Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ncat not work with --proxy at version 7.90, 7.91 #2149

Closed
Phuker opened this issue Oct 11, 2020 · 9 comments
Closed

ncat not work with --proxy at version 7.90, 7.91 #2149

Phuker opened this issue Oct 11, 2020 · 9 comments
Labels
bug Ncat

Comments

@Phuker
Copy link

Phuker commented Oct 11, 2020

Describe the bug
ncat not work with --proxy at version 7.90, 7.91. The old version 7.80 is OK.

To Reproduce
I'm using a Windows machine, run ssh, just to create a test socks5 proxy.

ssh -D 1080 -NTv root@example.com

Unzip nmap-7.91-win32.zip, then run

.\ncat.exe --proxy 127.0.0.1:1080 --proxy-type socks5 -vv github.com 22

ssh output contains:

debug1: channel 2: free: direct-tcpip: listening port 1080 for github.com port 22, connect from 127.0.0.1 port 10301 to 127.0.0.1 port 1080, nchannels 3

ncat just output this, and exit:

Ncat: Version 7.91 ( https://nmap.org/ncat )
NCAT DEBUG: Using trusted CA certificates from D:\nmap.7.91.buggy\ca-bundle.crt.
Ncat: Connected to proxy 127.0.0.1:1080
Ncat: No authentication needed.
Ncat: Host github.com will be resolved by the proxy.
Ncat: connection succeeded.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
Ncat: 0 bytes sent, 0 bytes received in 0.15 seconds.
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #1)
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #2)

Expected behavior

Output this and wait user input:

SSH-2.0-xxxxxx-xxxxxx

Version info (please complete the following information):

  • OS: Windows 10 LTSC
  • Output of ncat --version: Ncat: Version 7.91 ( https://nmap.org/ncat )

Additional context
None.
@Phuker Phuker added the Ncat label Oct 11, 2020
@nnposter
Copy link

FWIW, the result of bisecting the commits points to r37944 (0d613e3).
I was able to recover from the bug by adding back the previously removed call to post_connect:

--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -1138,6 +1138,7 @@
         /* Create IOD for nsp->stdin */
         if ((cs.stdin_nsi = nsock_iod_new2(mypool, 0, NULL)) == NULL)
             bye("Failed to create stdin nsiod.");
+        post_connect(mypool, cs.sock_nsi);
     }
 
     /* connect */

However, TLS over proxy does not work.
I am not familiar with this area of the code so I cannot help with troubleshooting it further.

@nnposter nnposter added the bug label Oct 12, 2020
@mlashley
Copy link

I can confirm the same issue on 7.91 on Linux(Gentoo). i.e. the following works in 7.80 but not in 7.91:
ssh -o ProxyCommand='ncat --proxy <sockshost:port> --proxy-type socks5 %h %p' me@inside.host
Patching in the single line identified by @nnposter above - does indeed get ssh-over-socks5 working again.

@amaranthius
Copy link

I can confirm the same issue on MacOS Big Sur (v11.0.1). Reverting to 7.80 didn't work either since it results in this issue.

@dmiller-nmap
Copy link

post_connect() is called in connect_handler in the SSL case, which is what I was testing with. I neglected to test the non-SSL case, apparently. Fix incoming.

@nnposter nnposter mentioned this issue Mar 28, 2021
Closed
@yyy
Copy link

yyy commented Mar 29, 2021
edited

When will the fix for this be released? Do I understand correctly that right now there's no working way to proxy SSH over SOCKS5 with authentication on Big Sur? Old Ncap versions don't work because of #2079. New Ncap versions have this issue.

Is there a workaround other than manually compiling latest sources? Thank you.

@Un1Gfn
Copy link

Un1Gfn commented Jun 23, 2021
edited

Arch Linux - same issue - 7.91

workaround - use nc from openbsd @yyy

@hayden-pan
Copy link

Now it works fine after update to 7.92

1 similar comment
@hayden-pan
Copy link

Now it works fine after update to 7.92

@ValdikSS ValdikSS mentioned this issue Jan 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Ncat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@yyy @mlashley @amaranthius @hayden-pan @nnposter @dmiller-nmap @Phuker @Un1Gfn and others