이종의 프로토콜을 이용한 터널링 기법으로  icmp 패킷에 tcp 데이터를 숨긴 은닉 채널(Covert Channel)기법입니다.


○ ICMP 터널링이란?

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:


○ ICMP 터널링 툴

  윈도우용 실행파일

ptunnel.exe

  리눅스용 소스코드

PingTunnel-0.72.tar.gz

참고 사이트 : http://www.cs.uit.no/~daniels/PingTunnel/#download


○ 실행 및 컴파일 방법

 윈도우 환경에서 실행하기

ptunnel.exe를 실행하기 위해서는 winpcap이 설치되어 있어야 합니다. 

설치방법 등은 아래의 다운로드 사이트를 참고하여 주시기 바랍니다.

※ winpcap 다운로드https://www.winpcap.org/


 리눅스용 소스코드 컴파일 방법

리눅스용 소스코드를 다운로드 하여 /tmp에 저장합니다.


#tar -zxvf PingTunnel-0.72.tar.gz

#cd PingTunnel

#make SHARED=0 CC='gcc -static'


아래와 같이 pcap.h 오류가 발생하면 lib를 설치해 줍니다.

#apt-get update

#apt-get install libpcap-dev

Centos -> Yum install libpcap-devel


오류 메세지

ptunnel.h:70:21: fatal error: pcap.h: No such file or directory


○ 사용방법(Using ptunnel)

Client

./ptunnel -p <proxy address> -lp <listen port> -da <destination address> -dp <destination port> [-c <network device>] [-v <verbosity>] [-f <logfile>] [-u] [-x password]


Proxy

./ptunnel [-c <network device>] [-v <verbosity>] [-f <logfile>] [-u] [-x password]


The -p switch sets the address of the host on which the proxy is running. A quick test to see if the proxy will work is simply to try pinging this host - if you get replies, you should be able to make the tunnel work.


The -lp, -da and -dp switches set the local listening port, destination address and destination port. For instance, to tunnel ssh connections from the client machine via a proxy running on proxy.pingtunnel.com to the computer login.domain.com, the following command line would be used:


sudo ./ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22


An ssh connection to login.domain.com can now be established as follows:


ssh -p 8000 localhost


Posted by n3015m

BLOG main image
'네오이즘'의 보안LAB 블로그입니다........... n3oism@gmail.com by n3015m

카테고리

분류 전체보기 (226)
[ HappyDevTool ] (29)
[ HappyToolRelease ] (4)
[Book] (5)
[ Security Studies ] (0)
- CII (2)
- BigData (2)
- Web Hacking (10)
- SQL Injection (25)
- Mobile Security (8)
- Network (6)
- OperatingSystem (4)
- Malware & Reversing (4)
- Phishing (5)
- Compliance (0)
- Programming (13)
- Tools (13)
- IoT (6)
- etc (21)
[Pentration Testing] (3)
[OS X] (4)
[ Security Trends ] (16)
[ Fixing Guideline ] (7)
My Way, My Life (34)
About Me (2)
Total : 236,977
Today : 45 Yesterday : 59