GRAY-WORLD.NET / COOKING_CC =========================== The cooking_cc project is part of the Gray-World.net projects. The "How to cook a covert channel" paper was originally released in the Hakin9 magazine issue 04/06 Windows Rootkits. Check their website at http://hakin9.org Our Gray-World Team presents on the http://gray-world.net website the projects and publications we are working on which are related to the NACS (Network Access Control System) bypassing research field and to the computer and network security topics. ================================================================================ How to cook a covert channel - v1.0 - April 2006 ================================================ This paper is released under the terms of the GNU Free Documentation Licence. Refer to the gfdl.txt file or to http://www.fsf.org/licenses/fdl.txt. Cook_cl.py and Cook_cgi - v1.0 - April 2006 =========================================== These files are part of the cooking_cc project and are released under the terms of the GNU General Public license. Refer to the gpl.txt file or to http://www.fsf.org/licenses/gpl.txt ================================================================================ CGI Installation ================ If you own :) the webserver, a funny solution would be : ------------------------------------------------------------ mkdir /var/www/cook /var/www/kitchen cp cgi/cook.html /var/www/cook/cook.html chown -R root.www-data /var/www/cook /var/www/kitchen chmod -R 750 /var/www/cook chmod 770 /var/www/kitchen ------------------------------------------------------------ Edit httpd.conf (Apache 1.3) : ------------------------------------------------------------ LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so ScriptAlias /cook/ /var/www/cook/ ------------------------------------------------------------ Edit the CGI to update (at least) : o ADMIN_PASS o COOKIE_NAME o KEY and RBYTES o KITCHEN If you don't own it, then upload the cgi anywhere you want as long as you have cgi execution permissions and a www-data writable directory.