Penetration Testing mailing list archives
[PEN-TEST] New tool fwd'd from Focus-MS
From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Tue, 26 Sep 2000 10:18:57 -0700
From: George Milliken <gmilliken () farm9 com> Reply-To: gmilliken () farm9 com Organization: farm9.com, Inc. X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 Subject: twofish encrypting version of netcat released by farm9 References: <99A9A0F1B0C3D3118FF800508B6A834335FF () ws-206-215-62-200 advancedmobile com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit We modified the very very useful tool called 'netcat' written by the L0pht and to provide encryption. We implemented twofish in both the Windows and linux versions of netcat. We call it cryptcat. What is cryptcat good for you ask? Well basically it lets you open an encrypted pipe, on any port, between two machines. Useful for transferring log files between machine sin a safe manner. cryptcat is easy to use in shell scripts. It's kinda a poor mans VPN. Not really safe for critical data, but it sure makes sniffing the netcat sessions harder :-) It is very small and light. Source code is included. Here's some more info: Also see our web site! http://www.farm9.com ==================================================================== cryptcat = netcat + encryption Cryptcat is the standard netcat enhanced with twofish encryption. Twofish is courtesy of counterpane, and cryptix. We started with the Java version of twofish from cryptix, converted it to C++ (don't ask why), and enhanced it by adding CBC mode and the ciphertext stealing technique from Applied Cryptography (pg. 196) How do you use it? Machine A: cryptcat -l -p 1234 < testfile Machine B: cryptcat <machine A IP> 1234 This is identical to the normal netcat options for doing exactly the same thing. However, in this case the data transferred is encrypted. Want the source? Windows version -- adapted from the Hobbit original by Weld Pond, very tricky! (and I thought adding twofish was tricky) Linux version -- why I like Linux... only had to change two lines of code to add encryption. Is it Really Secure? Not if you know the secret key, which is hardcoded to be "metallica" ====================================================================
Current thread:
- [PEN-TEST] New tool fwd'd from Focus-MS Alfred Huger (Sep 27)