search

samyk / pwnat

The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.
https://samy.pl/pwnat/
GNU General Public License v3.0
3.39k stars 486 forks source link

Compiles successfully on FreeBSD, but segfaults when run as server. #2

Open suchipi opened 10 years ago

suchipi commented 10 years ago

Using gcc 4.7.3 on FreeBSD 10.0-RELEASE x86-64:

root@Ramiel:~/pwnat/pwnat-master # uname -a
FreeBSD Ramiel 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014     root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
root@Ramiel:~/pwnat/pwnat-master # gcc47 --version
gcc47 (FreeBSD Ports Collection) 4.7.3
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

root@Ramiel:~/pwnat/pwnat-master # ls
.gitignore              Makefile.Win32          client.h                gettimeofday.c          message.c               pwnat.c                 strlcpy.c               xgetopt.h
COPYING-pingtunnel      README                  common.h                gettimeofday.h          message.h               pwnat.core              udpclient.c
Changes                 README-udptunnel        destination.c           list.c                  packet.c                socket.c                udpserver.c
Makefile                client.c                destination.h           list.h                  packet.h                socket.h                xgetopt.c
root@Ramiel:~/pwnat/pwnat-master # head -27 Makefile | tail -7
# Uncomment appropriate one for the system this is compiling for
OS=LINUX
#OS=SOLARIS
#OS=CYGWIN

CC=gcc47
CFLAGS=-Wall -Wshadow -Wpointer-arith -Wwrite-strings -D ${OS}
root@Ramiel:~/pwnat/pwnat-master # gmake
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o socket.o socket.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o message.o message.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o strlcpy.o strlcpy.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o client.o client.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o packet.o packet.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o list.o list.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o destination.o destination.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o udpserver.o udpserver.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o udpclient.o udpclient.c
gcc47 -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX -o pwnat pwnat.c socket.o message.o strlcpy.o client.o packet.o list.o destination.o udpserver.o udpclient.o
root@Ramiel:~/pwnat/pwnat-master # ./pwnat
usage: ./pwnat <-s | -c> <args>
  -c    client mode (default)
        <args>: [local ip] <local port> <proxy host> [proxy port (def:2222)] <remote host> <remote port>
  -s    server mode
        <args>: [local ip] [proxy port (def:2222)] [[allowed host]:[allowed port] ...]
  -6    use IPv6
  -v    show debug output (up to 2)
  -h    show this help and exit
root@Ramiel:~/pwnat/pwnat-master # ./pwnat -s
Segmentation fault (core dumped)
root@Ramiel:~/pwnat/pwnat-master #

Compiles and runs successfully on Debian 7 x86-64 using gcc 4.7.2.

daimor commented 10 years ago

Using gcc 4.4.7 on CentOS 6.5 x86_64 Linux srv 2.6.32-358.18.1.el6.x86_64 #1 SMP Wed Aug 28 17:19:38 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@srv pwnat-master]# make
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o socket.o socket.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o message.o message.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o strlcpy.o strlcpy.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o client.o client.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o packet.o packet.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o list.o list.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o destination.o destination.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o udpserver.o udpserver.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX   -c -o udpclient.o udpclient.c
gcc -Wall -Wshadow -Wpointer-arith -Wwrite-strings -D LINUX -o pwnat pwnat.c socket.o message.o strlcpy.o client.o packet.o list.o destination.o udpserver.o udpclient.o
[root@srv pwnat-master]# ./pwnat -s
Segmentation fault (core dumped)
[root@srv pwnat-master]# gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
wolfwood commented 9 years ago

I am also experiencing a segfault at udpserver.c:186, stemming from gethostbyname (which the man page reports as obsolete) returning a null pointer on line 179.

I am running Gentoo linux with version 2.20 of libc

wolfwood commented 9 years ago

gethostbyname is returning null and not setting errno. This turns out to be a sign that the DNS lookup is failing.

I fixed it by editing my /etc/hosts, adding hostname to the line: '127.0.0.1 hostname localhost'

this is likely specific to gentoo, and this stack overflow suggests that gethostbyname is requiring a DNS configuration that is not needed in configurations like mine, using dhcp with no DNS server. http://stackoverflow.com/questions/8106882/cant-obtain-local-ip-using-gethostbyname

samyk commented 9 years ago

I'm accepting patches if anyone wants to take a stab! Not reproducing in my environment, haven't had a chance to take a look further.

nestorwheelock commented 5 years ago

Has anyone taken a crack at this yet since 2015? I'm about to try to run a pwnat server on FBSD 12.