Results 1 to 7 of 7
  1. #1
    Senior Member
    Join Date
    Apr 2003

    Talking Impossible Challenge?

    Alright, I've come across a little programming/networking challenge while helping a friend out recently, so I'll cut right to it.

    Develop a [hopefully simple] protocall/simple as possible program, in any self contained form to let two [basically default install] Windows 2k pro computers communicate over a network with the following restrictions (seems easy so far duh..):

    - Done in unpriveleged user mode.
    - No WinMessenger broadcasts, don't want every user on the network bothered with it.
    - leave the smalles possibility of the hosts getting picked up by a port scan when listening(possibly only listen for short times)
    - few as possible files to keep up with and no traces left behind.

    As you've probably figured, I'm trying to communicate secretly on a network. All I'm trying to come up with is a way to do it with as high a degree of secrecy as possible. As you also might have guessed, this is for use on a school network... well, that's what he wants anyways. I'm just trying to think of a way to do it, I probably won't give it to him. You know, make him figure it out himself or something. Plus, I'd then like to just play around with detecting that exchange anyways, just for fun.

    All I need is a concept, no source or anything, that's my problem if I ever actually feel like putting it together. I'll let you know if I think something up.

    Edit: Also, the data stream is not important, duh, I'll just pop on some encryption or whatever if I'm worried about that, the biggest problem is a constantly listening port if you get my idea here.

  2. #2
    Senior Member
    Join Date
    Nov 2001

    on both boxen:
    nc -vv -n <remote> 10062
    nc -p10062 -L

    although i show port 10062 theres no good reason for that. if you want to avoid port scans you can bind nc to the interface in front of an existing service

    that would be the basic set up anyway and there are many ways to imporove upon this.

    as an example

    echo start notepad commun.txt >commun.bat

    start nc -L -p10063 -ecommun.bat

    start nc -L -p10062 >>commun.txt

    put this bat file on 2 floppy disks, one for each mach, along with a copy of Netcat

    go to start>>run enter "a:\setup to start"

    to send a msg from a cmd prompt:
    cd a:
    nc <remote_mach> 100062 you'll get a blinking cursor
    type you msg and enter then press 'ctrl+c' to close nc
    enter nc <remote_mach> 100063
    your msg will be opened by notepad on the remote mach

    you could write a small program to automate this

    you could also include the -d option so neither instance of nc will not open cmd boxs
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Hide encrypted data in the payload portion of an ICMP packet.


    Quick google search returns:

    Looks like someone beat me to it.

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Both options are good. Piggybacking the data in an ICMP (ping) packet will prevent the listener from being picked up by a portscan. Not alot of people will pick up on a bit more icmp traffic. So it's a bit more covert.

    Netcat is probably easier to use. If you want some added protection against eavesdroppers you can always use cryptcat which is basicly netcat with the added option to encrypt the stream.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Take a peak at Loki, an app designed to hide data in ICMP packets.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Senior Member
    Join Date
    Apr 2003
    yeah, nc is certainly a good straight forward option. First I'm checking out ICMP stuff though, and remember, this is Win2k we're talking about, not linux (man wouldn't that be nice/simple)

    couldn't find mutch other than references as an exploit/backdoor took for loki, and I'm assuming it's *nix anyways. Right now I'm researching just putting data(maybe encrypted) in the data portion of a ICMP ping echo packet (ICMP message 0x8)



    Found some interesting stuff:


    Just change the char variable achReqData in ms_icmp.c and that changes the data sent(adjusting the respective length of course), it's usually just goofy stuff. Now I'm looking for something to listen for those sort's of things that can be run in unpriveledged user mode in win2k...

  7. #7
    Senior Member
    Join Date
    Apr 2003
    Sorry, wouldn't let me attach something to an edit...

    Just some screen captures of the data going across the network, notice the data segment of the ECHO and REPLY packets. It works quite nicely, just need to get something to listen for it... outside of the kernel of win2k, cause that's obviously no good

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts