【安全牛学习笔记】ptunnle

ptunnle                                                      

Ping tunnel ICMP隧道工具                                      

    - 通过ICMP echo(ping requests)和reply(ping reply)实现隧道

    - 适用于防火墙只允许ping出站流量的环境                    

    - 支持多并发连接、性能优                                  

    - 支持身份验证                                           

    - 需要root权限                                           

    - 支持抓包                                               

      Win : winpcap                                          

      Linux : libpcap                                        

    - 工作过程                                               

      Proxy、Client、Destination

ptunnle                                                            

服务器                                                            

    - ptunnel -x 1234                                              

客户端                                                             

    - sudo ptunnel -p proxy -lp 2222 -da destination -dp 22 -x 1234

嵌套SSH隧道                                                        

    - ssh -CNfg -D 7000 root@127.0.0.1 -p 2222                      

ptunnel直到目前的最新版仍存在拒绝服务漏洞                           

    - 0.72

root@K:~# ptunnel

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Forwarding incoming ping packtes over TCP.

[inf]: Ping proxy is listening in privileged mode.

^C

root@K:~# ptunnel -x 12345   //隧道密码

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Forwarding incoming ping packtes over TCP.

[inf]: Ping proxy is listening in privileged mode.

Description: LAN -> WAN PING

yuanfh@Bodhi:~$ sudo apt-get install ptunnel

yuanfh@Bodhi:~$ sudo ptunnel -h

ptunnel v 0.72

Usage:    ./ptunnel -p <adddr> -lp <port> -da <dest_addr> -dp <dest_port> [-m max_tunnerbosity] [-f loggile]

          ./ptunnel [-m max_threads] [-v verbosity] [-c <device>]

      -p: Set address of peer running packet forwarder. This causes

          ptunnel to operate in forwarding maode - the absence of this

          option causes ptunnel to operate in proxy mode.

     -lp: Set TCP listening port (only used when operating in forward mode)

     -da: Set remote proxy destination address if client

          Restrict to only this destination address if server

     -dp: Set remote proxy destionation port if client

          Restrict to only this destination port if server

      -m: Set maximum number of concurrent tunnels

      -v: Verbosity level (-1 to 4, where -1 is no output, and 4 is all output)

      -f: Specify a file to log to, rather than printing to standard out.

      -s: Client only. Enable continuous output of statistics (packet loss, etc.)

 -daemon: Run is background, the PID will be written in the file supplied as argument

 -syslog: Output debug to syslog instead of standard out.

    -udp: Toggle use of UDP instead of ICMP. Proxy will listen on port 53 (must be ro

 Security Features: [-x password] [-u] [-setuid user] [-setgid group] [-chroot dir]

      -x: Set password (must be same on client and proxy)

      -u: Run proxy in unprivileged mode. This causes the proxy to forward

          packets using standard echo reqests, instead of crafting custom echo repli

          Unprivileged mode will only work on some systems, and is in greneral less reliable

          then running in privileged mode.

          Please consider combining the following three options instead:

 -setuid: When started in privileged mode, drop down to user's rights as soon as possible

 -setgid: When started in privileged mode, drop down to group's rights as sonn as posible

 -chroot: When started in pricileged mode, restrict file access to the specified directory

 -setcon: Set SELinux context when all there is left to do are network I/O operations

          To combine with -chroot you will have mount --bind /proc /chrootdir/proc

Starting the proxy (needs to run as root):

 [root #] prunnel

Starting a client (also needs root):

 [root #] ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22 -c eth0

And then using the tunnel to ssh to login.domain.com:

 [user $] ssh -p 8000 localhost

And that's it. Enjoy your tunnel!

yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp  8000 -da 192.168.1.1 -dp 80 -x 12345

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

yuanfh@Bodhi:~$ netstat -pantu | grep 8000

(Not all processes could be identified,non-owned process info

 will not be shown, you would have to be root to see it all.)

tcp        0      0 0.0.0.0:0000          0.0.0.0:*           LISTEN      -

tcp        0      0 127.0.0.1:59852       127.0.0.1:8000      TIME_WAIT   -

tcp        0      0 127.0.0.1:0000        127.0.0.1:59852     ESTABLISHED -

tcp        0      0 127.0.0.1:59852       127.0.0.1:8000      ESTABLISHED 2046/midor

yuanfh@Bodhi:~$ socat - tcp:127.0.0.1:8000

Http/1.1 200 OK

Content-Type: text/html;charset=gb2312

Cahe-Control: no-cache

Connection: close

<html><head><title>408 Request Timeout</title></head><body><center><h1>408 Request Timeout</h1></center></body></html>

yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp  8000 -da 192.168.1.1 -dp 80 -x 12345

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

打开浏览器

http://127.0.0.1:8000

root@K:~# vi /etc/ssh/sshd_config

PermitRootLogin yes

PasswordAuthentication yes

root@K:~# service ssh start

yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 22 -x 12345

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

yuanfh@Bodhi:~$ ssh -CfNg -D 7000 root@127.0.0.1 -p 2222

root@K:~# ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 80

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

[inf]: Incoming connection.

[evt]: No running proxy thread - starting it.

[inf]: Ping proxy is listening in privileged mode.

[inf]: Received session close from remote peer.

[inf]: 

Session statistics:

[inf]: I/O:   0.01 mb ICMP I/O/R:               12/          2/          0 Loss:  0.0%

[inf]: 

root@K:~# vi /etc/ssh/sshd_config

PermitRootLogin yes

PasswordAuthentication yes

root@K:~# service ssh start

root@K:~# ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 22

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

root@K:~# ssh -CfNg -D 7000 root@127.0.0.1 -p 2222

The authenticity of host '[127.0.0.1]:53 ([127.0.0.1):2222)' can't be establishded

ECDSA key fingerprint is SHA256:nk6ziDahJTUBCTohlvpGM6MZlNjLBvlHgmT62xL+zQ0

Are you sure you want to continue connectiong (yes/no)? yes

Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.

root@127.0.0.1's password:

root@K:~# netstat -pantu | grep 7000

tcp        0      0 127.0.0.1:7000        0.0.0.0:*           LISTEN      2780/ssh

tcp6       0      0 :::7000               :::*                LISTEN      2780/ssh

代理设置

socks:1.1.1.11 7000

root@K:~# ptunnel -x 1234 -p 192.168.1.110 -lp 2233 -da 192.168.1.110 -dp 22

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

root@K:~# ssh -CfNg -D 7001 root@127.0.0.1 -p 2233

The authenticity of host '[127.0.0.1]:53 ([127.0.0.1):2222)' can't be establishded

ECDSA key fingerprint is SHA256:nk6ziDahJTUBCTohlvpGM6MZlNjLBvlHgmT62xL+zQ0

Are you sure you want to continue connectiong (yes/no)? yes

Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.

root@127.0.0.1's password:

root@K:~# ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.110 -dp 80 -x 1234

[inf]: Starting ptunnel v 0.72

[inf]: (c) 2004-2011 Daniel Stoedle, <daniels@cs.uit.no>

[inf]: Security features by Sebastien Raveau, <sebastien.raveau@epita.fr>

[inf]: Relaying packets from incoming TCP streams.

该笔记为安全牛课堂学员笔记，想看此课程或者信息安全类干货可以移步到安全牛课堂

Security+认证为什么是互联网+时代最火爆的认证？

      牛妹先给大家介绍一下Security+

        Security+ 认证是一种中立第三方认证，其发证机构为美国计算机行业协会CompTIA ；是和CISSP、ITIL 等共同包含在内的国际 IT 业 10 大热门认证之一，和CISSP偏重信息安全管理相比，Security+ 认证更偏重信息安全技术和操作。

       通过该认证证明了您具备网络安全，合规性和操作安全，威胁和漏洞，应用程序、数据和主机安全，访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易，含金量较高，目前已被全球企业和安全专业人士所普遍采纳。

Security+认证如此火爆的原因？  

       原因一：在所有信息安全认证当中，偏重信息安全技术的认证是空白的， Security+认证正好可以弥补信息安全技术领域的空白 。

      目前行业内受认可的信息安全认证主要有CISP和CISSP，但是无论CISP还是CISSP都是偏重信息安全管理的，技术知识讲的宽泛且浅显，考试都是一带而过。而且CISSP要求持证人员的信息安全工作经验都要5年以上，CISP也要求大专学历4年以上工作经验，这些要求无疑把有能力且上进的年轻人的持证之路堵住。在现实社会中，无论是找工作还是升职加薪，或是投标时候报人员，认证都是必不可少的，这给年轻人带来了很多不公平。而Security+的出现可以扫清这些年轻人职业发展中的障碍，由于Security+偏重信息安全技术，所以对工作经验没有特别的要求。只要你有IT相关背景，追求进步就可以学习和考试。

       原因二： IT运维人员工作与翻身的利器。

       在银行、证券、保险、信息通讯等行业，IT运维人员非常多，IT运维涉及的工作面也非常广。是一个集网络、系统、安全、应用架构、存储为一体的综合性技术岗。虽然没有程序猿们“生当做光棍，死亦写代码”的悲壮，但也有着“锄禾日当午，不如运维苦“的感慨。天天对着电脑和机器，时间长了难免有对于职业发展的迷茫和困惑。Security+国际认证的出现可以让有追求的IT运维人员学习网络安全知识，掌握网络安全实践。职业发展朝着网络安全的方向发展，解决国内信息安全人才的匮乏问题。另外，即使不转型，要做好运维工作，学习安全知识取得安全认证也是必不可少的。

        原因三：接地气、国际范儿、考试方便、费用适中！

CompTIA作为全球ICT领域最具影响力的全球领先机构,在信息安全人才认证方面是专业、公平、公正的。Security+认证偏重操作且和一线工程师的日常工作息息相关。适合银行、证券、保险、互联网公司等IT相关人员学习。作为国际认证在全球147个国家受到广泛的认可。

        在目前的信息安全大潮之下，人才是信息安全发展的关键。而目前国内的信息安全人才是非常匮乏的，相信Security+认证一定会成为最火爆的信息安全认证。