Drop udp associate support and cleanup logging

2018-03-23 14:29:48 -04:00 · 2018-03-23 14:29:48 -04:00 · 9b5ae34896
parent 1de5a464e7
commit 9b5ae34896
4 changed files with 40 additions and 47 deletions
--- a/lib/rex/proto/proxy/socks5.rb
+++ b/lib/rex/proto/proxy/socks5.rb
@ -2,5 +2,10 @@
 #
 # sf - Sept 2010 (original socks4a code)
 # zeroSteiner - March 2018 (socks 5 update)
+# references:
+#   - SOCKS Protocol Version 5
+#     https://tools.ietf.org/html/rfc1928
+#   - Username/Password Authentication for SOCKS V5
+#     https://tools.ietf.org/html/rfc1929

 require 'rex/proto/proxy/socks5/server'
--- a/lib/rex/proto/proxy/socks5/server.rb
+++ b/lib/rex/proto/proxy/socks5/server.rb
@ -8,16 +8,14 @@ require 'rex/proto/proxy/socks5/server_client'
 module Rex
 module Proto
 module Proxy
-#
-# A Socks5 proxy server.
-#
+
 module Socks5
  #
-  # A Socks5 proxy server.
+  # A SOCKS5 proxy server.
  #
  class Server
    #
-    # Create a new Socks5 server.
+    # Create a new SOCKS5 server.
    #
    def initialize(opts={})
      @opts          = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080 }
@ -36,7 +34,7 @@ module Socks5
    end

    #
-    # Start the Socks5 server.
+    # Start the SOCKS5 server.
    #
    def start
      begin
@ -53,14 +51,14 @@ module Socks5
              # and fire off a new client instance to handle it
              ServerClient.new(self, sock).start
            rescue
-              wlog("Socks5.start - server_thread - #{$!}")
+              wlog("SOCKS5.start - server_thread - #{$!}")
            end
          end
        end
      rescue => exception
        STDERR.puts "Error during processing: #{$!}"
        STDERR.puts exception.backtrace
-        wlog("Socks5.start - #{$!}")
+        wlog("SOCKS5.start - #{$!}")
        return false
      end
      return true
@ -74,7 +72,7 @@ module Socks5
    end

    #
-    # Stop the Socks5 server.
+    # Stop the SOCKS5 server.
    #
    def stop
      if @running
--- a/lib/rex/proto/proxy/socks5/server_client.rb
+++ b/lib/rex/proto/proxy/socks5/server_client.rb
@ -15,15 +15,15 @@ module Socks5
  #
  # A mixin for a socket to perform a relay to another socket.
  #
-  module Relay
+  module TcpRelay
    #
-    # Relay data coming in from relay_sock to this socket.
+    # TcpRelay data coming in from relay_sock to this socket.
    #
    def relay( relay_client, relay_sock )
      @relay_client = relay_client
      @relay_sock   = relay_sock
      # start the relay thread (modified from Rex::IO::StreamAbstraction)
-      @relay_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServerRelay", false) do
+      @relay_thread = Rex::ThreadFactory.spawn("SOCKS5ProxyServerTcpRelay", false) do
        loop do
          closed = false
          buf    = nil
@ -95,6 +95,9 @@ module Socks5
    REPLY_CMD_NOT_SUPPORTED          = 7
    REPLY_ADDRESS_TYPE_NOT_SUPPORTED = 8

+    HOST = 1
+    PORT = 2
+
    #
    # Create a new client connected to the server.
    #
@ -119,19 +122,10 @@ module Socks5
            raise "Invalid Socks5 request packet received (no supported authentication methods)."
          end
          @lsock.put(AuthResponsePacket.new.to_binary_s)
-          STDERR.puts "Sent auth reply"

          packet = RequestPacket.read(@lsock.get_once)
-          STDERR.puts "Received valid request"
          # handle the request
          handle_command(packet)
-
-          # setup the two way relay for full duplex io
-          @lsock.extend(Relay)
-          @rsock.extend(Relay)
-          # start the socket relays...
-          @lsock.relay(self, @rsock)
-          @rsock.relay(self, @lsock)
        rescue => exception
          STDERR.puts "Error during processing: #{$!}"
          STDERR.puts exception.backtrace
@ -152,13 +146,7 @@ module Socks5
          when COMMAND_UDP_ASSOCIATE
            response = handle_command_udp_associate(request)
        end
-
-        if response.nil?
-          STDERR.puts "Command did not return a proper response object"
-        else
-          @lsock.put(response.to_binary_s)
-          STDERR.puts "Set response to the client"
-        end
+        @lsock.put(response.to_binary_s) unless response.nil?
      rescue => exception
        STDERR.puts "Error during processing: #{$!}"
        STDERR.puts exception.backtrace
@ -183,8 +171,8 @@ module Socks5
      # send back the bind success to the client
      response              = ResponsePacket.new
      response.command      = REPLY_SUCCEEDED
-      response.address      = bsock.localhost
-      response.port         = bsock.localport
+      response.address      = bsock.getlocalname[HOST]
+      response.port         = bsock.getlocalname[PORT]
      @lsock.put(response.to_binary_s)

      # accept a client connection (2 minute timeout as per the socks4a spec)
@ -199,6 +187,7 @@ module Socks5
      # close the listening socket
      bsock.close

+      setup_tcp_relay
      response              = ResponsePacket.new
      response.command      = REPLY_SUCCEEDED
      response.address      = @rsock.peerhost
@ -215,30 +204,32 @@ module Socks5
      params['Context'] = @server.opts['Context'] if @server.opts.has_key?('Context')
      @rsock = Rex::Socket::Tcp.create(params)

+      setup_tcp_relay
      response              = ResponsePacket.new
      response.command      = REPLY_SUCCEEDED
-      response.address      = @rsock.peerhost
-      response.port         = @rsock.peerport
+      response.address      = @rsock.getlocalname[HOST]
+      response.port         = @rsock.getlocalname[PORT]
      response
    end

    def handle_command_udp_associate(request)
-      # create a udp socket for this request
-      params = {
-        'LocalHost' => request.address,
-        'LocalPort' => request.port
-      }
-      params['Context'] = @server.opts['Context'] if @server.opts.has_key?('Context')
-      @rsock = Rex::Socket::Udp.create(params)
-
-      # send back the bind success to the client
      response              = ResponsePacket.new
-      response.command      = REPLY_SUCCEEDED
-      response.address      = @rsock.localhost
-      response.port         = @rsock.localport
+      response.command      = REPLY_CMD_NOT_SUPPORTED
      response
    end

+    #
+    # Setup the TcpRelay between lsock and rsock.
+    #
+    def setup_tcp_relay
+      # setup the two way relay for full duplex io
+      @lsock.extend(TcpRelay)
+      @rsock.extend(TcpRelay)
+      # start the socket relays...
+      @lsock.relay(self, @rsock)
+      @rsock.relay(self, @lsock)
+    end
+
    #
    # Stop handling the client connection.
    #
--- a/modules/auxiliary/server/socks5.rb
+++ b/modules/auxiliary/server/socks5.rb
@ -43,7 +43,7 @@ class MetasploitModule < Msf::Auxiliary

  def cleanup
    @mutex.synchronize do
-      if( @socks_proxy )
+      if @socks_proxy
        print_status('Stopping the socks5 proxy server')
        @socks_proxy.stop
        @socks_proxy = nil
@ -56,13 +56,12 @@ class MetasploitModule < Msf::Auxiliary
    opts = {
      'ServerHost' => datastore['SRVHOST'],
      'ServerPort' => datastore['SRVPORT'],
-      'Context' => {'Msf' => framework, 'MsfExploit' => self}
+      'Context'    => { 'Msf' => framework, 'MsfExploit' => self }
    }
    @socks_proxy = Rex::Proto::Proxy::Socks5::Server.new(opts)

    print_status('Starting the socks5 proxy server')
    @socks_proxy.start
-
    @socks_proxy.join
  end
 end