readme

Cctt, "Covert Channel Tunneling Tool" - 顾名思义

CCTT - Covert Channel Tunneling Tool v0.1.8 - README
Copyright (C) 2002, 2003 Simon Castro - scastro@entreelibre.com
$Id: README,v 1.13 2003/09/02 11:22:38 simsim Exp $

================================================================================
This file is part of CCTT - Covert  Channel  Tunneling  Tool  v0.1.8  (C)  Simon
Castro.
CCTT is free software; you can redistribute it and/or modify it under the  terms
of the GNU General Public License as published by the Free Software  Foundation;
either version 2 of the License, or (at your option) any later version.
CCTT is distributed in the  hope  that  it  will  be  useful,  but  WITHOUT  ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS  FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General  Public  License  along  with
CCTT; if not, write to the Free Software  Foundation,  Inc.,  59  Temple  Place,
Suite 330, Boston, MA  02111-1307  USA
================================================================================

================================================================================

GRAY-WORLD.NET / CCTT
=====================

  The CCTT program is part of the Gray-World.net projects.

  Our Gray-World Team presents on the http://gray-world.net website the projects
and publications we are working on which are related to the NACS (Network Access
Control System) bypassing  research  field  and  to  the  computer  and  network
security topics.

================================================================================

CCTT
====

  CCTT may mean either "Covert Channel Tunneling  Testing"  or  "Covert  Channel
Testing Tool" and is a tool presenting several exploitation techniques  allowing
the creation of unauthorized and arbitrary data transfer channels  in  the  data
streams authorized by a network access control system.

  CCTT is a "Covert Channel Tunneling Testing"  tool  because  it  enables  data
streams encapsulation within OSI model high layers protocol  and  is  a  "Covert
Channel  Testing"  Tool   because  it  enables   the  creation  of  unauthorized
communication channels through network access control system.

  Most of the bypassing concepts I'm trying to add into  CCTT  since  its  early
development stage are presented in a paper the Gray-World team released in  June
2003 and who is intituled "Exploitation of data streams authorized by a  network
access control system for  arbitrary  data  transfers  :  tunneling  and  covert
channels over the HTTP protocol".

  A) CCTT INITIAL DESIGN
  ----------------------

  I first wanted that the communication channels types include a way to :

    * get an external server shell from within the internal network;
    * give a shell from a box located within the internal network to an external
      server;
    * set TCP/UDP channels allowing TCP data  streams  (Ssh,  Smtp,  Pop,  etc.)
      between an external server and a box from within the internal network;

  and I firstly designed CCTT so that :

    * server would be able to manage multiple clients;
    * server would be able to give shell access to clients;
    * client would be able to give a reverse shell to server;
    * server and client would be able to work in a "proxy" mode  :  CCTT  client
      accepts connections from applicative clients, tunnels  them  to  the  CCTT
      server and CCTT server sends datas to applicative servers;
    * server would be able to accept several "proxy" requests on  the  same  OSI
      model layer 4 port.

    Example of "proxy" mode (Arrows show the connections directions) :

           SSH Client --> CCTT Client -------> Internet --> CCTT Server --> SSH Server
	   <_______internal_network____A.C.S_> Internet <____x_external_networks_____>

  B) CCTT POST ADD-ONS
  --------------------

  Reverse proxy mode (added in the v0.1.5) :

    While looking on my favourite morning daily security  mailing  lists, I  saw
  a post asking for a specific functionality for a  pen-test.  The  request  was
  something I thought about for a few time while working  on  CCTT  and  I  thus
  decided to add this functionality into CCTT.

    Example of "reverse-proxy" mode :

          2           3             1         1                   4 
SSH Client->CTT Client->Server CCTT<-Internet<-Reverse CCTT client->SSH Server
<______x_external_networks__________>Internet<_int._net._><_int._or_ext._net._>

  HTTP based communication channels :

    While working on our first paper with Alex, I decided to  add  some  of  the
  covert and steganographic techniques we discussed about  into  CCTT.  So  were
  added the first series of HTTP directives into the v0.1.7 CCTT version.
    
  C) EXAMPLES
  -----------

    Well, have a look on the examples files in the  documentation  directory  or
  on the GW website.

  D) WARNING
  ----------

    1. Security
    -----------

      CCTT is a testing tool; I reccomand not to use it as a front-end before  a
    clean audit and as a testing tool, I reccomand you  not  to  use  production
    login/passwords... Except if you use Ssh in proxy mode :)
      
      All things considered, I  tried  to  write  'clean'  code...  But  it  was
    sometime difficult, and I was in a hurry to release something usable.

    2. Legal considerations
    -----------------------

      I insist on the CCTT user (*) that in addition to the legal considerations
    specific to the GPL license by which CCTT is protected, the use (**) of CCTT
    is subjected to all laws of the country where it is distributed and/or used.

      CCTT is first of all a testing tool implementing several  aspects  already
    found in the public domain. It is  aimed  at  helping  security  officers  /
    engineers in practically verifying the security  of  all  the  networks that
    they're LEGALLY in charge of.

      Theses articles are specific to French readers but it would be better  for
    you to know the legal considerations of your country. CCTT is not  meant  to
    be used to violate the 323-1 through 323-3 articles  of  the  "Nouveau  Code
    Penal" neither any article that is referring  to  -  either  it  is  already
    available or a law project to be.

      (*) By user, I mean a CCTT user (an executable compiled from  the  sources
    that I furnish and only from these). I also mean by user  any  other  person
    using the code I am furnishing or any other documentation, configuration  or
    whatever file enclosed in the distribution I am furnishing would  it  be  in
    the purpose of thinking, discussing or  implementing  all  or  part  of  the
    source code or executable.

      (**) By use, I mean the CCTT use (an executable compiled from the  sources
    that I furnish and only from these). I also mean by use any other use of the
    code I am furnishing or any other documentation, configuration  or  whatever
    file enclosed in the distribution I am furnishing would it be in the purpose
    of thinking, discussing or implementing all or part of the  source  code  or
    executable.

      Special note to all French readers : I cannot but recommend  you  to  read
    carefully the articles 323-1 through 323-3 of the new  Penal  Code,  or  any
    article that is referring to - specially the law project for  the  trust  in
    the digital economy ("projet  de  loi  pour  la  confiance  dans  l'Economie
    numerique") presented in  mid  January  2003  by  the  "Ministre  delegue  a
    l'Industrie".

  E) PLATFORMS ?
  --------------

      As much as possible :)

      As for now, if you install the prerequisite libraries,  CCTT  was  checked
    against :
         # Linux : Debian 2.2 and 3.0 stable, Mandrake 8.
         # BSD : OpenBSD 3.0 and 3.2.
	 # Mac OS X : 10.2.
         # Win32 : Builded under Cygwin (look at the README.win32 file).

  F) LICENCE ?
  ------------

    Of course... You should have seen it...

  G) THANKS
  ---------

  Modu : Because of the discussions about functionnalities, implementation, etc.
  Hadi : He accepted to do the first english  translation  and  to  correct  my
         spelling mistakes :)
  Alex : For all of our GW current and planned projects.

  Have a look at the ChangeLog file  for  further  informations  concerning  the
contributions.

================================================================================

CCTT RESOURCES
==============

  A) Where is the last CCTT release ?
  -----------------------------------

    You can get the last CCTT release from http://gray-world.net or from the  GW
  mirror on http://www.entreelibre.com/gray-world.net/.

    You can get the last Win32 CygWin builded release on  http://gray-world.net/
  projects/cctt/win32_cctt/ or on http://www.entreelibre.com/cctt/win32_cctt/.

  B) Discussion forum
  -------------------

    You can post feature requests, bugs reports and discuss  about  Cctt  on  an
  online forum which is located at :

    http://gray-world.net/board/viewforum.php?f=4

  C) Patches
  ----------

    Current version patches (if any) are announced on the discussion forum and
  available on :

    http://www.entreelibre.com/cctt/patches/.

Simon Castro - scastro@entreelibre.com