Several scanner modules do not honor proxy settings

[hph86]

I have noticed that at least the following login scanner modules do not obey proxy settings:

• [x] smb_login: fixed (#9058)
• [x] pop3_login: fixed (#9085)
• [x] nessus_rest_login: fixed (#9086)
• [ ] snmp_login: uses UDP connections, maybe add hint to dox that proxies are not available?
• [ ] varnish_cli_login: obeys proxy setting, but currently I do not understand why it is working

The following example will cause the connection attempt to originate from the local machine rather from the jumphost machine. In the example below, this results in a connection error:

$ ssh -D 5555 jumphost
[switch window]
$ ./msfconsole
[...]
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > setg Proxies socks4:127.0.0.1:5555
Proxies => socks4:127.0.0.1:5555
msf auxiliary(smb_login) > set smbpass foobar
smbpass => foobar
msf auxiliary(smb_login) > set smbuser administrator
smbuser => administrator
msf auxiliary(smb_login) > set rhosts 10.0.0.233
rhosts => 10.0.0.233
msf auxiliary(smb_login) > run

[*] 10.0.0.233:445     - 10.0.0.233:445 - Starting SMB login bruteforce
[*] 10.0.0.233:445     - 10.0.0.233:445 - This system does not accept authentication with any credentials, proceeding with brute force
[-] 10.0.0.233:445     - 10.0.0.233:445 - Could not connect
[!] 10.0.0.233:445     - No active DB -- Credential data will not be saved!
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

If the proxy setting was was working as expected, the connection should originate from jumphost and it should be a successful connection (although wrong credentials have been provided in this example):

$ ssh -D 5555 jumphost
[switch window]
$ ./msfconsole
[...]
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > setg Proxies socks4:127.0.0.1:5555
Proxies => socks4:127.0.0.1:5555
msf auxiliary(smb_login) > set smbpass foobar
smbpass => foobar
msf auxiliary(smb_login) > set smbuser administrator
smbuser => administrator
msf auxiliary(smb_login) > set rhosts 10.0.0.233
rhosts => 10.0.0.233
msf auxiliary(smb_login) > run

[*] 10.0.0.233:445     - 10.0.0.233:445 - Starting SMB login bruteforce
[*] 10.0.0.233:445     - 10.0.0.233:445 - This system does not accept authentication with any credentials, proceeding with brute force
[-] 10.0.0.233:445     - 10.0.0.233:445 - Failed: '.\administrator:foobar',
[!] 10.0.0.233:445     - No active DB -- Credential data will not be saved!
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

The current issue is similar to #4052.

[wvu]

This is deeply unsettling to me. No boilerplate should be required to make proxying work. Only strengthens my conviction that setting up egress filtering before proxying is vital. We may need to reevaluate where we fix this problem. Smh.

[bcoles]

8705 is possibly related