Add in an aux module to create a socks4 proxy server. If you add in a route via a meterpreter session to the framework routing table the proxy server will use that route where appropriate. (Also modified the servers opts hash to optionally take a 'Comm' param if you want to programmatically create a socks4 server which will always use a specific meterpreter session for all socket creation - by default this does not happen and it uses the rex socket switchboard as per normal rex socket creation).

git-svn-id: file:///home/svn/framework3/trunk@10337 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Stephen Fewer 2010-09-16 18:23:03 +00:00
parent bb842ea0b0
commit 5e2295a9a8
2 changed files with 112 additions and 21 deletions

View File

@ -157,14 +157,13 @@ class Socks4a
# A mixin for a socket to perform a relay to another socket.
#
module Relay
#
# Relay data coming in from relay_sock to this socket.
#
def relay( relay_client, relay_sock, relay_type )
def relay( relay_client, relay_sock )
@relay_client = relay_client
@relay_sock = relay_sock
@relay_type = relay_type
# start the relay thread (modified from Rex::IO::StreamAbstraction)
@relay_thread = ::Thread.new do
loop do
@ -246,7 +245,12 @@ class Socks4a
# handle socks4a conenct requests
if( request.is_connect? )
# perform the connection request
@rsock = Rex::Socket::Tcp.create( 'PeerHost' => request.dest_ip, 'PeerPort' => request.dest_port )
params = {
'PeerHost' => request.dest_ip,
'PeerPort' => request.dest_port,
'Comm' => @server.opts['Comm']
}
@rsock = Rex::Socket::Tcp.create( params )
# and send back success to the client
response = Packet.new
response.version = REPLY_VERSION
@ -255,7 +259,12 @@ class Socks4a
# handle socks4a bind requests
elsif( request.is_bind? )
# create a server socket for this request
bsock = Rex::Socket::TcpServer.create( 'LocalHost' => '0.0.0.0', 'LocalPort' => 0 )
params = {
'LocalHost' => '0.0.0.0',
'LocalPort' => 0,
'Comm' => @server.opts['Comm']
}
bsock = Rex::Socket::TcpServer.create( params )
# send back the bind success to the client
response = Packet.new
response.version = REPLY_VERSION
@ -303,8 +312,8 @@ class Socks4a
@lsock.extend( Relay )
@rsock.extend( Relay )
# start the socket relays...
@lsock.relay( self, @rsock, 'lsock' )
@rsock.relay( self, @lsock, 'rsock' )
@lsock.relay( self, @rsock )
@rsock.relay( self, @lsock )
rescue
wlog( "Client.start - #{$!}" )
self.stop
@ -344,7 +353,7 @@ class Socks4a
# Create a new Socks4a server.
#
def initialize( opts={} )
@opts = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080 }
@opts = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080, 'Comm' => nil }
@opts = @opts.merge( opts )
@server = nil
@clients = ::Array.new
@ -371,10 +380,14 @@ class Socks4a
# start the servers main thread to pick up new clients
@server_thread = ::Thread.new do
while( @running ) do
# accept the client connection
sock = @server.accept
# and fire off a new client instance to handle it
Client.new( self, sock ).start
begin
# accept the client connection
sock = @server.accept
# and fire off a new client instance to handle it
Client.new( self, sock ).start
rescue
wlog( "Socks4a.start - server_thread - #{$!}" )
end
end
end
rescue
@ -384,6 +397,13 @@ class Socks4a
return true
end
#
# Block while the server is running.
#
def join
@server_thread.join
end
#
# Stop the Socks4a server.
#
@ -399,16 +419,8 @@ class Socks4a
end
# close the server socket
@server.close if @server
# wait for the server main thread to terminate gracefully
begin
::Timeout.timeout( 30 ) do
@server_thread.join if @server_thread.alive?
end
rescue ::Timeout::Error
wlog( "Socks4a.stop - #{$!}" )
end
# if the server thread did not terminate gracefully, kill it.
@server_thread.kill if @server_thread.alive?
@server_thread.kill if( @server_thread and @server_thread.alive? )
end
return !@running
end
@ -421,6 +433,8 @@ class Socks4a
@clients.delete( client )
end
attr_reader :opts
end
end; end; end

View File

@ -0,0 +1,77 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'thread'
require 'msf/core'
require 'rex/proto/proxy/socks4a'
class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report
def initialize
super(
'Name' => 'Socks4a Proxy Server',
'Version' => '$Revision$',
'Description' => 'This module provides a socks4a proxy server.',
'Author' => 'sf',
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Proxy' ]
],
'PassiveActions' =>
[
'Proxy'
],
'DefaultAction' => 'Proxy'
)
register_options(
[
OptString.new( 'SRVHOST', [ true, "The address to listen on", '0.0.0.0' ] ),
OptPort.new( 'SRVPORT', [ true, "The port to listen on.", 1080 ] )
], self.class )
end
def setup
super
@mutex = ::Mutex.new
@socks4a = nil
end
def cleanup
@mutex.synchronize do
if( @socks4a )
print_status( "Stopping the socks4a proxy server" )
@socks4a.stop
@socks4a = nil
end
end
super
end
def run
opts = {
'ServerHost' => datastore['SRVHOST'],
'ServerPort' => datastore['SRVPORT']
}
@socks4a = Rex::Proto::Proxy::Socks4a.new( opts )
print_status( "Starting the socks4a proxy server" )
@socks4a.start
@socks4a.join
end
end