Re: NCat Proxy Support - Proxy-Authenticate

[David Fifield <david () bamsoftware com>]

On Wed, Dec 29, 2010 at 09:14:57AM -0800, David Fifield wrote:
> On Mon, Dec 06, 2010 at 12:08:40PM +0100, Florian Roth wrote:
> > Great!
> > I'll test it.
> >
> > --- 20min later ---
> >
> > It works.
> > The only problem I noticed was the executing of a program after the
> > connection has been established. 
> >
> > What I did:
> >
> > === On the system inside the network ===========================
> >
> > D:\ncat-win32>ncat.exe -vvv -e cmd --proxy proxy.company.de:8080
> > --proxy-auth user:pass 87.106.48.12 443
> >
> > Ncat: Version 5.36TEST2 ( http://nmap.org/ncat )
> > NCAT DEBUG: Proxy returned status code 407.
> > NCAT DEBUG: Reconnection header:
> > CONNECT 87.106.48.12:443 HTTP/1.0
> > Proxy-Authorization: Basic XxxxXXXxxxxXXXXXxxxX==
> >
> > NCAT DEBUG: Proxy returned status code 200.
> > NSOCK (0.0000s) Read request from IOD #1 (peer unspecified) (timeout:
> > -1ms) EID 10
> > NSOCK (0.0000s) Read request for 0 bytes from IOD #2 (peer unspecified)
> > EID 18
> > NSOCK (36.3590s) Callback: READ SUCCESS for EID 10 [(null):65535] (4
> > bytes)
> >
> > dir
> >
> > NSOCK (36.3590s) Read request for 0 bytes from IOD #1 [(null):65535] EID
> > 26
> > NSOCK (49.9370s) Callback: READ SUCCESS for EID 26 [(null):65535] (11
> > bytes)
> >
> > systeminfo
> >
> > NSOCK (49.9370s) Read request for 0 bytes from IOD #1 [(null):65535] EID
> > 34
> >
> > === On the external system ======================================
> >
> > s15218815:~# ncat -v -l 443
> > Ncat: Version 5.35DC1 ( http://nmap.org/ncat )
> > Ncat: Listening on 0.0.0.0:443
> > Ncat: Connection from 186.23.100.10:39925.
> > dir
> > systeminfo
> >
> > =================================================================
> >
> > The commands written on the external system appear in the terminal but
> > the "cmd.exe" has not been executed by ncat before so they just
> > interchange the characters. 
> > I first thought - well - perhaps this feature is not meant to be used on
> > a client which connects over a proxy server. Without the proxy server
> > between the systems this works like a charm. 
> > I thought that the CONNECT request has to be initialized by the internal
> > system and therefore there cannot be a command transmitter outside that
> > sends the commands inwards.
> > Although the characters appear inside while writing on the outside
> > system.
> >
> > Am I right, or is this a bug?
>
> You are correct, this is a bug. I added a test for it and made a TODO to
> fix it.

It's fixed in r21755.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/