Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug(wish) with Ncat

From: David Fifield <david () bamsoftware com>
Date: Sun, 22 Aug 2010 21:22:46 -0600
On Sun, Jul 25, 2010 at 08:03:04AM +0300, דוד חי גוטויליג wrote:

2010/7/23 David Fifield <david () bamsoftware com>

Also in the release version (5.21), I have encountered a problem with the
socks4 proxy when Ncat is been used inside OpenSSH client's ProxyCommand,
for some reason Ncat will not pass the incoming stream back to the ssh
client. I couldn't figure way.

Here is a sample output:

OpenSSH_5.4p1, OpenSSL 1.0.0a-fips 1 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ncat -v --proxy
127.0.0.1:4444--proxy-type socks4 SOMESERVER 22
.....
.....
Ncat: Version 5.21 ( http://nmap.org/ncat )
Ncat: Connected to proxy 127.0.0.1:4444
debug1: ssh_exchange_identification:

and here it's just hangs.


Does this happen with the latest version too? Please post the exact
commands your are using (you can use SOMESERVER in place of the server
name). This includes the ssh command and the command to start the proxy.

David Fifield

With version 5.21 it does happen. like this:
first create tunnel with OpenSSH like:
ssh -NvD 6060 user@SERVER
then use it like:
ssh -o ProxyCommand="ncat --proxy 127.0.0.1:6060 --proxy-type socks4
SERVER 22" user@SERVER

this just hangs. but if I use netcat it works, something like:
ssh -o ProxyCommand="nc -x 127.0.0.1:6060 -X 5 SERVER 22" user@SERVER

this happen also for version 5.35DC1
and also for latest revision (19221 as writing, version option prints 5.35DC18).


I was able to reproduce this. I think it was caused by a bug in the
SOCKS connection code. It was getting only 7 bytes, not 8 as it should
have. It works for me since fixing it in r19919. Please give it a try.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: