Building Ncat Portable for Windows

Background

I used to use telnet for testing if the firewall working properly in the office. Telnet is good for simple test, but when comes to testing a large number of destination IP and ports it will be very time consuming. After searching on the Internet I found Netcat, a tool for testing connection. It is build-in in most Linux OS but not on Windows. So I found Ncat here as part of the Nmap for Windows by nmap.org, but too bad that it won’t execute on some Windows as it requires Microsoft Visual C++ Redistributable Package installed.

A Ncat portable is an alternative, but the website only provided a beta version of Ncat 5.59BETA1, and require you to compile your own if you would like a newer version.

They did provide a documentation on how to compile Ncat with static linking library, but if you follow the steps you will encounter a few problems which you have to troubleshoot yourselves.

So here is my steps on compiling Ncat portable after I had gone through all the trouble.If you are someone who can edit the documentation on secwiki.org, please do that for me as I don’t want to get an extra account for just editing the document :)

If you want to avoid the trouble to compile, you can download the Ncat which I compiled here, however use it at your own risk as I might have inject some malware inside :)

Building Ncat Portable for Windows

Environment

The following steps has been tested using the following environment:

Steps

  1. First, follow all steps on the original documentation at https://secwiki.org/w/Nmap/Ncat_Portable till you copied the resulted static libs and include files from “C:\OpenSSL” to the “mswin32\OpenSSL” directory in the Nmap source tree in step 5. Below is a screenshot of the original documentation in case it is edited at the time you read this article.
    Building Ncat Portable
  2. Assuming that everything went fine till now, you’re about 7 steps away from building Ncat portable.
    1. Open Nmap solution in Visual Studio from mswin32\nmap.sln and switch the build configuration to “Ncat Static” like so:
      1. Right click on Solution “nmap” in the Solution Explorer sidebar and choose “Configuration Manager“.
      2. Switch the active solution configuration to “Ncat Static“. Check the “Build” check box for project “liblua“. Make sure that the nsock, nbase and ncat projects have switched to the “Static” configuration also. Then close the “Configuration Manager”.
      3. Right click on the ncat project and select “Set as StartUp Project“.
    2. Right click on the “nsock” project in Visual Studio and click “Properties“. In “Configuration Properties” > “General” > “C/C++” > “General“, in “Additional Include Directories“, add path “..\mswin32\OpenSSL\include
    3. Right click on the “ncat” project in Visual Studio and click “Properties“. In “Configuration Properties” > “General” > “C/C++” > “General“, in “Additional Include Directories“, add path “..\mswin32\OpenSSL\include” and “..\liblua
    4. Right click on the “ncat” project in Visual Studio and click “Properties“. In “Configuration Properties” > “General” > “Linker” > “General“, in “Additional Library Directories“, add path “..\mswin32\OpenSSL\lib
    5. Expand the “ncat” project, double click the file “ncat_ssl.c” and comment out the line “#include <openssl/applink.c>
    6. Right click on the “liblua” project in Visual Studio and click “Properties“. In “Configuration Properties” > “General” > “C/C++” > “Code Generation“, set “Runtime Library” to “Multi-threaded DLL (/MD)
    7. Right click on the “ncat” project in Visual Studio and click “Build“. Alternatively you can press the F7 key to start building.

Workaround Inability in NAT Loopback on DD-WRT r15760 or above

Recently I found that my router running DD-WRT is not able to handle NAT loopback (Accessing router’s public IP from internal network). After searching through the Internet, I found this post mentioned that it is a problem in DD-WRT since revision r15760. It is stated that the problem will not be fixed. As a user, we can only apply workaround to the issue. Here are the steps:

  1. Make sure your DD-WRT version is r15760 or newer
  2. Navigate to your router administrator page
  3. Go to the Administrator section, Commands section
  4. In the Commands text box, input the following command:
    insmod ipt_mark
    insmod xt_mark
    iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
    iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
  5. Press the Save Firewall button. You should see the following screen:
    DDWRT NAT Loopback
  6. Reboot your router, the NAT loopback should be function now

Configure RedHat Linux as Router

In my case, because a normal router doesn’t come with support of 802.1x security and I only have 1 IP address, I got to set up a Red Hat Linux server as a router with perform NAT and packet forwarding function.

Steps

  1. Suppose your server is using static IP 192.168.1.10, your network interface is eth0, and there is another PC with IP address 192.168.1.11 connected to the server directly
  2. Enable IPv4 packet forwarding on Linux
    echo 1 > /proc/sys/net/ipv4/ip_forward
  3. Enable SNAT
    # Example
    iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.10
  4. (Optional) Enable DNAT (port fowarding) for services such as web server
    # Example
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.11:80

Bonus

If you want to save the rules in iptables or restore them after edit, you can use these commands!

Edit 2013-05-08: The previous command were incorrect and has been updated.
Edit 2014-11-20: Added a command for persistent change on RedHat 5

# Save iptables rules to a file
iptables-save > /tmp/iptables.txt

# Restore iptables rules from a file
iptables-restore < /tmp/iptables.txt

# (For RedHat 5) Save the iptables rules so that changes is persistent (across reboot)
service iptables save

Rollback

Edit 2014-11-20: I have more IP addresses now after moving to new office. So today I rollback the configuration.

  1. Edit the file at /etc/sysctl.conf and locate the following line:
    net.ipv4.ip_forward = 1

    Edit it to read as follows:

    net.ipv4.ip_forward = 0
  2. As the root user, run the following command to enable the change to the sysctl.conf file:
    sysctl -p /etc/sysctl.conf
  3. You can then verify the result by the following command, which should give you zero as output:
    cat /proc/sys/net/ipv4/ip_forward

Google Nexus S USB Tethering on Windows XP

Having USB tethering working on Windows XP using your Nexus device is somewhat different. You will be complained by Windows that the driver is missing and you might get no idea where the hell the driver is.

Google actually has a hidden article which provided the link to the driver.

http://support.google.com/android/bin/answer.py?answer=182134


Edit 2014-11-05: It seems that Google has unintentionally removed the link to the configuration file. Anyway you can find the old page from the Internet Archive here:

http://web.archive.org/web/20131130072158/https://support.google.com/android/answer/182134?hl=en

I have also captured the screenshot of the webpage and the configuration file below (just copy and paste the content and save as file with file name tetherxp.inf) in case the above link no longer works.

; MS-Windows driver config matching some basic modes of the
; Linux-USB Ethernet/RNDIS gadget firmware:
;
;  - RNDIS plus CDC Ethernet ... this may be familiar as a DOCSIS
;    cable modem profile, and supports most non-Microsoft USB hosts
;
;  - RNDIS plus CDC Subset ... used by hardware that incapable of
;    full CDC Ethernet support.
;
; Microsoft only directly supports RNDIS drivers, and bundled them into XP.
; The Microsoft "Remote NDIS USB Driver Kit" is currently found at:
;   http://www.microsoft.com/whdc/hwdev/resources/HWservices/rndis.mspx


[Version]
Signature           = "$CHICAGO$"
Class               = Net
ClassGUID           = {4d36e972-e325-11ce-bfc1-08002be10318}
Provider            = %Android%
Compatible          = 1
MillenniumPreferred = .ME
DriverVer           = 03/30/2004,0.0.0.0
; catalog file would be used by WHQL
;CatalogFile         = Android.cat

[Manufacturer]
%Android%          = AndroidDevices,NT.5.1

[AndroidDevices]
; Google Nexus One without adb
%AndroidDevice%    = RNDIS, USB\VID_18D1&PID_4E13
; Google Nexus One with adb
%AndroidDevice%    = RNDIS, USB\VID_18D1&PID_4E14
; Google Nexus S without adb
%AndroidDevice%    = RNDIS, USB\VID_18D1&PID_4E23
; Google Nexus S with adb
%AndroidDevice%    = RNDIS, USB\VID_18D1&PID_4E24
; HTC Sapphire without adb
%AndroidDevice%    = RNDIS, USB\VID_0BB4&PID_0FFE
; HTC Sapphire with adb
%AndroidDevice%    = RNDIS, USB\VID_0BB4&PID_0FFC
; Motorola Sholes without adb
%AndroidDevice%    = RNDIS, USB\VID_22B8&PID_41E4
; Motorola Sholes with adb
%AndroidDevice%    = RNDIS, USB\VID_22B8&PID_41E5

[AndroidDevices.NT.5.1]
; Google Nexus One without adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_18D1&PID_4E13
; Google Nexus One with adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_18D1&PID_4E14
; Google Nexus S without adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_18D1&PID_4E23
; Google Nexus S with adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_18D1&PID_4E24
; HTC Sapphire without adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_0BB4&PID_0FFE
; HTC Sapphire with adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_0BB4&PID_0FFC
; Motorola Sholes without adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_22B8&PID_41E4
; Motorola Sholes with adb
%AndroidDevice%    = RNDIS.NT.5.1, USB\VID_22B8&PID_41E5

[ControlFlags]
ExcludeFromSelect=*

; Windows XP specific sections -----------------------------------

[RNDIS.NT.5.1]
Characteristics = 0x84   ; NCF_PHYSICAL + NCF_HAS_UI
BusType         = 15
DriverVer           = 03/30/2004,0.0.0.0
AddReg          = RNDIS_AddReg_NT, RNDIS_AddReg_Common
; no copyfiles - the files are already in place

[RNDIS.NT.5.1.Services]
AddService      = USB_RNDIS, 2, RNDIS_ServiceInst_51, RNDIS_EventLog

[RNDIS_ServiceInst_51]
DisplayName     = %ServiceDisplayName%
ServiceType     = 1 
StartType       = 3 
ErrorControl    = 1 
ServiceBinary   = %12%\usb8023.sys    
LoadOrderGroup  = NDIS
AddReg          = RNDIS_WMI_AddReg_51

[RNDIS_WMI_AddReg_51]
HKR, , MofImagePath, 0x00020000, "System32\drivers\rndismp.sys"

; Windows 2000 and Windows XP common sections --------------------

[RNDIS_AddReg_NT]
HKR, Ndi,               Service,        0, "USB_RNDIS"
HKR, Ndi\Interfaces,    UpperRange,     0, "ndis5" 
HKR, Ndi\Interfaces,    LowerRange,     0, "ethernet"

[RNDIS_EventLog]
AddReg = RNDIS_EventLog_AddReg

[RNDIS_EventLog_AddReg]
HKR, , EventMessageFile, 0x00020000, "%%SystemRoot%%\System32\netevent.dll"
HKR, , TypesSupported,   0x00010001, 7

; Common Sections -------------------------------------------------

[RNDIS_AddReg_Common]
HKR, NDI\params\NetworkAddress, ParamDesc,  0, %NetworkAddress%
HKR, NDI\params\NetworkAddress, type,       0, "edit"
HKR, NDI\params\NetworkAddress, LimitText,  0, "12"
HKR, NDI\params\NetworkAddress, UpperCase,  0, "1"
HKR, NDI\params\NetworkAddress, default,    0, " "
HKR, NDI\params\NetworkAddress, optional,   0, "1"

[SourceDisksNames]
1=%SourceDisk%,,1

[SourceDisksFiles]
usb8023m.sys=1
rndismpm.sys=1
usb8023w.sys=1
rndismpw.sys=1
usb8023k.sys=1
rndismpk.sys=1

[DestinationDirs]
RNDIS_CopyFiles_98    = 10, system32/drivers
RNDIS_CopyFiles_ME    = 10, system32/drivers
RNDIS_CopyFiles_NT    = 12

[Strings]
ServiceDisplayName    = "USB Remote NDIS Network Device Driver"
NetworkAddress        = "Network Address"
Android               = "Android"
AndroidDevice         = "Android USB Ethernet/RNDIS"
SourceDisk            = "Ethernet/RNDIS Driver Install Disk"

I was preparing to set up another new servers running RHEL6 with channel bonding and got a chance to retouch what I have wrote.

Hidden Base

Notice: The article is for Red Hat Enterprise Linux (RHEL) 5.7 and 6.2. It may also suitable for other newer version of Red Hat.

This article is inspired by this article.

Situation

  • You have a fresh installed server running RHEL
  • The server has two Ethernet interface eth0 and eth1
  • The server has no bond device set up before
  • You want to configure eth0 and eth1 to be load balancing or active-standby
  • You will use static IP for the network connection

Step 1: Add a bond device configuration file

2012-06-11 Edit 1: Till now I am still wondering if MACADDR or HWADDR should be specified in the configuration file because in sample configuration file in the Red Hat official document here it does not contain such fields. At this stage I would recommend not specifying both MACADDR and HWADDR unless you run into physical address conflict problem.

2012-06-11 Edit…

View original post 669 more words

Fixing Internet Connection Sharing (ICS) DHCP not Working

Problem

ICS on Windows XP has been enabled, however some Ethernet devices disable and cable plugging in and out has cause the ICS DHCP function is not working properly and no IP is able to assigned to the connected machines.

Solution

After searching on the Internet, I found executing the following command on the ICS enabled PC would fix the problem:

netsh winsock reset

Do remember to restart the ICS enabled PC afterwards!