Issues with proxychains

ropnop / go-windapsearch

Utility to enumerate users, groups and computers from a Windows domain through LDAP queries

BSD 3-Clause "New" or "Revised" License

343 stars 46 forks source link

Issues with proxychains #6

Closed jekiro closed 4 years ago

jekiro commented 4 years ago

Seems it doesn't want to work well with proxychains, honestly don't know if this is a go thing but the python version of windapsearch works perfectly fine.

jekiro commented 4 years ago

Quick image with some stuff redacted.

jekiro commented 4 years ago

And looking it up, doesn't work through libc so its fucked up lol waste of an issue when it was on the 3rd page of google

jekiro commented 4 years ago

Good alternative for it though: https://github.com/hmgle/graftcp

ropnop commented 4 years ago

Hmm yeah proxychains won't work with staticly linked binaries I think. But...I may be able to add socks proxy support into the tool itself with a command line switch. Would that work - something like ./windapsearch --socks-proxy 127.0.0.1:9050 --domain lab.example.com etc... ?

jekiro commented 4 years ago

That could work, was using socks5 so could be useful if you do.

ropnop commented 4 years ago

Making this an enhancement request. Can you try building from this branch: https://github.com/ropnop/go-windapsearch/tree/feature/socksproxy and then testing your socks proxy with the new --proxy option?

I just tried running it through an SSH Dynamic port forward and it appears to work for me

jekiro commented 4 years ago

Seems like its erroring from your ldap repository. Dont know if its an issue with how Im building it but I built it the same way I did without the socksproxy branch go: github.com/ropnop/ldap/v3@v3.1.11-0.20200611014906-485c70f019f1: parsing /Users/RonnieFlathers/go/src/github.com/ropnop/ldap/v3/go.mod: open /Users/RonnieFlathers/go/src/github.com/ropnop/ldap/v3/go.mod: no such file or directory

ropnop commented 4 years ago

D'oh! Try it now. I still had my local overwrites for forked go modules in there. Should be better now. I'm testing it with SSH like this:

$ ssh -D 9050 root@kali.lab.ropnop.com

$ ./windapsearch -d lab.ropnop.com --proxy 127.0.0.1:9050 -m metadata --debug
INFO[2020-06-24T08:12:27-05:00] Saving output to STDOUT                       package=windapsearch
INFO[2020-06-24T08:12:27-05:00] Found LDAP server via DNS: 172.16.13.100      package=ldapsession
DEBUG[2020-06-24T08:12:27-05:00] establishing connection through socks proxy at 127.0.0.1:9050  package=ldapsession
DEBUG[2020-06-24T08:12:27-05:00] tcp connection established to 172.16.13.100:389  package=ldapsession
INFO[2020-06-24T08:12:27-05:00] successful bind to "ldap://172.16.13.100:389" as ""  package=ldapsession
...etc...

Let me know if this works with your socks proxy?

jekiro commented 4 years ago

Works for me, thanks for adding it.

ropnop commented 4 years ago

Awesome! Great idea. Just releases 0.3.0 with the new proxy option added. Thanks!