crash + psc 37c3 release

crash and psc now build and run on Windoze systems. psc contains a new feature that lets you bounce binary data back and forth through your local pty to a e.g. remote netcat, dd or other utilities so you can fwd SSH connections directly through your terminal or up/download binary data without any remote agent.

Roaming trickery

I added support for roaming and suspend/resume to crash. Now you can change your IP, VPN, physlayer, NAT, VM-routing etc. at runtime and stay connected to your remote shell. You may also suspend the session to a ticket and resume it from a different laptop from the other side of the globe while keeping your shell.

Privacy side note: As always, this implies that you know what you are doing when using VPNs. Disrupted VPN routing may leak your IP address regardless of roaming but with roaming enabled you wouldn't immediately notice as the session just continues. However, to reveal the IP a single leaked packet suffices.

It is now also possible to build and run crash and psc on Windows, including all the nice features.

More crash + psc trickery

I reworked the local address binding and connecting part of my anti censorship tools crash and psc, so it is now possible to use SOCKS5 client side connects by using -x (similar to curl) and to let the SOCKS5 proxy resolve DNS names (-N) in order to allow browsing with chrome (but check README).

You can also check out @fullspectrumdev's blog writeups on pentest use-cases and cross-compilation.

Interestingly, OpenSSH now also supports traffic blinding, which is included in crash since years.

New 7350 0day trickery (cybah cybah)

 

Manjaro seems to be quite popular distro, according to distrowatch. LPE can be found here.

More tunneling trickery

In order to properly proxy messenger apps from censored networks to outside, I added the -X switch to crash and documented on how you would configure your setup within the contrib folder.

It is already field-tested in certain countries. Nevertheless, if you have deeper knowledge on censorship equipement or extra tips for better connectivity and can battle test the setups, just let me know.

Tunneling trickery

 

I re-polished a 10y old project that is one of the most complete tunneling solutions available for ICMP, ICMPv6, DNS over IP and DNS over IPv6 when it comes to setting up connectivity in restrictive environments. I added some fixes so it now properly also works behind NAT.