Introduction ,
Manual and examples ,
Resources and Documentation
Warning - Legal considerations ,
License ,
Author and contributions
Patches ,
Mirror ,
Discussion forum
Version Francaise
Introduction :
Cctt, "Covert Channel Tunneling Tool" is a tool presenting several exploitation techniques allowing the creation of arbitrary data transfer channels in the data streams (TCP, UDP, HTTP) authorized by a network access control system.
Cctt is one of the projects Alex and I are working on for the 'NACS : Network Access Control System' bypassing topic presented on http://www.gray-world.net.
Cctt is available under the GPL license. If you have any questions, ideas, suggestions or whatever, please don't hesitate to send an email to <scastro [ at ] entreelibre.com>.
I highly urge you to read the MAN page before any utilization.
Exploitation of data streams authorized by a network access control system for an arbitrary data transfer :
Authorizations of data transit between interconnected networks via one or several network access control systems are defined and implemented with respect to a security policy. An exemplary one regarding network access control bases itself on the following assumption: blocking all data streams that were not explicitly defined. In other words : "We block everything, and then we allow specific and precise access" !
The most frequent network access control schemes rely on the use, combined or not, of tools performing some sort of filtering at several layers of the OSI model (networking devices : layers 2 and 3, routers : layer 3, firewall : layers 3, 4 and sometimes 5). Other tools can be associated with these devices whose interactions with networking streams are located at the OSI model higher layers: mandatory servers (proxy), anti-virus, Intrusion Detection Systems, content filtering tools, Anomaly Detection Systems, etc.
Nevertheless, regardless of using these network access control schemes, it is possible at the present time, via several evasion methods, to use streams authorized by the security policy to transit arbitrary data whose traffic is not allowed thought of. These evasion means allow the opening of communication channels (covert channel, subliminal channels) giving access to external services from within the internal network or access to internal resources from the external network.
The corner stone of these evasion techniques relies on the lack of verification of the intrinsic value of transiting data. The different implementations of access control schemes depend upon a sort of "protocol abstraction" that makes that a data transfer relying on the several layers of the OSI model can only be used to carry data originating from underlying protocols.
Though it is possible to detect certain abnormal streams traversing a network access control system, one can take for granted that the use of certain communication channels is undetectable at the present time.
Read the detailed version (French) ...
Warning - Legal considerations :
I insist on the Cctt user (*) that in addition to the legal considerations specific to the GPL license by which Cctt is protected, the use (**) of Cctt is subjected to all laws of the country where it is distributed and/or used.
Cctt is first of all a testing tool implementing several aspects already found in the public domain. It is aimed at helping security officers / engineers in practically verifying the security of all the networks that they're LEGALLY in charge of.
Theses articles are specific to French readers but it would be better for you to know the legal considerations of your country. Cctt is not meant to be used to violate the 323-1 through 323-3 articles of the "Nouveau Code Penal" neither any article that is referring to - either it is already available or a law project to be.
(*) By user, I mean a Cctt user (an executable compiled from the sources that I furnish and only from these). I also mean by user any other person using the code I am furnishing or any other documentation, configuration or whatever file enclosed in the distribution I am furnishing would it be in the purpose of thinking, discussing or implementing all or part of the source code or executable.
(**) By use, I mean the Cctt use (an executable compiled from the sources that I furnish and only from these). I also mean by use any other use of the code I am furnishing or any other documentation, configuration or whatever file enclosed in the distribution I am furnishing would it be in the purpose of thinking, discussing or implementing all or part of the source code or executable.
Special note to all French readers : I cannot but recommend you to read carefully the articles 323-1 through 323-3 of the new Penal Code, or any article that is referring to - specially the law project for the trust in the digital economy ("projet de loi pour la confiance dans l'Economie numerique") presented in mid January 2003 by the "Ministre delegue a l'Industrie".
Manual and examples :
Manual (html) : English, French
Configuration files directives : server, client.
Examples :
I) Pass through an HTTP Proxy network scheme to access several external services.
II) Pass through a network scheme having UDP 'holes'.
III) Use HTTP Login/Password credentials on an external Website with Cctt.
IV) Use the Cctt client only to get the Proxy Chain functionnality.
V) Reverse proxy mode concept demonstration with Cctt.
VI) HTTP Mode : Creating confusion sending/receiving unnecessary HTTP messages.
VII) HTTP Mode : Creating confusion customizing how the server looks like.
VIII) HTTP Mode : Creating confusion adding padding to channel datas.
Resources and Documentation :
Cctt v0.1.7 : cctt-0.1.7.tar.gz , Documentation, ChangeLog.
Cctt v0.1.6 : cctt-0.1.6.tar.gz , Documentation, ChangeLog.
Cctt v0.1.5 : cctt-0.1.5.tar.gz , Documentation, ChangeLog.
Cctt v0.1.4 : cctt-0.1.4.tar.gz , Documentation, ChangeLog.
Cctt v0.1.3 : cctt-0.1.3.tar.gz , Documentation, ChangeLog.
Cctt v0.1.2 : cctt-0.1.2.tgz , Documentation, Changes.
Cctt v0.1.1 : cctt-0.1.1.tgz , Documentation, Changes.
Cctt v0.1.0 : cctt-0.1.0.tgz , Documentation.
Please note that by downloading an archive, you'll also be downloading the few presentation pages found on this site.
License :
GNU GPL
This website and its content is part of the online documentation of Cctt - Covert Channel Tunneling Tool v0.1.7 - Copyright (C) 2002,2003 Simon Castro.
Cctt is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Cctt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with Cctt; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Author and contributions :
Simon Castro - <scastro [ at ] entreelibre.com> Author and main developer.
Olivier Dembour - <odembour [ at ] entreelibre.com> Various contributions.
Hadi El-Khoury - <helkhoury [ at ] entreelibre.com> English translation.
Alex Dyatlov - <alex [ at ] gray-world.net> Russian translation and contributions.
Patches :
The patches (if any) for the current version are available on here.
Mirror :
A mirror of the current version is available on http://www.gray-world.net.
Discussion forum :
A discussion forum dedicated to Cctt is available on http://gray-world.net/board/viewforum.php?f=4.
Simon Castro Last updated on the 9th of June 2003
|