I suggest you to read this document and to run each command
in order to understand how to use lcrzoex. Note that you have
to adapt device names, IP addresses and Ethernet addresses for them
to work on your computers.
Preliminary notes
Lcrzoex needs, for some tools, the be run with administrator privileges.
Lcrzoex currently only supports Ethernet networks for low level actions
(sniff, spoof) (for example, modems are not supported).
However, every kind of network is supported for high level actions (clients, servers, etc.).
Help mode
Lcrzoex help mode allows users to select the exact tool they need.
Here is one example of tool selection :
# lcrzoex
These tools were created with the network library lcrzo.
########## MAIN MENU
0 - quit lcrzoex
a - easy tools (new users, start here)
b - obtains information
c - sniff and save packets
d - display and resend saved packets
e - Ethernet and IP spoof
f - udp clients
g - tcp clients
h - udp servers
i - tcp servers
j - routers
k - administrators utilities
l - remote administration server
m - malicious utilities
n - miscellaneous utilities
Enter your category (key 0abcdefghijklmn)[a]: g
********** Several sub-categories are available :
0 - go back to the main menu
a - tcp interactive clients
b - clients displaying servers' banner
c - HTTP (web) clients
d - FTP clients
e - SMTP (email) clients
f - NNTP (newsgroup) clients
g - TELNET clients
Enter your sub-choice (key 0abcdefg)[a]: d
++++++++++ Several tools are available in this sub-category :
0 - go back to the main menu
104 - active ftp displaying a file (real tcp client)
105 - active ftp displaying a file (virtual tcp client)
279 - active ftp listing a directory
281 - active ftp retrieving a file
283 - active ftp uploading a file
285 - active ftp downloading a directory
287 - active ftp uploading a directory
106 - passive ftp displaying a file (real tcp client)
107 - passive ftp displaying a file (virtual tcp client)
280 - passive ftp listing a directory
282 - passive ftp retrieving a file
284 - passive ftp uploading a file
286 - passive ftp downloading a directory
288 - passive ftp uploading a directory
165 - passive ftp uploading a directory (different command line)
268 - passive ftp brute force
289 - ftp client listing a directory using control connection only
290 - ftp client displaying type of a file
Enter your tool number (between 0 and 290)[104]: 286
---------- Here is how to use this tool :
Reference : lcrzoex_000286, version (of this tool) 1.00
Titre : passive ftp downloading a directory
Author : Laurent
Usage : lcrzoex 286 server_name server_port distant_dir local_dir login [passwd]
Example : lcrzoex 286 1.2.3.4 21 /etc/ /tmp/here bob mypass
Now, some examples are described. If they do not correspond to your needs,
use the help mode to find the appropriate one.
Supported devices
Lcrzo supports Ethernet cards, Loopback and Serial Modems.
Unfortunately, these are not supported on every system as described
in this table.
| System |
Device type |
Sniff supported ? |
Ethernet spoof supported ? |
IP spoof supported ? |
| FreeBSD |
Ethernet | yes | yes | yes |
| Loopback | yes [2] | no [4] | yes |
| Modem | yes [2] | no [4] | yes |
| Linux |
Ethernet | yes | yes | yes |
| Loopback | yes [1] | yes | yes |
| Modem | yes [2] | no [4] | yes |
| OpenBSD |
Ethernet | yes | yes | yes |
| Loopback | yes [2] | no [4] | yes |
| Modem | yes [2] | no [4] | yes |
| Solaris |
Ethernet | yes | yes | yes |
| Loopback | no | no [4] | no [3] |
| Modem | yes [1] | no [4] | yes |
| Windows 95,98,Me,NT4 |
Ethernet | yes | yes | yes |
| Loopback | no | no [4] | no |
| Modem | yes [1] | no [4] | no |
| Windows 2000,XP |
Ethernet | yes | yes | yes |
| Loopback | no | no [4] | no |
| Modem | yes [1] | no [4] | yes |
Notes :
| 1 |
system adds a fake Ethernet header
|
| 2 |
lcrzo adds a fake Ethernet header
|
| 3 |
not sure
|
| 4 |
normal because this isn't an Ethernet device
|
Most of lcrzoex tools are coded for Ethernet. It's important to understand Ethernet tools does not
work on devices where Ethernet is not supported. For example,
modem under Windows does not support Ethernet, so all
tools using Ethernet will not work over this device.
Most important tools have 2 versions. For example :
- tool 249 : icmp ping sent at Ethernet level
- tool 318 : icmp ping sent at IP level
So, use tool 318 over a modem line.
Also note that tcp/udp virtual clients/servers use Ethernet,
so doesn't work everywhere.
Tool 157 : local configuration - Linux example
# lcrzoex 157
Devices
device ethernet ip /netmask mtu
lo loopback 127.0.0.1 /255.0.0.0 3924 up
eth0 00:01:01:01:01:01 192.168.1.1 /255.255.255.0 1500 up
eth0:1 00:01:01:01:01:01 192.168.2.1 /255.255.255.0 1500 up,alias
eth1 00:01:01:01:01:01 192.168.3.1 /255.255.255.0 1500 up
Arp
eth0 00:01:01:01:01:01 192.168.1.1 (permanent)
eth0:1 00:01:01:01:01:01 192.168.2.1 (permanent)
eth1 00:01:01:01:01:01 192.168.3.1 (permanent)
eth0 00:02:02:02:02:02 192.168.1.2 (-3s)
eth0 00:FE:FE:FE:FE:FE 192.168.1.254 (-1s)
Routes
device destination /netmask ip_source gateway
lo 127.0.0.1 /255.255.255.255 local_device 0,up
eth0 192.168.1.1 /255.255.255.255 local_device 0,up
eth0:1 192.168.2.1 /255.255.255.255 local_device 0,up
eth1 192.168.3.1 /255.255.255.255 local_device 0,up
eth0 192.168.1.0 /255.255.255.0 192.168.1.1 0,up
eth0:1 192.168.2.0 /255.255.255.0 192.168.2.1 0,up
eth1 192.168.3.0 /255.255.255.0 192.168.3.1 0,up
lo 127.0.0.0 /255.0.0.0 127.0.0.1 0,up
eth0 0.0.0.0 /0.0.0.0 192.168.1.1 192.168.1.254 0,up
In this example, we see the loopback device (lo), and two network cards
(eth0 and eth1). Card eth0 has an alias.
The arp table contains permanent entries, and the dynamic entry for
the router 192.168.1.254. It also contains the Ethernet address of
computer 192.168.1.2 which is on the LAN (this address was obtained
3 seconds ago).
The routing table first contains entries to access local devices, then
network connected to the local devices, and finally the default router
192.168.1.254.
Tool 157 : local configuration - Windows example
# lcrzoex 157
Devices
device ethernet ip /netmask mtu
L...
oopback loopback 127.0.0.1 /255.0.0.0 1500 up
\Device\Packet...
_RTL802 00:01:01:01:01:01 192.168.1.1 /255.255.255.0 1500 up
Arp
lo 00:00:00:00:00:00 127.0.0.1 (permanent)
\Device\Packet...
_RTL802 00:01:01:01:01:01 192.168.1.1 (permanent)
\Device\Packet...
_RTL802 00:02:02:02:02:02 192.168.1.2 (-3s)
\Device\Packet...
_RTL802 00:FE:FE:FE:FE:FE 192.168.1.254 (-1s)
Routes
device destination /netmask ip_source gateway
\Device\Packet...
_RTL802 192.168.1.1 /255.255.255.255 local_device 0,up
\Device\Packet...
_RTL802 192.168.1.0 /255.255.255.0 192.168.1.1 0,up
L...
oopback 127.0.0.0 /255.0.0.0 127.0.0.1 0,up
\Device\Packet...
_RTL802 0.0.0.0 /0.0.0.0 192.168.1.1 192.168.1.254 0,up
In this example, we see the loopback device (Loopback), and one
network card (\Device\Packet_RTL802). Windows device names are
generally long. So, they are on two lines ("L... oopback" means
"Loopback", and "\Device\Packet... _RTL802" means
"\Device\Packet_RTL802").
The arp table contains permanent entries, and the dynamic entry for
the router 192.168.1.254. It also contains the Ethernet address of
computer 192.168.1.2 which is on the LAN (this address was obtained
3 seconds ago).
The routing table first contains entries to access local device, then
network connected to the local device, and finally the default router
192.168.1.254.
Tool 2 : print information about a hostname
# lcrzoex 2 host1
computer name : host1
ip address : 192.168.1.1
ethernet address : 00:01:01:01:01:01
This tool obtains the IP address of host1.
Moreover, if host1 is on the LAN, we obtain its Ethernet address.
Here is another example :
# lcrzoex 2 www.server.com
computer name : www.server.com
ip address : 1.2.3.4
ethernet address : unresolved
Tool 3 : print information about an IP address
# lcrzoex 3 192.168.1.2
ip address : 192.168.1.2
computer name : host2
ethernet address : 00:02:02:02:02:02
This tool obtains the hostname of 192.168.1.2.
Moreover, it is on the LAN, we obtain its Ethernet address.
Tool 170 : real tcp client (for pipe)
# lcrzoex 170 192.168.1.2 21
220 host2 FTP server
QUIT
221 Goodbye.
This tool is a tcp client. This commands permits to connect on the
FTP server on port 21 at address 192.168.1.2. This command is equivalent
to "telnet 192.168.1.2 21".
Here is another example downloading a web page (port 80 of www.server.com)
:
# lcrzoex 170 www.server.com 80
GET / HTTP/1.0
_here_enter_one_blank_line_
HTTP/1.1 200 OK
Date: Sat, 12 Jan 2002 08:43:27 GMT
[...]
Tool 92 : real tcp client (for mixed from stdin)
This tool is similar to 170, but permits to specify exactly which
bytes we want to send.
In order to achieve this, we use "mixed string". A mixed string permits
to represent data as a clear form using hexadecimal and text.
Hexadecimal is used without "0x" or "0h".
Text is included between apostrophes "'"
The character ' is ''
For example :
'hello' : data "hello"
'a' 'b' : data "ab"
41 'b' : data "Ab" (because 'A'==0x41)
'man'00 : data "man" ending with 0x00
'a''b' : data "a'b"
This example sends raw commands to a FTP server. As you can see, this is
complicated, but powerful :
# lcrzoex 92 host2 21
Your mixed data ['hello' 0D 0A]:
Do you want an Empty string or the Default string ? (key eEdD)[d]: e
32 32 30 20 68 6F 73 74 20 46 54 50 20 73 65 72 # 220 host FTP ser
76 65 72 2E 0D 0A # ver...
Do you want to finish ? (key yYnN)[n]: n
Your mixed data ['hello' 0D 0A]: 'USER ftp' 0D 0A
Do you want to finish ? (key yYnN)[n]: n
Your mixed data ['hello' 0D 0A]:
Do you want an Empty string or the Default string ? (key eEdD)[d]: e
33 33 31 20 47 75 65 73 74 20 6C 6F 67 69 6E 20 # 331 Guest login
6F 6B 2C 20 73 65 6E 64 20 79 6F 75 72 20 63 6F # ok, send your co
6D 70 6C 65 74 65 20 65 2D 6D 61 69 6C 20 61 64 # mplete e-mail ad
64 72 65 73 73 20 61 73 20 70 61 73 73 0D 0A # dress as pass..
Do you want to finish ? (key yYnN)[n]> n
Your mixed data ['hello' 0D 0A]: 'PASS laurent@server.com'
Do you want to finish ? (key yYnN)[n]: n
Your mixed data ['hello' 0D 0A]: 0D 0A
Do you want to finish ? (key yYnN)[n]: n
Your mixed data ['hello' 0D 0A]:
Do you want an Empty string or the Default string ? (key eEdD)[d]: e
32 33 30 20 47 75 65 73 74 20 6C 6F 67 69 6E 20 # 230 Guest login
6F 6B 2C 20 61 63 63 65 73 73 20 72 65 73 74 72 # ok, access restr
69 63 74 69 6F 6E 73 20 61 70 70 6C 79 2E 0D 0A # ictions apply...
Do you want to finish ? (key yYnN)[n]>
Your mixed data ['hello' 0D 0A]: 'QU' 'IT' 0D0A
Do you want to finish ? (key yYnN)[n]:
Your mixed data ['hello' 0D 0A]:
Do you want an Empty string or the Default string ? (key eEdD)[d]:
32 32 31 20 47 6F 6F 64 62 79 65 2E 0D 0A # 221 Goodbye...
Tool 171 : virtual tcp client (for pipe)
This tool is similar to 170, but creates a virtual client.
A real client/server uses IP address and Ethernet address
of the current computer (they are classical sockets).
A virtual client/server uses spoofed IP address and
Ethernet address. For example, a virtual tcp client behaves like this :
- spoof a syn packet
- sniff the syn-ack from the server
- spoof a ack packet to terminate the handshake
- then, it behaves exactly like a real client
In order to create a virtual client connecting on a server (for example
connecting on port 25 of 192.168.1.2) located on the LAN, you have to :
- know the local device name to use (can be obtained with
"lcrzoex 157"). For example eth0.
- choose one false Ethernet address to use. For example
aa:bb:cc:dd:ee:ff.
- know the ethernet address of the computer
(lcrzoex 2 192.168.1.2). For example 00:02:02:02:02:02.
- choose one false IP address (it should not be used by another
computer). For example 192.168.1.3.
- choose a random port. For example 1234.
Here is this example :
# lcrzoex 171 eth0 aa:bb:cc:dd:ee:ff 00:02:02:02:02:02 192.168.1.3 192.168.1.2 1234 25
220 host2 ESMTP Postfix
QUIT
221 Bye
In order to create a virtual client connecting on a server (for example
connecting on port 25 of 192.168.1.2) not located on the LAN, you have to :
- know the local device name to use (can be obtained with
"lcrzoex 157"). For example eth0.
- choose one false Ethernet address to use. For example
aa:bb:cc:dd:ee:ff.
- know the ethernet address of the router
(lcrzoex 2 192.168.1.254). For example 00:FE:FE:FE:FE:FE.
- choose one false IP address (it should not be used by another
computer). For example 192.168.1.3.
- choose a random port. For example 1234.
Here is this example :
# lcrzoex 171 eth0 aa:bb:cc:dd:ee:ff 00:FE:FE:FE:FE:FE 192.168.1.3 1.2.3.4 1234 25
220 server.com ESMTP Postfix
QUIT
221 Bye
Two simple modes for virtual clients were presented. Depending on your needs,
they can be adapted.
Tool 186 : real tcp server (for pipe)
This tool creates a listening tcp server. It can be used to communicate
between to computers.
For example, computer host1 can run tool 186, and computer host2 can run
tool 170. In this example, we choose to listen on port 1234 :
On host1 : On host2, then run :
# lcrzoex 186 1234
# lcrzoex 170 host1 1234
_write_ Hello _newline_
Hello
_write_ Bonjour _newline_
Bonjour
_write_ Hola _newline_
Hola
[...]
Tool 274 : sniff packets and print them (easy device selection)
This tool displays packets of the network. You have to select the
device on which to intercept packets.
Then, select the print profile. I recommend you using profile number 2, 3 or 4.
You can personalize it by selecting 9.
# lcrzoex 274
Choose the device
1 - lo
2 - eth0
3 - eth1
4 - Other device
Enter your choice (between 1 and 4)[2]: 2
Choose the print profile
1 - header and data in synthetic aspect
2 - header (without ethernet) and data in synthetic aspect
3 - header and data in array aspect
4 - header in array aspect and data in dump
5 - header in array aspect and data in mixed
6 - header and data in hexa aspect
7 - header in hexa aspect and data in dump
8 - header in hexa aspect and data in mixed
9 - personalized profile
Choose the profile (between 1 and 9)[4]:
ETH_____________________________________________________________________.
| 00:01:01:01:01:01 vers 00:02:02:02:02:02 type : 0x0800 |
|_______________________________________________________________________|
IP______________________________________________________________________.
|version | ihl | tos | totlen |
|___ 4___|___ 5___|_______ 0_______|____________0054h= 84____________|
| id |xxDfMf fragoffset |
|____________061Dh= 1565____________|0_0_0__________0000h= 0_________|
| ttl | protocol | header checksum |
|_____40h= 64_____|_____01h= 1_____|_______________DF38h_______________|
| source |
|______________________________192.168.1.1______________________________|
| destination |
|______________________________192.168.1.2______________________________|
ICMP_(echo request)_____________________________________________________.
| type | code | checksum |
|_____08h= 8_____|_____00h= 0_____|____________2829h=10281____________|
65 01 01 00 91 04 40 3C AC 91 01 00 08 09 0A 0B # e.....@<........
[...]
Generally, on network with a lot of flow, sniff intercepts too much packets.
If you want to restrict sniffed packet, just use filter.
Basic item of a bpf filter are :
host 1.2.3.4
net 192.168.10
net 192.168.10.0 mask 255.255.255.0
net 192.168.10.0/24
port 21
dst host 1.2.3.4
src port 2345
ether host a:b:c:d:e:f ("ether a:b:c:d:e:f" is not working)
ether src aa:bb:cc:dd:ee:ff
ip
arp
rarp
tcp
icmp
udp
Here are filter examples :
host 1.2.3.4
net 192.168 and icmp
host 1.2.3.4 or dst port 80
(udp or tcp) and not host 1.2.3.4
Now, just an example with a filter :
# lcrzoex 274 "host 192.168.1.1"
Choose the device
1 - lo
2 - eth0
3 - eth1
4 - Other device
Enter your choice (between 1 and 4)[2]:
Choose the print profile
1 - header and data in synthetic aspect
2 - header (without ethernet) and data in synthetic aspect
3 - header and data in array aspect
4 - header in array aspect and data in dump
5 - header in array aspect and data in mixed
6 - header and data in hexa aspect
7 - header in hexa aspect and data in dump
8 - header in hexa aspect and data in mixed
9 - personalized profile
Choose the profile (between 1 and 9)[4]: 2
192.168.1.1->192.168.1.2 - ICMP8 - 60 bytes
192.168.1.2->192.168.1.1 - ICMP0 - 60 bytes
192.168.1.1->192.168.1.2 - ICMP8 - 60 bytes
192.168.1.2->192.168.1.1 - ICMP0 - 60 bytes
Tool 7 : sniff packets and print them (manual device selection)
This tool is similar to 274, but the device has to be on the command line.
# lcrzoex 7 eth0 "host 192.168.1.1"
[...]
Tool 29 : IP spoof specified by user
With tool 29, one can forge a false IP packet.
# lcrzoex 29
source address [255.255.255.255]: 192.168.1.3
destination address [1.2.3.4]: 192.168.1.2
protocol (between 0 and 255)[0]> 1
IP options []:
packet's data ['hello' 0D 0A]: 08000000 12345678
IP______________________________________________________________________.
|version | ihl | tos | totlen |
|___ 4___|___ 5___|_______ 0_______|____________001Ch= 28____________|
| id |xxDfMf fragoffset |
|____________F599h=62873____________|0_0_0__________0000h= 0_________|
| ttl | protocol | header checksum |
|_____80h=128_____|_____01h= 1_____|_______________C1F1h_______________|
| source |
|_______________________________192.168.1.3_____________________________|
| destination |
|_______________________________192.168.1.2_____________________________|
ICMP_(echo request)_____________________________________________________.
| type | code | checksum |
|_____08h= 8_____|_____00h= 0_____|____________0000h= 0____________|
12 34 56 78 # .4Vx
Tool 51 : {Ethernet,IP,TCP} spoof specified by user
Lcrzo also permits to spoof at Ethernet level.
This example spoofs a SYN packet :
# lcrzoex 51
send on which device
1 - lo
2 - eth0
3 - eth1
4 - eth1:1
5 - Other device
Enter your choice (between 1 and 5)[2]:
source address [aa:bb:cc:dd:ee:ff]: 00:03:03:03:03:03
destination address [ff:ff:ff:ff:ff:ff]: 00:02:02:02:02:02
source address [255.255.255.255]: 192.168.1.3
destination address [1.2.3.4]:
IP options []:
source port (between 0 and 65535)[2345]: 1212
destination port (between 0 and 65535)[80]:
bit syn (between 0 and 1)[0]: 1
bit ack (between 0 and 1)[0]:
bit fin (between 0 and 1)[0]:
bit rst (between 0 and 1)[0]:
seqnum (between 0 and 4294967295)[1714139488]:
acknum (between 0 and 4294967295)[1049250311]: 0
TCP options []:
packet's data ['hello' 0D 0A]: ''
ETH_____________________________________________________________________.
| 00:03:03:03:03:03 vers 00:02:02:02:02:02 type : 0x0800 |
|_______________________________________________________________________|
IP______________________________________________________________________.
|version | ihl | tos | totlen |
|___ 4___|___ 5___|_______ 0_______|____________0028h= 40____________|
| id |xxDfMf fragoffset |
|____________447Bh=17531____________|0_0_0__________0000h= 0_________|
| ttl | protocol | header checksum |
|_____80h=128_____|_____06h= 6_____|_______________30A4h_______________|
| source |
|_______________________________192.168.1.3_____________________________|
| destination |
|_________________________________1.2.3.4_______________________________|
TCP_____________________________________________________________________.
| source port | destination port |
|____________04BCh= 1212____________|____________0050h= 80____________|
| seq num |
|_________________________662BB160h=1714139488__________________________|
| ack num |
|_________________________00000000h= 0__________________________|
|dataoff | . . UrAk PuRsSyFi| window |
|___ 5___|___ 0____0_0_0_0__0_0_1_0_|____________05DCh= 1500____________|
| checksum | urgent pointer |
|____________C7BDh=51133____________|____________0000h= 0____________|
Tool 10 : sniff packets and save them in an Eth record
Sometimes, we want to sniff packet and to save them in a file. This
tool, similar to tool 7, can achieve this.
# lcrzoex 10 thefile
Choose the screen print profile
1 - header and data in synthetic aspect
2 - header (without ethernet) and data in synthetic aspect
3 - header and data in array aspect
4 - header in array aspect and data in dump
5 - header in array aspect and data in mixed
6 - header and data in hexa aspect
7 - header in hexa aspect and data in dump
8 - header in hexa aspect and data in mixed
9 - personalized profile
Choose the profile (between 1 and 9)[4]:
Choose the record print profile
1 - header and data in hexa aspect
2 - header in hexa aspect and data in dump
3 - header in hexa aspect and data in mixed
4 - personalized profile
Choose the profile (between 1 and 4)[3]:
Press q or Q to exit.
ETH_____________________________________________________________________.
| 00:03:03:03:03:03 vers 00:02:02:02:02:02 type : 0x0800 |
|_______________________________________________________________________|
[...]
q
Tool 22 : display an Eth record
With tool 10, we've saved Ethernet data in the file 'thefile'. This tool
permits to display its contents.
A range of packets can be used.
# lcrzoex 22 thefile
[...] (displays all the file)
# lcrzoex 22 thefile +1 +2
[...] (displays packets 1 to 2)
# lcrzoex 22 thefile +2 +4
[...] (displays packets 2 to 4)
# lcrzoex 22 thefile -3 -2
[...] (displays packets -3 to -2 (last but three to last but two))
Tool 23 : spoof an Eth record
We can also resend data of an Ethernet record. This tool is similar
to tool 22. For example :
# lcrzoex 23 thefile eth0 +1 +2
[...] (send packets 1 to 2)
Generally, we want to modify data before resending it. So, the file
has to be edited. The procedure is quite simple :
- edit thefile to change the packets
- use tool 22 to ensure packets are correctly modified
- use tool 23 to send new packets
Tool 190 : web get
This tools displays the content of a web page.
For example, to obtain http://192.168.1.2:80/index.html :
# lcrzoex 190 192.168.1.2 80 /index.html
Return 200 (OK)
48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D # HTTP/1.1 200 OK.
0A 44 61 74 65 3A 20 53 61 74 2C 20 31 32 20 4A # .Date: Sat, 12 J
[...]
Tool 280 : passive ftp listing a directory
FTP protocol can use active or passive clients. Command line clients
are generally using active FTP as default. Web navigator uses passive FTP.
Active FTP :
- the client initiates a TCP control session to port 21 of
the server
- the server initiates TCP data sessions to ports on the client
Passive FTP :
- the client initiates a TCP control session to port 21 of
the server
- the client initiates TCP data sessions to ports on the server
Tool 280 uses one passive data session to obtain a directory listing.
For example, we can have :
- the client (192.168.1.1) initiates a TCP control session from port 1234 to port 21 of the server (192.168.1.2)
- the client initiates one TCP data session from port 1235 to one port(chosen by the server) on the server
This example lists files and directories located in the directory "/pub".
Note : between each call, ports have to be incremented (because it is
forbidden to create sessions with the same ports ; so 1234 and 1235 have
to be changed to 1236 and 1237).
# lcrzoex 280 192.168.1.1 192.168.1.2 1234 21 1235 /pub/ "anonymous" "laurent@server.com"
Files
file1 (75)
file2 (22)
Directories
dir1
dir2
Links to files
linkfile2 ---> file2 (22)
Links to directories
Tool 282 : passive ftp retrieving a file
A passive FTP session is used, as for tool 280, to retrieve a file.
# lcrzoex 282 192.168.1.1 192.168.1.2 1234 21 1235 /pub/file1 ./file1 "anonymous"
Passwd:
This example saved a copy of ftp://192.168.1.2/pub/file1 to the local file
./file1.
Tool 162 : send email
Tool 162 can be used to send an email.
We need to know :
-address of the STMP server (example 192.168.1.2, on port 25)
-source email address (example laurent@example.com)
-destination email address (example util@example.com)
-the local file containing the message (example ./file)
-the subject (example "the subject")
# lcrzoex 162 192.168.1.2 25 "laurent@example.com" "util@example.com" ./file "the subject"
[email sent...]
Tool 172 : tcp traceroute
The traceroute tool list routers located on the way to go to a computer.
For example, with the following architecture, computer 192.168.1.1
has to go through two routers before reaching 192.168.30.2 :
,____. ,________. ,________. ,____.
| 192| |192 192| |192 192| |192 |
| 168|____|168 168|____|168 168|____|168 |
| 1| |1 20| |20 30| |30 |
| 1| |254 1| |2 1| |2 |
`----' `--------' `--------' `----'
Tool 172 traces route to reach a computer with an open tcp port. For example,
to reach computer 192.168.30.2 with a web server (port 80), with a limit
of 30 hops :
# lcrzoex 172 192.168.30.2 80 30
1 : 192.168.1.254
2 : 192.168.20.2
3 : 192.168.30.2
Destination reached.
If we use a closed port, we obtain :
# lcrzoex 172 192.168.30.2 81 30
1 : 192.168.1.254
2 : 192.168.20.2
3 : 192.168.30.2
Destination reached.
Note : the TCP port 81 is closed (a reset was received).
If computer is unreachable, we obtain :
# lcrzoex 172 192.168.30.3 81 30
1 : 192.168.1.254
2 : 192.168.20.2
3 : 192.168.20.2 : destination unreachable - host
4 : 192.168.20.2 : destination unreachable - host
If the number of hops is too small, we obtain :
# lcrzoex 172 192.168.30.2 80 2
1 : 192.168.1.254
2 : 192.168.20.2
maxttl(2) was too short to reach the destination
Tool 249 : icmp ping
This tool checks if a computer can be reached.
If the computer is on the LAN, we obtain it's Ethernet address :
# lcrzoex 249 192.168.1.2
1 : 00:02:02:02:02:02 192.168.1.2
2 : 00:02:02:02:02:02 192.168.1.2
3 : 00:02:02:02:02:02 192.168.1.2
[..]
If the computer isn't on the LAN, we obtain the Ethernet address of the
router :
# lcrzoex 249 1.2.3.4
1 : 00:FE:FE:FE:FE:FE 1.2.3.4
2 : 00:FE:FE:FE:FE:FE 1.2.3.4
3 : 00:FE:FE:FE:FE:FE 1.2.3.4
[..]
Tool 131 : answer to ARP/ping request for a computer
Tool 131 simulate the presence of a computer.
For example, to simulate the computer 192.168.1.3 with Ethernet address
aa:bb:cc:dd:ee:ff, enter :
# lcrzoex 131 eth0 aa:bb:cc:dd:ee:ff 192.168.1.3
Then, from another computer, enter :
# ping 192.168.1.3
or
# lcrzoex 249 192.168.1.3
Tool 253 : scan of IP range, for TCP port range
Sometimes, we do not know which ports are open on a computer. This tools
scans a computer and lists open TCP ports.
For example, to scan tcp ports between 20 and 25 of 192.168.1.2 :
# lcrzoex 253 192.168.1.2 20-25
192.168.1.2:20 - closed
192.168.1.2:21 - open
192.168.1.2:22 - closed
192.168.1.2:23 - open
192.168.1.2:24 - closed
192.168.1.2:25 - open
Tool 277 : remote administration web server
In order to remotely execute commands, we can :
- install a web server on the computer
- use a web browser (Netscape, Internet Explorer, etc.) to
administer from another computer.
For example, to setup a web server :
- on the local computer (which have IP address 1.2.3.4)
- on the port 4000
- with the login "myname"
- with the password "mypass"
# lcrzoex 277 1.2.3.4 4000
Enter the login which will be needed by the user [lcrzoex]: myname
Enter the password which will be needed by the user : mypass
Now, from another computer, open a web browser and enter the url
"http://1.2.3.4:4000/exec". Enter the login and password. Then enter
the command in the form (for example "ls /" for Unix, or "dir c:"
for Windows). Press the button, and the result is displayed.
If you want to listen on all interfaces, or do not want to bother
getting the IP address, you can also enter :
# lcrzoex 277 0.0.0.0 4000
[...]
Tool 150 : convert a file from dos to unix
Then end of line of Windows and Unix are differents. Tool 150 is a utility
to convert files :
# lcrzoex 150 filein fileout
An easy way to specify parameters under Unix
We frequently need the same parameters (device name, Ethernet address, etc.).
For example for tool 131, Ethernet address is long to enter :
# lcrzoex 131 eth0 aa:bb:cc:dd:ee:ff 1.2.3.4
So, a solution is to define a variable and to use it :
If sh or bash is the installed shell, use:
# thevar=aa:bb:cc:dd:ee:ff
Else if csh or tcsh is the installed shell, use:
# set thevar=aa:bb:cc:dd:ee:ff
Then call lcrzoex :
# lcrzoex 131 eth0 $thevar 1.2.3.4
For easy use, this setting can be put in .profile or .cshrc.
An easy way to specify parameters under Windows
We frequently need the same parameters (device name, Ethernet address, etc.).
For example for tool 131, device name is long to enter :
# lcrzoex 131 \Device\Packet_ELNK1234 aa:bb:cc:dd:ee:ff 1.2.3.4
So, a solution is to define a variable and to use it :
set mydev=\Device\Packet_ELNK1234
lcrzoex 131 %mydev% aa:bb:cc:dd:ee:ff 1.2.3.4
For easy use, this setting can be put in c:\autoexec.bat.
An easy way to specify parameters
As just seen, we can use variables to store parameters. From version
4.04, it's also possible to use specially formatted parameters.
For example, if a tool needs an Ethernet address, we have to use :
lcrzoex xxx aa:bb:cc:dd:ee:ff
Now, we can also say :
| lcrzoex xxx e[aa:bb:cc:dd:ee:ff]e |
does nothing more, except saying the input parameter is
Ethernet(e) and has to be converted to Ethernet(e)
|
| lcrzoex xxx i[1.2.3.4]e |
the input is the IP(i) address 1.2.3.4, and
it has to be converted to Ethernet(e). This is equivalent to
say "Ethernet address of the IP address 1.2.3.4"
|
| lcrzoex xxx h[server]e |
the input is the hostname(h) server, and it has to be converted
to Ethernet(e). This is equivalent to say "Ethernet address
of the hostname server"
|
| lcrzoex xxx d[eth0]e |
the input is the device(d) eth0, and it has to be converted to
Ethernet(e). This is equivalent to say "Ethernet address
of the device eth0"
|
| lcrzoex xxx e[]e |
the user will be asked to select an Ethernet address
|
| lcrzoex xxx d[]e |
the user will be asked to select a device name, and
the Ethernet address of this device will be used
|
| etc. |
|
To sum up, the syntax of parameters is :
from[fromparameter]to
From and to can be :
- d : device
- dn : device number
- e : Ethernet address
- h : hostname
- i : IP address
- p : port number
- n : number
- s : string
Now, an example :
# lcrzoex 53 eth0 00:01:01:01:01:01 00:02:02:02:02:02 192.168.1.1 192.168.1.2 1234 21 1 1 0 43223 493484
[...]
It can also be called :
# lcrzoex 53 d[eth0]d 00:01:01:01:01:01 00:02:02:02:02:02 192.168.1.1 192.168.1.2 1234 21 1 1 0 43223 493484
[...]
Or ...
# lcrzoex 53 d[]d 00:01:01:01:01:01 00:02:02:02:02:02 192.168.1.1 192.168.1.2 1234 21 1 1 0 43223 493484
Choose a device
1 - lo
2 - eth0
[...]
Or ...
# lcrzoex 53 eth0 i[192.168.1.1]e i[192.168.1.2]e 192.168.1.1 192.168.1.2 1234 21 1 1 0 43223 493484
[...]
Or ...
# lcrzoex 53 eth0 h[host1]e i[host2]e host1 host2 1234 21 1 1 0 43223 493484
[...]
Or ...
# lcrzoex 53 eth0 h[host1]e i[host2]e host1 host2 n[]p n[]p 1 1 0 43223 493484
Choose source port number (between 0 and 65535):
Choose destination port number (between 0 and 65535):
[...]
Conclusion
Lcrzoex contains over 300 tools. They all cannot be described here.
However, if you've read carefully this document, you should be
able to use every tool.
Availability
Toolbox lcrzoex is available at :
http://www.laurentconstantin.com/ (main server)
http://go.to/laurentconstantin/ (backup server)
http://laurentconstantin.est-la.com/ (backup server)