Home page logo

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] New tool fwd'd from Focus-MS
From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Tue, 26 Sep 2000 10:18:57 -0700

From: George Milliken <gmilliken () farm9 com>
Reply-To: gmilliken () farm9 com
Organization: farm9.com, Inc.
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
Subject: twofish encrypting version of netcat released by farm9
References: <99A9A0F1B0C3D3118FF800508B6A834335FF () ws-206-215-62-200 advancedmobile com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

We modified the very very useful tool called 'netcat' written by the
L0pht and to provide encryption.

We implemented twofish in both the Windows and linux versions of netcat.

We call it cryptcat.

What is cryptcat good for you ask?  Well basically it lets you open an
encrypted pipe, on any port, between two machines.  Useful for
transferring log files between machine sin a safe manner.  cryptcat is
easy to use in shell scripts.

It's kinda a poor mans VPN.  Not really safe for critical data, but it
sure makes sniffing the netcat sessions harder :-)

It is very small and light.

Source code is included.

Here's some more info:

Also see our web site! http://www.farm9.com

cryptcat = netcat + encryption

Cryptcat is the standard netcat enhanced with twofish encryption.

Twofish is courtesy of counterpane, and cryptix. We started with the
Java version of twofish from cryptix, converted it to C++ (don't ask
why), and enhanced it by adding CBC mode and the ciphertext stealing
technique from Applied Cryptography (pg. 196)

How do you use it?
Machine A: cryptcat -l -p 1234 < testfile
Machine B: cryptcat <machine A IP> 1234
This is identical to the normal netcat options for doing exactly the
same thing. However, in this case the data transferred is encrypted.

Want the source?
Windows version -- adapted from the Hobbit original by Weld Pond, very
tricky! (and I thought adding twofish was tricky)

Linux version -- why I like Linux... only had to change two lines of
code to add encryption.

Is it Really Secure?
Not if you know the secret key, which is hardcoded to be "metallica"


  By Date           By Thread  

Current thread:
  • [PEN-TEST] New tool fwd'd from Focus-MS Alfred Huger (Sep 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]