Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 04-Sep-2007 18:52 -
![[ ]](/icons/unknown.gif)
CHANGELOG 29-Aug-2003 12:11 6k
LISEZMOI 02-Sep-2003 13:22 10k
![[ ]](/icons/compressed.gif)
cctt-0.1.6.tar.gz 15-May-2003 05:59 271k
cctt-0.1.7.tar.gz 13-Jun-2003 10:37 321k
cctt-0.1.8.tar.gz 02-Sep-2003 13:39 203k
![[DIR]](/icons/folder.gif)
examples/ 03-Sep-2003 14:49 -
win32_cctt/ 02-Sep-2003 14:56 -
CCTT - Covert Channel Tunneling Tool v0.1.8 - README
Copyright (C) 2002, 2003 Simon Castro - scastro@entreelibre.com
$Id: README,v 1.13 2003/09/02 11:22:38 simsim Exp $
================================================================================
This file is part of CCTT - Covert Channel Tunneling Tool v0.1.8 (C) Simon
Castro.
CCTT is free software; you can redistribute it and/or modify it under the terms
of the GNU General Public License as published by the Free Software Foundation;
either version 2 of the License, or (at your option) any later version.
CCTT is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
CCTT; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
Suite 330, Boston, MA 02111-1307 USA
================================================================================
================================================================================
GRAY-WORLD.NET / CCTT
=====================
The CCTT program is part of the Gray-World.net projects.
Our Gray-World Team presents on the http://gray-world.net website the projects
and publications we are working on which are related to the NACS (Network Access
Control System) bypassing research field and to the computer and network
security topics.
================================================================================
CCTT
====
CCTT may mean either "Covert Channel Tunneling Testing" or "Covert Channel
Testing Tool" and is a tool presenting several exploitation techniques allowing
the creation of unauthorized and arbitrary data transfer channels in the data
streams authorized by a network access control system.
CCTT is a "Covert Channel Tunneling Testing" tool because it enables data
streams encapsulation within OSI model high layers protocol and is a "Covert
Channel Testing" Tool because it enables the creation of unauthorized
communication channels through network access control system.
Most of the bypassing concepts I'm trying to add into CCTT since its early
development stage are presented in a paper the Gray-World team released in June
2003 and who is intituled "Exploitation of data streams authorized by a network
access control system for arbitrary data transfers : tunneling and covert
channels over the HTTP protocol".
A) CCTT INITIAL DESIGN
----------------------
I first wanted that the communication channels types include a way to :
* get an external server shell from within the internal network;
* give a shell from a box located within the internal network to an external
server;
* set TCP/UDP channels allowing TCP data streams (Ssh, Smtp, Pop, etc.)
between an external server and a box from within the internal network;
and I firstly designed CCTT so that :
* server would be able to manage multiple clients;
* server would be able to give shell access to clients;
* client would be able to give a reverse shell to server;
* server and client would be able to work in a "proxy" mode : CCTT client
accepts connections from applicative clients, tunnels them to the CCTT
server and CCTT server sends datas to applicative servers;
* server would be able to accept several "proxy" requests on the same OSI
model layer 4 port.
Example of "proxy" mode (Arrows show the connections directions) :
SSH Client --> CCTT Client -------> Internet --> CCTT Server --> SSH Server
<_______internal_network____A.C.S_> Internet <____x_external_networks_____>
B) CCTT POST ADD-ONS
--------------------
Reverse proxy mode (added in the v0.1.5) :
While looking on my favourite morning daily security mailing lists, I saw
a post asking for a specific functionality for a pen-test. The request was
something I thought about for a few time while working on CCTT and I thus
decided to add this functionality into CCTT.
Example of "reverse-proxy" mode :
2 3 1 1 4
SSH Client->CTT Client->Server CCTT<-Internet<-Reverse CCTT client->SSH Server
<______x_external_networks__________>Internet<_int._net._><_int._or_ext._net._>
HTTP based communication channels :
While working on our first paper with Alex, I decided to add some of the
covert and steganographic techniques we discussed about into CCTT. So were
added the first series of HTTP directives into the v0.1.7 CCTT version.
C) EXAMPLES
-----------
Well, have a look on the examples files in the documentation directory or
on the GW website.
D) WARNING
----------
1. Security
-----------
CCTT is a testing tool; I reccomand not to use it as a front-end before a
clean audit and as a testing tool, I reccomand you not to use production
login/passwords... Except if you use Ssh in proxy mode :)
All things considered, I tried to write 'clean' code... But it was
sometime difficult, and I was in a hurry to release something usable.
2. Legal considerations
-----------------------
I insist on the CCTT user (*) that in addition to the legal considerations
specific to the GPL license by which CCTT is protected, the use (**) of CCTT
is subjected to all laws of the country where it is distributed and/or used.
CCTT is first of all a testing tool implementing several aspects already
found in the public domain. It is aimed at helping security officers /
engineers in practically verifying the security of all the networks that
they're LEGALLY in charge of.
Theses articles are specific to French readers but it would be better for
you to know the legal considerations of your country. CCTT is not meant to
be used to violate the 323-1 through 323-3 articles of the "Nouveau Code
Penal" neither any article that is referring to - either it is already
available or a law project to be.
(*) By user, I mean a CCTT user (an executable compiled from the sources
that I furnish and only from these). I also mean by user any other person
using the code I am furnishing or any other documentation, configuration or
whatever file enclosed in the distribution I am furnishing would it be in
the purpose of thinking, discussing or implementing all or part of the
source code or executable.
(**) By use, I mean the CCTT use (an executable compiled from the sources
that I furnish and only from these). I also mean by use any other use of the
code I am furnishing or any other documentation, configuration or whatever
file enclosed in the distribution I am furnishing would it be in the purpose
of thinking, discussing or implementing all or part of the source code or
executable.
Special note to all French readers : I cannot but recommend you to read
carefully the articles 323-1 through 323-3 of the new Penal Code, or any
article that is referring to - specially the law project for the trust in
the digital economy ("projet de loi pour la confiance dans l'Economie
numerique") presented in mid January 2003 by the "Ministre delegue a
l'Industrie".
E) PLATFORMS ?
--------------
As much as possible :)
As for now, if you install the prerequisite libraries, CCTT was checked
against :
# Linux : Debian 2.2 and 3.0 stable, Mandrake 8.
# BSD : OpenBSD 3.0 and 3.2.
# Mac OS X : 10.2.
# Win32 : Builded under Cygwin (look at the README.win32 file).
F) LICENCE ?
------------
Of course... You should have seen it...
G) THANKS
---------
Modu : Because of the discussions about functionnalities, implementation, etc.
Hadi : He accepted to do the first english translation and to correct my
spelling mistakes :)
Alex : For all of our GW current and planned projects.
Have a look at the ChangeLog file for further informations concerning the
contributions.
================================================================================
CCTT RESOURCES
==============
A) Where is the last CCTT release ?
-----------------------------------
You can get the last CCTT release from http://gray-world.net or from the GW
mirror on http://www.entreelibre.com/gray-world.net/.
You can get the last Win32 CygWin builded release on http://gray-world.net/
projects/cctt/win32_cctt/ or on http://www.entreelibre.com/cctt/win32_cctt/.
B) Discussion forum
-------------------
You can post feature requests, bugs reports and discuss about Cctt on an
online forum which is located at :
http://gray-world.net/board/viewforum.php?f=4
C) Patches
----------
Current version patches (if any) are announced on the discussion forum and
available on :
http://www.entreelibre.com/cctt/patches/.
Simon Castro - scastro@entreelibre.com