest_addr> -dp <dest_port> [-m max_tunnerbosity] [-f loggile]
./ptunnel [-m max_threads] [-v verbosity] [-c <device>]
-p: Set address of peer running packet forwarder. This causes
ptunnel to operate in forwarding maode - the absence of this
option causes ptunnel to operate in proxy mode.
-lp: Set TCP listening port (only used when operating in forward mode)
-da: Set remote proxy destination address if client
Restrict to only this destination address if server
-dp: Set remote proxy destionation port if client
Restrict to only this destination port if server
-m: Set maximum number of concurrent tunnels
-v: Verbosity level (-1 to 4, where -1 is no output, and 4 is all output)
-f: Specify a file to log to, rather than printing to standard out.
-s: Client only. Enable continuous output of statistics (packet loss, etc.)
-daemon: Run is background, the PID will be written in the file supplied as argument
-syslog: Output debug to syslog instead of standard out.
-udp: Toggle use of UDP instead of ICMP. Proxy will listen on port 53 (must be ro
Security Features: [-x password] [-u] [-setuid user] [-setgid group] [-chroot dir]
-x: Set password (must be same on client and proxy)
-u: Run proxy in unprivileged mode. This causes the proxy to forward
packets using standard echo reqests, instead of crafting custom echo repli
Unprivileged mode will only work on some systems, and is in greneral less reliable
then running in privileged mode.
Please consider combining the following three options instead:
-setuid: When started in privileged mode, drop down to user's rights as soon as possible
-setgid: When started in privileged mode, drop down to group's rights as sonn as posible
-chroot: When started in pricileged mode, restrict file access to the specified directory
-setcon: Set SELinux context when all there is left to do are network I/O operations
To combine with -chroot you will have mount --bind /proc /chrootdir/proc
Starting the proxy (needs to run as root):
[root #] prunnel
Starting a client (also needs root):
[root #] ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22 -c eth0
And then using the tunnel to ssh to login.domain.com:
[user $] ssh -p 8000 localhost
And that's it. Enjoy your tunnel!
yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.1 -dp 80 -x 12345
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
yuanfh@Bodhi:~$ netstat -pantu | grep 8000
(Not all processes could be identified,non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:0000 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:59852 127.0.0.1:8000 TIME_WAIT -
tcp 0 0 127.0.0.1:0000 127.0.0.1:59852 ESTABLISHED -
tcp 0 0 127.0.0.1:59852 127.0.0.1:8000 ESTABLISHED 2046/midor
yuanfh@Bodhi:~$ socat - tcp:127.0.0.1:8000
Http/1.1 200 OK
Content-Type: text/html;charset=gb2312
Cahe-Control: no-cache
Connection: close
<html><head><title>408 Request Timeout</title></head><body><center><h1>408 Request Timeout</h1></center></body></html>
yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.1 -dp 80 -x 12345
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
打开浏览器
http://127.0.0.1:8000
root@K:~# vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
root@K:~# service ssh start
yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 22 -x 12345
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
yuanfh@Bodhi:~$ ssh -CfNg -D 7000 root@127.0.0.1 -p 2222
root@K:~# ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 80
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
[inf]: Incoming connection.
[evt]: No running proxy thread - starting it.
[inf]: Ping proxy is listening in privileged mode.
[inf]: Received session close from remote peer.
[inf]:
Session statistics:
[inf]: I/O: 0.01 mb ICMP I/O/R: 12/ 2/ 0 Loss: 0.0%
[inf]:
root@K:~# vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
root@K:~# service ssh start
root@K:~# ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 22
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
root@K:~# ssh -CfNg -D 7000 root@127.0.0.1 -p 2222
The authenticity of host '[127.0.0.1]:53 ([127.0.0.1):2222)' can't be establishded
ECDSA key fingerprint is SHA256:nk6ziDahJTUBCTohlvpGM6MZlNjLBvlHgmT62xL+zQ0
Are you sure you want to continue connectiong (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
root@127.0.0.1's password:
root@K:~# netstat -pantu | grep 7000
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 2780/ssh
tcp6 0 0 :::7000 :::* LISTEN 2780/ssh
代理设置
socks:1.1.1.11 7000
root@K:~# ptunnel -x 1234 -p 192.168.1.110 -lp 2233 -da 192.168.1.110 -dp 22
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
root@K:~# ssh -CfNg -D 7001 root@127.0.0.1 -p 2233
The authenticity of host '[127.0.0.1]:53 ([127.0.0.1):2222)' can't be establishded
ECDSA key fingerprint is SHA256:nk6ziDahJTUBCTohlvpGM6MZlNjLBvlHgmT62xL+zQ0
Are you sure you want to continue connectiong (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
root@127.0.0.1's password:
root@K:~# ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.110 -dp 80 -x 1234
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>
[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>
[inf]: Relaying packets from incoming TCP streams.
- 【安全牛学习笔记】ptunnle
- 【安全牛学习笔记】WPA安全系统
- 【安全牛学习笔记】python学习笔记
- 【安全牛学习笔记】搜索引擎
- 【安全牛学习笔记】端口扫描
- 【安全牛学习笔记】TOR
- 【安全牛学习笔记】SHODAN
- 【安全牛学习笔记】 端口扫描
- 【安全牛学习笔记】NEXPOSE
- 【安全牛学习笔记】POP3
- 【安全牛学习笔记】FUZZING
- 【安全牛学习笔记】抓包嗅探
- 【安全牛学习笔记】vega
- 【安全牛学习笔记】w3af
- 【安全牛学习笔记】skipfish
- 【安全牛学习笔记】Arachni
- 【安全牛学习笔记】OWASP_ZAP
- 【安全牛学习笔记】Burpsuite
- Android SDK Manager国内无法更新的解决方案(亲测有效)
- 服务器tomcat,Jboss,weblogic区别与比较
- Ruby学习笔记(09)_数组
- centos7下opencv3.3安装
- ETS 笔记
- 【安全牛学习笔记】ptunnle
- SCOI2009(HYSBZ1025)“游戏”
- webpack 从入门到工程实践
- 5分钟键盘鼠标无操作超时登录js
- MySQL分布式事务
- oj 回文子串
- redis 安装及 管理 window 环境
- 可滚动的 tbody
- dubbo 源码学习笔记 (三) —— dubbo引用服务的过程