maniacmartin

Thanks to Will who is now called Tom, we now have a dedicated server.

If the host bothers to format it to debian then expect cool stuff

ManiacMartin is moving to dedicated servers. I should be able to provide a wealth of cool new features for you, like reseller accounts, irc shells and servers, you own reverse DNS, SSL certificates, SSH, vnc, proxies and more.

I have chosen to have debian

I would like to thank Will Dalladay-Morgan for his help with arranging this

Unfortunately Microsoft’s ISA Server usually doesn’t work with the methods I have explored so far because:

1. ISA Server insists on Windows NTLM which httptunnel doesn’t support
2. ISA Server intercepts SSL connections which proxytunnel uses

I have a number of ideas that might work:

1. Edit httptunnel’s source to provide NTLM support getting login information from Windows through cygwin (Tip: Check proxytunnel’s source for the “-N” option)
2. Edit httptunnel’s source to provide NTLM support getting login information from the command line. It could then be called with a bat using %USERNAME% and other variables. (Tip: Check proxytunnel’s source for the “-N” option)
3. Add another http proxy which supports NTLM, then tunnel httptunnel through this.
4. Write a new httptunnel client which uses an IE object since IE already works in college

OPTION 3

Thanks to…

http://sourceforge.net/projects/ntlmaps/ is a client side proxy listening on port 5865 which will connect to an NTLM-authenticating proxy…

Its written in Python but with Python for Windows (www.python.org) and py2exe (http://py2exe.sourceforge.net/) which needs Python 2.4

http://fresh.t-systems-sfr.com/unix/src/privat2/ntlmaps-0.9.9.6.tar.gz:a/ntlmaps-0.9.9.6/packaging/setup.py

http://fresh.t-systems-sfr.com/unix/src/privat2/ntlmaps-0.9.9.6.tar.gz

I should be able to make a Windows EXE…..

this is 100% untested here goes nothing

tunnelclient-ntlm-02.zip

use the server from method 1

UPDATE:::: THIS METHOD WILL NOT WORK

however i have found and SUCCESSFULLY TESTED antoher method which DOES WORK and have SCREENSHOTS OF IT WORKING. Tutorial coming soon…

Maybe the previous post was a bit too longwinded to you. Or maybe you have a proxy that requires NTLM Authentication. Then try this alternative method

This will not work for proxies on Microsoft ISA Server if SSL interception is enabled

Set up you ubuntu server as in the previous post, except that httptunnel is not needed.
The hts –forward-port is not needed

In the router, forward port 80 and 443 to port 22 on your ubuntu PC.

Download the premade client method2.zip and change the settings. Try different settings until it works.

How it works

This time, proxytunnel will connect over an SSL connection directly to your SSH server, making an SSH Proxy server, which Putty can connect into.

Alternatively Putty should be able to do this by itself. Open Putty.exe, find the Proxy tab on the Left.

Try both HTTP Proxy and SOCKS Proxy with your colleges proxy settings.

Thanks to

http://proxytunnel.sourceforge.net/

Legal Stuff:

This will almost certainly violate rules at your workplace/college. Use at own risk.

Please note this will not work on Microsoft ISA Server Proxy as httptunnel doesn’t support NTLM Authentication
The Problems:

1. TCP Ports for your favourite programs (ssh, vnc, irc, ftp…) are blocked
2. Your favourite websites are blocked by a proxy
   (You could use a web proxy, but maybe its messing up logins to complex sites)
3. Non-http servers on port 80 are blocked by a proxy

Fear not! In the interests of free speech, and just in case you’re curious, I will explain how

The Plan:

First, we need to encapsulate (tunnel) TCP/IP connections to a port into HTTP requests. This can be done with programs that encode it into form POST requests. It won’t be speedy, but it will work

Now we have a port opened, we need encryption. Also it would be nice to have multiple ports. We can do this by running SSH through the tunnel. (And as a bonus you get password protection, server admin and file transfers)

The Testbed:

This setup was tested on my home LAN with an Ubuntu 6.10 Edgy server and a Windows XP Pro SP2 Client.

I hope to test this in a college environment soon.

How to set up the home server:

The server is the computer that is running at home. It has full internet access and will be the PC that you connect to, to circumvent the firewalls.

These instructions are for Ubuntu Edgy Eft 6.10

First, we need to install the server applications. This only has to be done once

sudo apt-get install openssh-server httptunnel privoxy

Open a terminal and check that the ssh server is running by:

ssh localhost

Type ‘yes’ to RSA Fignerprints.

You should be prompted for a password. Type it.

Check everything works then type exit to leave ssh.

If you have a router at home:

1. Log in (try http://192.168.0.1 or http://192.168.1.1 http://192.168.2.1)
   The default login details are usually User: admin Password: admin
2. Find the Port Forwarding/Virtual Servers section
3. Forward port 80 TCP to your LAN IP
   (You can find your LAN IP by typing ifconfig)

If you have a dynamic IP, consider getting a DynDNS or NO-IP address

(Instructions for DynDNS coming soon)

Starting the server Programs

This must be done every time the server is booted. Instructions for this to happen automatically on boot-up coming soon.

sudo hts --forward-port localhost:22 80
sudo /etc/init.d/privoxy start

Now incoming tunnelled data is sent to Privoxy HTTP Proxy in the SSH server

Setting up the college client files:

This should work on Windows 2000/XP
If your college allows it, I recommend using a USB stick to run this off. If not, find another way.

Extract this prepared zip into your USB Stick tunnel-client-01.zip

Edit settings.bat with Notepad
Using it in College:

Edit your IE Settings under Tools > Options to match the settings below (click to enlarge)

In the unlikely event that your college uses Firefox, heres what to do. (Click to enlarge)

Alternatively, you could have download Firefox Portable and extract it onto your USB stick. Then you could always have a preconfigured version of Firefox to hand.
Plug in USB Stick

Run _Step1.bat to start the HTTP tunnel to the home server
Run _Step2.bat to start SSH through this tunnel. VNC and HTTP Proxy ports will be forwarded.

To VNC into your server, go in the TightVNC folder and open vncviewer.
Connect to localhost:1

To let the server VNC into you, go in the TightVNC folder and open allow-incoming-vnc.reg then open winvnc. It’ll appear in the system tray

Can’t run .reg files? do this instead

1. Open WinVNC
2. Double click its icon in system tray
3. [Advanced..] Button
4. [tick] Allow loopback connections

The server cannow vnc you by connecting to :1 or localhost:1
Miranda Portable can be used for IM. Instructions coming soon

Anything that works in HTTP Tunnels should work.

Also, since SSH is encrypted, your website will be transfered as garbage and thus websites with blocked keywords should also get through.

The only thing that is logged are conenctions to your home server (byut not whats in them)
Also, any port can be forwarded in Settings.bat
DNS *should* also be tunnelled, so websites with blocked URLS shoudl get through

Prolems:

First, it’ll be amazingly slow
Second, your home PC needs to be on!!!

More to come later (maybe a Windows Server Version, Full SOCKS Support, Privoxy Configuration)!
Bibliography:

http://sebsauvage.net/punching/
http://www.neophob.com/serendipity/index.php?/archives/85-GNU-HTTPtunnel-v3.3-Windows-Binaries.html
http://www.nocrew.org/software/httptunnel/faq.html
http://thinkhole.org/wp/2006/05/10/howto-secure-firefox-and-im-with-putty/
http://www.privoxy.org/
http://aptgetanarchy.org/tor

Well I’ve had the new “upgraded” Demon internet a while now

From 512/256k to 2.5m/440k u’d think its faster.

Well yes and no. True, at 2am downloading a big iso IS faster. But in the day browsing the web you can certianly feel that the contention is higher, and now I don’t have an onsite DNS cache I can feel the chug of every dns lookup taking way too long

Update:

I’m now using Tiscali and Plusnet DNS servers and it’s much better

About a week ago I bought a cheap £18 Linksys ADSL2+ ethernet modem (code ADSL2MUE).

I connected this to one of my belkin cable routers and everything was going just fine but a bit slow. Then I decided I needed a port forwarding to my PC.

I forwarded it in the Belkin to no avail so I thoguht I’d check on this Linksys ADSL “modem”. Turns out its actually a 1 port adsl router with full NAT support (can be disabled to make a pure modem but my belkin cable router can’t make PPPoA connections)

But the thing about this Linksys modem/router thingy is it has no features like port forwarding. Indeed it’s admin screen makes out its a modem.

A quick visit to ftp.linksys.com reveals a compataible linksys ADSL router firmware. Hmmm… isnt the router hardware just the same with a 4 port switch bolted on?
A quick firmware flash and I now have a fully working ADSL2+ router (with NTP server and really smart port forwarding) for £18 inc vat.

(OK there is a problem - its DHCP server doesn’t give out the ISPs DNS server detials but it never managed to get the DNS from the ISP before I tweaked it and this can easily be configured on the PCs manually)
Once again, a quality hackable Linksys product

click to enlarge

Use at own risk - new firmware

It’s been a while since I last posted and since I know no-one reads this I thought I’d update it. Anynow, on to the unrelated items of news:
I’m back home, my bedroom is currently at 12 degrees C (9 degrees outside). Brrrr the heating is useless and expensive in this house. Mum’s traded cleaning the bathroom with 2 weeks of car insurance (16-29th December). Hence I smell of bleach-like products.
Mystery visitor is over this weekend for “linux formatting” I’m so excited. And thanks to Ed who seems to prefer payment in pizzas, meh.

Parents are having a dinner party on Friday night so we have to be quiet.

Jomac wants to give me some laptop parts on Sunday at Hemswell so it looks like a little bike ride for us because if he delivers them parents will ask too many questions. Well we’ll see what mystery visitor has to say about that.

My sister has grown more and can form sentences now. Yey.

That’s all folks