MsnShell-1.0

================================================================================

   GRAY-WORLD.NET / MsnShell
   =========================

   The MsnShell program is part of the Gray-World.net projects.

   Our Gray-World Team presents on the http://gray-world.net website the project
   s and publications we are working on which are related to the NACS (Network A
   ccess Control System)  bypassing  research  field  and  to  the  computer and 
   network security topics.
   
================================================================================

INTRODUCTION

   MsnShell is a kind of covert channel tunneling tool. With it, You can remotel
   y control a Linux computer behind a firewall.It can encapsulate shell command
   in MSN protocol. It only consists of a executable file as the Msnshell server
   Not only can MsnShell work with firewall, But can also pierce a HTTP proxy.

   Often computers are behind firewalls  that deny many  connections,  Therefore 
   these computers are expected to be relatively safe from external network. But 
   Msn Messenger connection from internal network is usually allowed and is made
   through a gateway or a http proxy server.

THE KEY FEATURES

  1. Give a shell from a  computer located within  the internal  network to an 
     external server;
  2. Encapsulate shell command or command result in MSN protocol;
  3. Can also work with HTTP proxy;

HOW IT WORKS

                Internal Network          External Network
                                    |
     |---------|     |---------|    f    |--------------------|      |---------|
     |         |-TCP-| GateWay |----i    |Microsoft Msn server|      |         |
     |         |     |---------|    r    |   |------------|   |      |         |
     |   MSN   |                    e    |   |Notificatoin|   |      |         |
     |         |                    |    |   |------------|   |      |   MSN   |
     |         |                    |----|         |          |------|         | 
     |  SHELL  |                    w    |   |------------|   |      | Client  |
     |         |     |---------|    a    |   |Switch Board|   |      |         |
     |         |-WEB-|HttpProxy|----l    |   |------------|   |      |         |
     |---------|     |---------|    l    |--------------------|      |---------|
                                    |    

   (1) MsnShell connects with Msn Noticifation server by way of a httpproxy or a
       gateway  within   internal  network.  The  user  logon   process involves 
       identifying  the  user to  the  MSN  client and  setting  and  retrieving 
       fundamental information.  The client subsequently notifies the MSN server 
       in  order for the user to be  shown as 'online'.  After a series of these 
       logon process, The MSN client gets the information from server about who 
       is online or offline. 
   (2) Once MsnShell logged on, It continuously receives both the messages which 
       indicates the status of online users and the messages which points out a 
       new dialog request from a certain online user. For every online users in
       the msn-messenger, MsnShell creates a struct called online_user_info that 
       is a reserved share memory. 
   (3) When a new dialog request arrives at the port  connected with MSN server, 
       MsnShell  tries to fork a child  process and  sends the  share  memory ID
       relevant to sessions' the other participant to it,The child process opens
       a tunnel to the switchboard specified by the field of message<IP address>
       :< PORT>. If the parameters <Proxy address> and <Proxy port> are missing, 
       A direct connection is made and fills out the fields "authentication" and 
       "session id".If the proxy field are present.It tries to open a connection
        to the HTTP proxy. MsnShell has to encapsulate MSN protocol message in 
       http protocol package. 
   (4) The initialization  procedure of the  child process  is to make a  socket 
       connect with the  switchboard,  After the connection is established,  The 
       child process sends authentication field and session id field back to the
       switchboard. Next,  It  seperately  generates two  threads   "read-socket 
       function" and "write-socket function".The read-socket function constantly
        picks up the command-line information from "MSG" message, unless A 'BYE' 
       message arrives at this socket. 
   (5) The write-socket function  parses  and executes command-line.  Afterwards 
       sends  results to client  by way of the  switchboard.  As far as the HTTP 
       protocol is concerned,  The aspects of it is quite different from  normal 
        TCP/IP procedure. In order to  deceiving the HTTP proxy  into  believing 
       the  connections  which  are  all  under  it's  control is an usual HTTP 
       connection, Both read-socket function  and write-socket function  are all 
       in the same thread and runs alternatively.Therefore, This thread seems to 
       be a ordinary web-client's thread sending POST request  and get  response
       through a HTTP proxy.By default,The application generates log information
       information in msnshell.log file.This file can be consulted to find wrong
       application behavior.

USAGE:

  MsnShell 1.00
  Usage: 
    msnshell --account ******@hotmail.com --password ****** [--proxyhost *.*.*.*
     --proxyport num]

   Options:
   -a --account ACCOUNT    Your msn account
   -p --password PASSWORD  Your password
   -x --proxyhost *.*.*.*  Proxy server
   -o --proxyport NUMBER   Proxy port
   -f --foreground         Run MsnShell in the foreground.
   -d --debug              Show debug information.
   -v --version            Print version information and exit.
   -h --help               Print usage information and exit.

LICENSE

  MsnShell is distributed under the terms of the GNU General Public License v2.0

AUTHOR

  Wei Zheng <v_zheng@yahoo.com>

  Project homepage: http://gray-world.net
  MsnShell Message board is also available at http://219.234.219.10/msnshell/
  Feature requests and bug reports are welcome!

Thanks 

  Alex Dyatlov <alex at gray-world.net>
  I would like to thank Alex Dyatlov of Russia for his generous support of Msnsh
  ell development to date.

