Tempat Hacking dan Cracking

DEFEATING TOR traffic redirection in local network

DEFEATING TOR traffic redirection in local network

Hiya Folks,

The use of TOR indeed has recently gathered momentum,much to the chagrin of network administrators who meticulously implemented measures to circumvent acess to publicly available content that doesn't comply with their policies. Today I will change sides to suggest some remedial measures for system administrators which can empower them to still view the traffic that goes through TOR network.

Oh, But before I delve into it- It worth trying yourself using the sequence of steps briefly outline before I put a video tomorrow apropos this .. So, here we go 

You have a username :******* and an interesting password say 4$$h0l3 on a system whose IP address is say
1. Download PStools (http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx)
//using it you will install xyNTservice on remote computer 

2. Download xyNTservice.exe (http://www.codeproject.com/kb/system/xyntservice.aspx)
//It can be made to start before you log-on to the computer :)

3. modify xyNTservice.ini

ServiceName = XYNTService 
CheckProcessSeconds = 30 
CommandLine = c:\winnt\system32\alg.exe:process
WorkingDir= c:\ 
PauseStart= 1000 
PauseEnd= 1000 
UserInterface = Yes 
Restart = Yes 
CommandLine = 
Restart = No
UserName = 
Domain =
Password =

4. The VB 2005 application function (c:\winnt\system32\alg.exe:process) that can be ADS to alg.exe and spawns a background process has a following code

'Global declarations

Private oProc As System.Diagnostics.Process

'Run process code

Dim sShellCommand As String = "C:\Program Files\Wireshark\TShark.exe"
Dim sArgumentString As String = "-i "& iInterfaceID & " -w """& sOutputFile & """ & -a duration:"& lDuration & " -a files:"& lNumFiles & " -a:filesize:"& lFileSize
Dim oProcInfo As New System.Diagnostics.ProcessStartInfo(sShellCommand)
With oProcInfo
.UseShellExecute = False

'I tried changing this to true and passing a CTRL+C 
'through a Streamwriter - but I couldn't get it to work
.RedirectStandardInput = False

.CreateNoWindow = True
.WindowStyle = ProcessWindowStyle.Hidden
.Arguments = sArgumentString
End With

oProc = System.Diagnostics.Process.Start(oProcInfo)

'This code basically stops here until the process raises an Exited event which either happens after the specified amount of time has elapsed
'and TShark has finished doing its thing, or when the process is stopped (interrupted) by the user.

'End code block

Now - this process spawns perfectly and does everything it needs to do. If you know anything about Wireshark - the TShark process will basically run for a specified amount of time [lDuration] and then close the file it's writing. This all works perfectly.

Another routine that allows the user to kill the process early that contains the following code:

'Interrupt process code

oProc.Close() 'Need to replace this line with a means of sending CTRL+C to oProc
If Not oProc.HasExited Then
End If

'End code block

[Remember the data is being captured from the place it originates now [which TOR cant alter] that too in background and being sent to you computer in a file.


== Check Yourself , It works smooth as silk - A boon for network administrators- Im trying to alter the video so that I do not get sued or COC-ed at my workplace ==

share this article to: Facebook Twitter Google+ Linkedin Technorati Digg
Posted by Mubasir Alamsah, Published at 12:03 and have 0 komentar

No comments:

Post a Comment

Blog ini merupakan Blog Dofollow, karena beberapa alasan tertentu, sobat bisa mencari backlink di blog ini dengan syarat :
1. Tidak mengandung SARA
2. Komentar SPAM dan JUNK akan dihapus
3. Tidak diperbolehkan menyertakan link aktif
4. Berkomentar dengan format (Name/URL)