# CommandPC

CommandPC is a program for executing commands on a remote machine regardless of the operating system.

## Description

The too long didn't read version is that: it's like SSH, but less secure and just a fun experimentation with threads, internationalization, encryption and GUI in JAVA.

Composed of two part, a client and a server, this application allow you to send encrypted command from one machine to another. Both the client and the server can operate with or without a gui.
English and French language are disponible within the application.

## Instruction

### Server

Without the `nogui` argument, the server display its status with a system tray icon. By right-clicking the icon you can interact with it.

| Server started | Server stopped |
|:--------------:|:--------------:|
|![server-systemTray-icon](img/CommandPC_systemTrayIcon.png)|![server-systemTray-icon](img/CommandPC_systemTrayIcon2.png)|||

Example:

- Windows sytem tray: ![server-systemTray-icon](img/CommandPC_systemTrayWindows.png)
- Linux XFCE system tray: ![server-systemTray-icon](img/CommandPC_systemTrayLinux.png)

Right-clicking on the icon allow you to start and stop the server. The command line argument `port=X` chand the listening port.

### Client

The client use a graphical interface to guide the user and is available in both French and English (using the "Français"/"English" button at the bottom)
The interface is composed of two pane: "connection" and "command".

The "connection" pane allows the connection to a remote server.

![connection-result](img/CommandPC_connectionResult.png)

After the connection established, the "command" pane allow to send commands to the server.

| 'ls /' on a Linux machine | 'ipconfig' on a Windows machine and gui in French for a change |
|:-------------------------:|:-------------------------------:|
|![ls](img/CommandPC_commandLs.png)|![ipconfig](img/CommandPC_commandIpconfig.png)|

## Security concerns

**TLDR: Use at your own risk over a secure network.**

### Command

No effort is made to check if the command that you send is compatible with the user privilige, exist or is even safe to use.

### Identity

No identification of the user or the machine is made. In other words, if a server is running any number of client can connect and run command on it.

### Encryption

This software use AES 128 bits encryption, but like too many software (including payed one) it has flaws that make it unsuitable to use over unsecured networks.

The main issue is the fact that during the first communication between the client and the server, the communication is encrypted via a master key.
This master key, is the same for all firsts exchanges. After that, a new communication key is generated between individual client and the server.
If somebody were to use a packet sniffer on the network, knowing the master key it's possible to get the communication key thus defeating the encryption entirely.

Side note, AES 128 allow this program to run on any implementation of the Java platform. See the [Cipher documentation](https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html) for the complete list of "safe to use" cipher standard.