GithubHelp home page GithubHelp logo

cryptknock's Introduction

cryptknock

Encrypted Port Knocking Tool - Forked from sourceforge

This code is OLD. But might be useful for learning purposes with regards to libpcap, network programming, and openssl library functions.

-- Joe Walko

Description

Cryptknock is an encrypted port knocking tool. Unlike other port knockers which use TCP ports or other protocol information to signal the knock, an encrypted string is used as the knock. This makes it extremely difficult for an evesdropper to recover your knock (unlike other port knockers where tcpdump can be used to discover a port knock).

Encryption of the knock string is performed with RC4 using a secret key derived from a Diffie-Hellman key agreement. The entire process takes 3 UDP packets. Data is read using libpcap, so no UDP or TCP ports need to be in a listening state for the program to work. A simple diagram can be found here. A client cryptknock.c and a server cryptknockd.c are provided. More details can be found in the INFO.md. (original text here)

Usage

This program was designed to be lightweight and easy to use. By design, there are few options, and no messy configuration files.

The client is used as follows: Cryptknock Options:

-t      Target server IP address
-s      Source port of outgoing UDP packet
-d      Destination port of outgoing UDP packet

$ cryptknock -t [host] -s [source port] -d [dest port]

The program will then prompt you for a password, at which time you can supply either the "open ports" password (to open up all TCP ports for the client's IP only) or the "close all my ports" password, which will re-firewall all your TCP ports after you're done using the server.

The server is used as follows: Cryptknockd Options:

-i      Interface to watch for cryptknock clients
-s      Expected source port of incoming UDP packet
-d      Expected destination port of incoming UDP packet

$ sudo cryptknockd -i [iface] -s [source port] -d [dest port]

When the server starts, it firewalls all TCP ports using iptables. Remember, the client and server's source and destination UDP ports must agree. The open ports and close ports passwords can be set as #defines in the cryptknockd.c file. The daemon records successful and failed knocks via syslog.

Last update

Updated 6/18/04.

Download

The current version is cryptknock-1.0.2.tar.gz and hosted on sourceforge

You'll find a backup of the version on sourceforge in the src folder.

Notes

I'm not the original author of this work. It is Joe Walko - cryptknock.sourceforge.net. This is just a port on github I've done for later use.

License

I'ven't found any license in the code, so I hope That's ok to Joe Walko if I've ported his code here. Will ask him later.

cryptknock's People

Contributors

jiab77 avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

secretrabbitneo dimied ak2766

cryptknock's Issues

compile error: cryptknockd.c:470:17: error: storage size of ‘ctx’ isn’t known

since ssl lib API changed, the source code need be fixed

https://stackoverflow.com/questions/55992010/openssl-error-storage-size-of-ctx-isn-t-known

gcc cryptknockd.c -o cryptknockd -lssl -lcrypto -lpcap

In file included from /usr/include/inttypes.h:25:0,
from /usr/include/openssl/e_os2.h:243,
from /usr/include/openssl/dh.h:16,
from cryptknockd.c:30:
/usr/include/features.h:184:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp]

warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"

^~~~~~~
cryptknockd.c: In function ‘read_options’:
cryptknockd.c:422:7: warning: implicit declaration of function ‘getopt_long’; did you mean ‘getopt’? [-Wimplicit-function-declaration]
i = getopt_long(argc, argv, "i:s:d:", NULL, NULL);
^~~~~~~~~~~
getopt
cryptknockd.c: In function ‘decrypt_pass’:
cryptknockd.c:470:17: error: storage size of ‘ctx’ isn’t known
EVP_CIPHER_CTX ctx;
^~~
cryptknockd.c: In function ‘dh_receive_packet’:
cryptknockd.c:674:16: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’
BN_hex2bn(&(dh->g), g);

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.