farm9.org
Open Source Security Tools for the Security Professional
Home
Projects
Harvester Project
Cryptcat Project
Who Uses Cryptcat
Talk About Cryptcat
Get Cryptcat
Contributors
Audit Tools Project
Mudpit Project
Mailing Lists
Mailing List Info
Harvester Archives
Cryptcat Archives
Audit Tools Archives
General
Call for Participation
Press/News
Sponsors
Licensing
Contact Us

Get CryptCat

cryptcat = netcat + encryption

cryptcat = netcat + encryption

Cryptcat is the standard netcat enhanced with twofish encryption. netcat was origianally written by the l0pht (hobbit and weld pond).

The portion of the code written by farm9 is being released as Open Source.

Note that the L0pht has information on their copyrights covering netcat. See the 'hobbit.txt' file for that information.

Cryptcat is licensed under the the GNU General Public License, Version 2 or later in conformance with the original NetCat license.

http://www.fsf.org/licenses/info/GPLv2orLater.html

Twofish is courtesy of counterpane, and cryptix. We started with the Java version of twofish from cryptix, converted it to C++ (don't ask why), and enhanced it by adding CBC mode and the ciphertext stealing technique from Applied Cryptography (pg. 196)

License

Cryptcat is licensed under the The GNU General Public License, Version 2 or later in conformance with the original NetCat license.

How do you use it?

Machine A: cryptcat -l -p 1234 < testfile
Machine B: cryptcat <machine A IP> 1234

This is identical to the normal netcat options for doing exactly the same thing. However, in this case the data transferred is encrypted.

Download

The source code for cryptcat can be found on sourceforge.net.

Is it Really Secure?

Not if you know the secret key, which is hardcoded to be "metallica" (use the -k option to change this key)

CERT

There is a CERT vulnerability released on CryptCat for NT. The release comes with a precompiled binary which has a gaping security hole in the '-e' option.

CERT/CC Vulnerability Note VU#165099

The included binary is compiled with the compile time option "GAPING_SECURITY_HOLE" to allow the '-e' option to work.

This option is intended to allow CryptCat to be used as an encrypting tunnel for a spawn'd binary. Unfortunately, this does not work on NT! The pipe is opened, but I/O is not encrypted. There is no workaround.

Changes

Thanks for the contributions: linux 7.0 build fixes, tricky bug fixes, -k option, OpenBSD/FreeBSD compiles, directory friendly zips & tars, including MSVC++ makes.

Since release alot of people have been submitting changes (many times for the same thing). I've been doing my best to keep up, we are trying to get this up on sourceforge, but there seems to be some sort of "approval" process that makes it unclear if that will actually happen.

So, if you have submitted something, and its not here, let me know. If you've submitted a change, and its here with someone else's name, that just means someone else got the same change in before you.

If you have a change, drop a line to .
Copyright © 2005 farm9.com, Inc. - All Rights Reserved.
Last modified: January 01, 1970 00:00:00 UTC