ptunnle Ping tunnel ICMP隧道工具 - 通过ICMP echo(ping requests)和reply(ping reply)实现隧道 - 适用于防火墙只允许ping出站流量的环境 - 支持多并发连接、性能优 - 支持身份验证 - 需要root权限 - 支持抓包 Win : winpcap Linux : libpcap - 工作过程 Proxy、Client、Destination |
ptunnle 服务器 - ptunnel -x 1234 客户端 - sudo ptunnel -p proxy -lp 2222 -da destination -dp 22 -x 1234 嵌套SSH隧道 - ssh -CNfg -D 7000 [email protected] -p 2222 ptunnel直到目前的最新版仍存在拒绝服务漏洞 - 0.72 |
root@K:~# ptunnel
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Forwarding incoming ping packtes over TCP.
[inf]: Ping proxy is listening in privileged mode.
^C
root@K:~# ptunnel -x 12345 //隧道密码
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Forwarding incoming ping packtes over TCP.
[inf]: Ping proxy is listening in privileged mode.
Description: LAN -> WAN PING
yuanfh@Bodhi:~$ sudo apt-get install ptunnel
yuanfh@Bodhi:~$ sudo ptunnel -h
ptunnel v 0.72
Usage: ./ptunnel -p
./ptunnel [-m max_threads] [-v verbosity] [-c
-p: Set address of peer running packet forwarder. This causes
ptunnel to operate in forwarding maode - the absence of this
option causes ptunnel to operate in proxy mode.
-lp: Set TCP listening port (only used when operating in forward mode)
-da: Set remote proxy destination address if client
Restrict to only this destination address if server
-dp: Set remote proxy destionation port if client
Restrict to only this destination port if server
-m: Set maximum number of concurrent tunnels
-v: Verbosity level (-1 to 4, where -1 is no output, and 4 is all output)
-f: Specify a file to log to, rather than printing to standard out.
-s: Client only. Enable continuous output of statistics (packet loss, etc.)
-daemon: Run is background, the PID will be written in the file supplied as argument
-syslog: Output debug to syslog instead of standard out.
-udp: Toggle use of UDP instead of ICMP. Proxy will listen on port 53 (must be ro
Security Features: [-x password] [-u] [-setuid user] [-setgid group] [-chroot dir]
-x: Set password (must be same on client and proxy)
-u: Run proxy in unprivileged mode. This causes the proxy to forward
packets using standard echo reqests, instead of crafting custom echo repli
Unprivileged mode will only work on some systems, and is in greneral less reliable
then running in privileged mode.
Please consider combining the following three options instead:
-setuid: When started in privileged mode, drop down to user's rights as soon as possible
-setgid: When started in privileged mode, drop down to group's rights as sonn as posible
-chroot: When started in pricileged mode, restrict file access to the specified directory
-setcon: Set SELinux context when all there is left to do are network I/O operations
To combine with -chroot you will have mount --bind /proc /chrootdir/proc
Starting the proxy (needs to run as root):
[root #] prunnel
Starting a client (also needs root):
[root #] ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22 -c eth0
And then using the tunnel to ssh to login.domain.com:
[user $] ssh -p 8000 localhost
And that's it. Enjoy your tunnel!
yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.1 -dp 80 -x 12345
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.
yuanfh@Bodhi:~$ netstat -pantu | grep 8000
(Not all processes could be identified,non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:0000 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:59852 127.0.0.1:8000 TIME_WAIT -
tcp 0 0 127.0.0.1:0000 127.0.0.1:59852 ESTABLISHED -
tcp 0 0 127.0.0.1:59852 127.0.0.1:8000 ESTABLISHED 2046/midor
yuanfh@Bodhi:~$ socat - tcp:127.0.0.1:8000
Http/1.1 200 OK
Content-Type: text/html;charset=gb2312
Cahe-Control: no-cache
Connection: close
408 Request Timeout
yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.1 -dp 80 -x 12345
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.
打开浏览器
http://127.0.0.1:8000
root@K:~# vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
root@K:~# service ssh start
yuanfh@Bodhi:~$ sudo ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 22 -x 12345
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.
yuanfh@Bodhi:~$ ssh -CfNg -D 7000 [email protected] -p 2222
root@K:~# ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 80
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.
[inf]: Incoming connection.
[evt]: No running proxy thread - starting it.
[inf]: Ping proxy is listening in privileged mode.
[inf]: Received session close from remote peer.
[inf]:
Session statistics:
[inf]: I/O: 0.01 mb ICMP I/O/R: 12/ 2/ 0 Loss: 0.0%
[inf]:
root@K:~# vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
root@K:~# service ssh start
root@K:~# ptunnel -p 192.168.1.110 -lp 2222 -da 192.168.1.110 -dp 22
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.
root@K:~# ssh -CfNg -D 7000 [email protected] -p 2222
The authenticity of host '[127.0.0.1]:53 ([127.0.0.1):2222)' can't be establishded
ECDSA key fingerprint is SHA256:nk6ziDahJTUBCTohlvpGM6MZlNjLBvlHgmT62xL+zQ0
Are you sure you want to continue connectiong (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
[email protected]'s password:
root@K:~# netstat -pantu | grep 7000
tcp 0 0 127.0.0.1:7000 0.0.0.0:* LISTEN 2780/ssh
tcp6 0 0 :::7000 :::* LISTEN 2780/ssh
代理设置
socks:1.1.1.11 7000
root@K:~# ptunnel -x 1234 -p 192.168.1.110 -lp 2233 -da 192.168.1.110 -dp 22
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.
root@K:~# ssh -CfNg -D 7001 [email protected] -p 2233
The authenticity of host '[127.0.0.1]:53 ([127.0.0.1):2222)' can't be establishded
ECDSA key fingerprint is SHA256:nk6ziDahJTUBCTohlvpGM6MZlNjLBvlHgmT62xL+zQ0
Are you sure you want to continue connectiong (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
[email protected]'s password:
root@K:~# ptunnel -p 192.168.1.110 -lp 8000 -da 192.168.1.110 -dp 80 -x 1234
[inf]: Starting ptunnel v 0.72
[inf]: (c) 2004-2011 Daniel Stoedle,
[inf]: Security features by Sebastien Raveau,
[inf]: Relaying packets from incoming TCP streams.