Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NCat Proxy Support - Proxy-Authenticate
From: David Fifield <david () bamsoftware com>
Date: Thu, 13 Jan 2011 18:19:28 -0800

On Wed, Dec 29, 2010 at 09:14:57AM -0800, David Fifield wrote:
On Mon, Dec 06, 2010 at 12:08:40PM +0100, Florian Roth wrote:

Great!
I'll test it.

--- 20min later ---

It works.
The only problem I noticed was the executing of a program after the
connection has been established. 

What I did:

=== On the system inside the network ===========================

D:\ncat-win32>ncat.exe -vvv -e cmd --proxy proxy.company.de:8080
--proxy-auth user:pass 87.106.48.12 443

Ncat: Version 5.36TEST2 ( http://nmap.org/ncat )
NCAT DEBUG: Proxy returned status code 407.
NCAT DEBUG: Reconnection header:
CONNECT 87.106.48.12:443 HTTP/1.0
Proxy-Authorization: Basic XxxxXXXxxxxXXXXXxxxX==

NCAT DEBUG: Proxy returned status code 200.
NSOCK (0.0000s) Read request from IOD #1 (peer unspecified) (timeout:
-1ms) EID 10
NSOCK (0.0000s) Read request for 0 bytes from IOD #2 (peer unspecified)
EID 18
NSOCK (36.3590s) Callback: READ SUCCESS for EID 10 [(null):65535] (4
bytes)

dir

NSOCK (36.3590s) Read request for 0 bytes from IOD #1 [(null):65535] EID
26
NSOCK (49.9370s) Callback: READ SUCCESS for EID 26 [(null):65535] (11
bytes)

systeminfo

NSOCK (49.9370s) Read request for 0 bytes from IOD #1 [(null):65535] EID
34

=== On the external system ======================================

s15218815:~# ncat -v -l 443
Ncat: Version 5.35DC1 ( http://nmap.org/ncat )
Ncat: Listening on 0.0.0.0:443
Ncat: Connection from 186.23.100.10:39925.
dir
systeminfo

=================================================================

The commands written on the external system appear in the terminal but
the "cmd.exe" has not been executed by ncat before so they just
interchange the characters. 
I first thought - well - perhaps this feature is not meant to be used on
a client which connects over a proxy server. Without the proxy server
between the systems this works like a charm. 
I thought that the CONNECT request has to be initialized by the internal
system and therefore there cannot be a command transmitter outside that
sends the commands inwards.
Although the characters appear inside while writing on the outside
system.

Am I right, or is this a bug?

You are correct, this is a bug. I added a test for it and made a TODO to
fix it.

It's fixed in r21755.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • Re: NCat Proxy Support - Proxy-Authenticate David Fifield (Jan 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault