PDA

View Full Version : ncat --proxy option non-client-server connection issues



h4x0r4f33dom
2016-10-18, 15:25
hi, iv tried NCat with client->server and everthing worked fine
that is,
what i sent from client to server (client->server) appeared on server
what i sent from server to client (server->client) appeared on client
<code>
server:nc -l -v 31338
client:nc -v grex.org 31338
</code>

then i tried using a proxy (with a 3rd shell) in between, but now connection between client AND server
(client<->server) is broken. that is
what i sent from client to server (client->server) DOES NOT appeared on server
what i sent from server to client (server->client) DOES NOT appeared on client
BUT proxy sees both adresses

NOTE: real IPs are replaced by {0.0.0.0 128.128.128.128 255.255.255.255}
client IP 128.128.128.128
server IP 255.255.255.255
proxy IP 0.0.0.0

i v tried both with/without --proxy-type option and for with --proxy-type iv tried putting "--proxy-type http"
before (b) AND after (c) --proxy option but got the same result;NOTHING

a) without
<code>
ncat -l -vvvvv 31336 # proxy
nc -l -vvvvv 31338 # server
ncat -vvvvv 255.255.255.255 -p 31338 --proxy 0.0.0.0:31336 # client
</code>

b) with before
<code>
ncat -l -vvvvv 31336 # proxy
nc -l -vvvvv 31338 # server
ncat -vvvvv 255.255.255.255 -p 31338 --proxy-type http --proxy 0.0.0.0:31336 # client
</code>

c) with after
<code>
ncat -l -vvvvv 31336 # proxy
nc -l -vvvvv 31338 # server
ncat -vvvvv 255.255.255.255 -p 31338 --proxy 0.0.0.0:31336 --proxy-type http # client
</code>

using -vvvvv option, verbose, on proxy i see

<code>
Ncat: Version 7.01 ( https://nmap.org/ncat )
NCAT DEBUG: Initialized fdlist with 103 maxfds
Ncat: Listening on :::31336
NCAT DEBUG: Added fd 3 to list, nfds 1, maxfd 3
Ncat: Listening on 0.0.0.0:31336
NCAT DEBUG: Added fd 4 to list, nfds 2, maxfd 4
NCAT DEBUG: Added fd 0 to list, nfds 3, maxfd 4
NCAT DEBUG: Initialized fdlist with 100 maxfds
NCAT DEBUG: selecting, fdmax 4
NCAT DEBUG: select returned 1 fds ready
NCAT DEBUG: fd 4 is ready
Ncat: Connection from 128.128.128.128.
NCAT DEBUG: Swapping fd[0] (3) with fd[2] (0)
NCAT DEBUG: Removed fd 3 from list, nfds 2, maxfd 4
NCAT DEBUG: Swapping fd[1] (4) with fd[1] (4)
NCAT DEBUG: Removed fd 4 from list, nfds 1, maxfd 0
Ncat: Connection from 128.128.128.128:31338.
NCAT DEBUG: Added fd 5 to list, nfds 2, maxfd 5
NCAT DEBUG: Added fd 5 to list, nfds 1, maxfd 5
NCAT DEBUG: selecting, fdmax 5
NCAT DEBUG: select returned 1 fds ready
NCAT DEBUG: fd 5 is ready
CONNECT 255.255.255.255:31337 HTTP/1.0

NCAT DEBUG: selecting, fdmax 5
NCAT DEBUG: select returned 1 fds ready
NCAT DEBUG: fd 5 is ready
NCAT DEBUG: Closing connection.
NCAT DEBUG: Swapping fd[1] (5) with fd[1] (5)
NCAT DEBUG: Removed fd 5 from list, nfds 1, maxfd 0
NCAT DEBUG: Swapping fd[0] (5) with fd[0] (5)
NCAT DEBUG: Removed fd 5 from list, nfds 0, maxfd -1
</code>

can someone put light on this, plz ?

thx

tashi
2016-10-18, 18:15
Hello h4x0r4f33dom

This is the malware removal forum for members with infected personal computers, the FAQ is here:

https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated

Please respond to your previous topic which I moved to the Tavern yesterday. :)

https://forums.spybot.info/showthread.php?73926-unautherized-illegal-use-of-ncat-nmap

Best regards.