12
HANZ AND FRANZ

Hanz and Franz

Embed Size (px)

Citation preview

Hanz and Franz

Hanz and Franz

ReviewTCP/IP ProtocolPacketICMPSSH

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP. TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol (TCP), manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol (IP), handles the address part of each packet so that it gets to the right destination.TCP packs, breaks apart and sets up transport while IP addresses and resolves it.Packets are the basis of information traversing the wire. The protocol dictates the format and data in it.TCP data exchangeUDP data exchangeICMP host is alive, and ask it to reply to our echo request, If TTL exhausted the router will generate and transmit error,NO DATASNMP2

Were going to pumpup your packet

ICMP tunnelingBegin to analyze the traffic/protocols that are running on your network- and why!

Main objective:Provide an example of how a benign protocol like ICMP can be used for exfiltration of data from your network without detection (Encapsulation)

In this activity we'll experiment with a technique used to bypass firewalls.As you should remember from your networking course, ICMP is one of the internet protocols used to exchange error conditions between nodes on a network. We 'ping' a host to see if it is alive asking it to return a reply to our echo request. If any packet exhausts its TTL, the receiving router will generate the appropriate TTL expired in transit error and this is returned via ICMP to the originating host.It wasn't designed to carry data (packets are generally small) and no port numbers are assigned to ICMP packets, only a protocol Type. Sounds harmless and useful right?Think about this situation....have you ever gone to a hotel or public WiFi hotspot and found that internet access isn't [gulp] free? You associate with the open WiFi access point, you have been assigned an IP address via DHCP, you can even perform DNS lookups, but your HTTP requests all return a 'please pay and login' page.Often, these are configured to intercept most TCP and UDP traffic but ICMP traffic is sometimes permitted. Even a default install of a Comcast cable modem will allow you to 'ping www.yahoo.com' although you won't be able to open any web pages.Many firewalls are configured to pass ICMP traffic because it's useful to know if a host is up or down when troubleshooting other connection problems.So....if ICMP traffic is unrestricted, do you think attackers might use it as a means for establishing a covert communication channel? Enter.... Hans http://code.gerade.org/hans/ or ICMPTX http://thomer.com/icmptx/ or even ptunnel http://www.cs.uit.no/~daniels/PingTunnel/

4

Start with 2 VMs running kaliTest by pinging between each

Setup sshd on at least one of the machinesThis will allow remote login via sshWhats ssh? secure shell tcp port 22Provides an RSA encrypted communication channel

Capture an ssh login session between the two hostsUsing wireshark on host hans, begin capturing to a file with the w optionThen, login to the host from franz.BEFORE you do this, youll need to initialize the sshd daemon on hansThis is the same process for any new Backtrack install issue an sshd-generate and it will create a unique key for encrypting the session

Install hans on both machinesThe source code is on my website.wget from http://www.dtcc.edu/~fsciallo/stuff/hans-0.4.4.tar.gzIf you get a 404, youve typed something wrongOnce downloaded, unpack and compile. Use the resource in Blackboard for tar/gzip if needed

Before you fire it upPerform another packet capture of a ping between hans and franzWell use this for comparison later

Startup the tunnelOn hans, startup the tunnel server. This process will listen for connections. Provide an IP for the server, something like 10.1.1.1On franz, startup the tunnel client and connect to hans - hans c 10.1.1.1You should be able to ping 10.1.1.1 from franz once the tunnel is setupYou should also see the connection message on hans the server

Capture an ssh connection to hans againThis time, ssh to the tunnel IP address while capturing the packets in tcpdumpSave your capture to a unique fileWhen you open this dump in wireshark, you should see something differentThe connection that should be using TCP port 22 is now using ICMP

Compare your capturesCompare the captures of a ping between the two hosts with the capture of an ssh session over the tunnelWhats different?How would you identify this traffic?


Report Li Complete(Hanz)(13 15)(87 115)

Report Li Complete(Hanz)(13 15)(87 115)

Documents
“Does Anybody Here Remember When Hanz Gubenstein Invented Time Travel?”

“Does Anybody Here Remember When Hanz Gubenstein Invented Time Travel?”

Documents
Ringen, or Mideival Germanic Submission Wrestling- Hanz Talhoffer

Ringen, or Mideival Germanic Submission Wrestling- Hanz Talhoffer

Documents
Boas, Franz - Race and Nationality

Boas, Franz - Race and Nationality

Documents
Case Bickel and Franz

Case Bickel and Franz

Documents
Romeo Y Julieta - Hanz Scharoun

Romeo Y Julieta - Hanz Scharoun

Documents
Implement Motor Trade Regulations Hanz

Implement Motor Trade Regulations Hanz

Documents
Partners of HANZ

Partners of HANZ

Documents
Body Fit’s… November 2012 Richly Rewarding Livinguxbridgefitness.com/wp-content/uploads/2012/11/November-2012.pdf · 11/11/2012  · ent. Look for Hanz and Franz as they clear

Body Fit’s… November 2012 Richly Rewarding Livinguxbridgefitness.com/wp-content/uploads/2012/11/November-2012.pdf · 11/11/2012  · ent. Look for Hanz and Franz as they clear

Documents
El Juicio de Amparo Indirecto Magdo Hanz Eduardo López Muñoz

El Juicio de Amparo Indirecto Magdo Hanz Eduardo López Muñoz

Documents
Mejora de Metodos Hanz

Mejora de Metodos Hanz

Documents
Franz Fuerst and Gianluca Marcato

Franz Fuerst and Gianluca Marcato

Documents
Escrito por Robert Hanz

Escrito por Robert Hanz

Documents
Kovacq, Hanz - The Berger Institute

Kovacq, Hanz - The Berger Institute

Documents
Crystal and Hanz

Crystal and Hanz

Documents
Energy Production Mr. Hanz SPH 3U1 November 25, 2009

Energy Production Mr. Hanz SPH 3U1 November 25, 2009

Documents
Effective Senates Machiavelli’s Imaginary Tightrope Patricia James Hanz Wheeler North

Effective Senates Machiavelli’s Imaginary Tightrope Patricia James Hanz Wheeler North

Documents
Lu Xun and Franz Kafka

Lu Xun and Franz Kafka

Documents
Daniel Hanz C

Daniel Hanz C

Social Media
Islam & Wahyu 13:11-18 - By Gilbert Hanz

Islam & Wahyu 13:11-18 - By Gilbert Hanz

Documents
Gagosian · 2018. 4. 19. · (2004); 'epiphanie' (2011) by anselm reyle and franz west todd-white-art photography: nymphiu/anselm reyle and franz west: michael wolchover/franz westestateand

Gagosian · 2018. 4. 19. · (2004); 'epiphanie' (2011) by anselm reyle and franz west todd-white-art photography: nymphiu/anselm reyle and franz west: michael wolchover/franz westestateand

Documents
NEW RETAIL DEVELOPMENT - LoopNet · 2019-02-26 · Eastside, Bubba Annie's, Spinx, Hanz and Franz Biergarten, Sushi Masa DEMOGRAPHIC SNAPSHOT (2018) TRAFFIC COUNTS Population Avg

NEW RETAIL DEVELOPMENT - LoopNet · 2019-02-26 · Eastside, Bubba Annie's, Spinx, Hanz and Franz Biergarten, Sushi Masa DEMOGRAPHIC SNAPSHOT (2018) TRAFFIC COUNTS Population Avg

Documents
The Greatest Truth in the World - Compiled by Gilbert Hanz

The Greatest Truth in the World - Compiled by Gilbert Hanz

Documents
Franz Marc and spider

Franz Marc and spider

Technology
The Book of Hanz

The Book of Hanz

Documents
Captopril Hanz

Captopril Hanz

Documents
Franz Carlen Franz Gianini Anton Riniker

Franz Carlen Franz Gianini Anton Riniker

Documents
BSidesROC 2016 - Chaim Sanders - The Life and Times of Hanz Ostmaster

BSidesROC 2016 - Chaim Sanders - The Life and Times of Hanz Ostmaster

Technology
Franz And Freak Friends

Franz And Freak Friends

Documents
Trial of Lothar Eisentrager, Case No. 84, Law Reports of ...€¦ · Hanz Niemann, Ingward Rudloff, Bodo Habenicht, Hans Dethleffs, Wolf Schenke ... The accused Franz Siebert was

Trial of Lothar Eisentrager, Case No. 84, Law Reports of ...€¦ · Hanz Niemann, Ingward Rudloff, Bodo Habenicht, Hans Dethleffs, Wolf Schenke ... The accused Franz Siebert was

Documents