Jonas Pflanzer d4bab1905c Daemon installation notes improved | 4 rokov pred | |
---|---|---|
.. | ||
include | 4 rokov pred | |
src | 4 rokov pred | |
test | 4 rokov pred | |
Adding-a-Covert-Channel-Mode.md | 4 rokov pred | |
CMakeLists.txt | 4 rokov pred | |
CovertProtocol.md | 4 rokov pred | |
README.md | 4 rokov pred | |
ccats.service | 4 rokov pred | |
createsslfiles.sh | 4 rokov pred |
mkdir build
cd build
cmake ..
make
To build tests just set the ENABLE_TESTS
variable to true and rebuild the program.
mkdir build
cd build
cmake .. -DENABLE_TESTS=true
make
You must create a config.txt before running the server.
bin/ccats
make test
You can adjust the installation directory as you like but don't forget to adjust the ExecStart
option in the service file. The location of the configuration file is the first parameter for the daemon so you can change it as well.
Don't forget to create the files folder!!!
After building the program copy executable:
sudo cp bin/ccats /usr/bin
Copy service file:
sudo cp ccats.service /etc/systemd/system/
Enable and start service with:
sudo systemctl enable ccats.service
and start it
sudo systemctl start ccats.service
The daemon is configurable by config.txt. You can use another config name using the config name as first parameter when launching the server. The config file must be in the same directory from where you run the binary. If the file does not exist, the server will exit immediately.
port
: The port where the server listens for clients. Must be a valid port
userdatabase
: The file where userdata is stored in format: user;password
deleteAllowed
: Says if a client is allowed to delete files from its file directory
filedirectory
: The directory where files from the clients will be stored and read from
SSLenabled
: When set to true, the server will only use and accept SSL connections from clients. Set to false to disable this
SSLcertificate
: The certificate file to use for SSL connections
SSLprivatekey
: The private key file to use for SSL connections
SSLdhparams
: The diffie-hellman file to use for SSL connections
To use SSL, certificates, keys and diffie-hellman parameters are required. To generate these, a convenience script createsslfiles.sh
is provided.
The names of the output files are controlled with variables at the top of the script, modify these if desired.
Assuming default names, place the user.crt
, user.key
and dh2048.pem
files somewhere convenient and configure the server accordingly.
Place the rootca.crt
certificate in the directory you intend to run the client from.
If you get an error about SSL related files not being found despite them existing, shorten the names of the files. If you cannot connect and the server prints a error related to TLSv1, ensure your version of boost and OpenSSL are up to date.
There are several covert channel modes which will transmit data in other ways. If you do not set this to any of the values below, the server will not have covert channel sending and recieving capabilities, but still answer to requests from clients. In this case, no superuser permissions will be required, as no network interfaces are touched directly.
forward
: no data transmission
tcpurgency
: uses the TCP urgency pointer
tcpoptiontimestamp
: uses the TCP option Timestamp to transmit data. WARNING: most OSs use the timestamp so you should not use this option unless you are sure that the communication does not depend on it.
tcpappend
: appends the data to the payload of a TCP packet
tcpoptioncustom
: writes data in a custom option field
covertChannelMode
: Sets the covert channel mode. To deactivate don't set it or set it to none or false.
innerInterface
: The interface of your inner network
outerInterface
: The interface of your outer network
forward
No further config is needed. Forward should work out of the box.
tcpurgency
, tcpoptiontimestamp
, tcpappend
, tcpoptioncustom
targetIP
: IP of the target server
targetPort
: Port of the target server
passiveMode
: true - server only reacts to incoming channel | false - server initiates channel
covertChannelMode=tcpurgency
deleteAllowed=false
filedirectory=./files/
innerInterface=eth0
outerInterface=eth1
passiveMode=false
port=1234
SSLcertificate=user.crt
SSLdhparams=dh2048.pem
SSLenabled=true
SSLprivatekey=user.key
targetIP=1.2.3.4
targetPort=443
userdatabase=userStorage.txt