implement proxy from environment: missing winrm and kerberos

5amu · Feb 19, 2024 · ae0a88e · ae0a88e
1 parent f977d24
commit ae0a88e
Show file tree

Hide file tree

Showing 8 changed files with 778 additions and 111 deletions.
diff --git a/go.mod b/go.mod
@@ -9,52 +9,37 @@ require (
 	github.com/jcmturner/gokrb5 v8.4.4+incompatible
 	github.com/jcmturner/gokrb5/v8 v8.4.4
 	github.com/masterzen/winrm v0.0.0-20231227165926-e811dad5ac77
-	github.com/rodaine/table v1.1.1
 )
 
+require github.com/docker/go-units v0.5.0 // indirect
+
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/ChrisTrenkamp/goxpath v0.0.0-20210404020558-97928f7e12b6 // indirect
 	github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bodgit/ntlmssp v0.0.0-20231122144230-2b2bca29f22b // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
-	github.com/geoffgarside/ber v1.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
-	github.com/golang/protobuf v1.3.2 // indirect
 	github.com/google/uuid v1.3.1 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
 	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
 	github.com/jcmturner/gofork v1.7.6 // indirect
 	github.com/jcmturner/goidentity/v6 v6.0.1 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
-	github.com/jlaffaye/ftp v0.2.0 // indirect
-	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
 	github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/praetorian-inc/fingerprintx v1.1.13 // indirect
-	github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb // indirect
-	github.com/prometheus/client_golang v1.1.0 // indirect
-	github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 // indirect
-	github.com/prometheus/common v0.6.0 // indirect
-	github.com/prometheus/procfs v0.0.3 // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/praetorian-inc/fingerprintx v1.1.13
 	github.com/tidwall/transform v0.0.0-20201103190739-32f242e2dbde // indirect
-	github.com/weppos/publicsuffix-go v0.4.0 // indirect
-	github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 // indirect
-	github.com/zmap/zcrypto v0.0.0-20200508204656-27de22294d44 // indirect
-	github.com/zmap/zflags v1.4.0-beta.1 // indirect
-	github.com/zmap/zgrab2 v0.1.7 // indirect
-	golang.org/x/crypto v0.19.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
+	github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db // indirect
+	github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968 // indirect
+	github.com/zmap/zgrab2 v0.1.8-0.20230806160807-97ba87c0e706
+	golang.org/x/crypto v0.19.0
+	golang.org/x/net v0.19.0
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/internal/goad/ldap.go b/internal/goad/ldap.go
@@ -160,7 +160,7 @@ func (o *LdapOptions) Run() (err error) {
 	}
 
 	var wg sync.WaitGroup
-	for _, target := range o.targets {
+	for target := range o.target2SMBInfo {
 		wg.Add(1)
 		go func(t string) {
 			if ldap.IsLDAP(t, o.Connection.Port) {

diff --git a/pkg/ldap/ldap.go b/pkg/ldap/ldap.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/5amu/goad/pkg/utils"
 	"github.com/go-ldap/ldap/v3"
 )
 
@@ -44,24 +45,19 @@ func (c *LdapClient) Connect() error {
 		return nil
 	}
 
-	var err error
-	if c.UseSSL {
-		c.Conn, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Host, c.Port), &tls.Config{
-			InsecureSkipVerify: true,
-			ServerName:         c.Host,
-		})
-	} else {
-		c.Conn, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Host, c.Port))
-	}
+	conn, err := utils.GetConnection(c.Host, c.Port)
 	if err != nil {
-		return err
+		return nil
 	}
+	c.Conn = ldap.NewConn(conn, c.UseSSL)
 
 	if !c.SkipTLS {
 		return c.Conn.StartTLS(&tls.Config{
 			InsecureSkipVerify: true,
 			ServerName:         c.Host,
 		})
+	} else {
+		c.Conn.Start()
 	}
 	return nil
 }

diff --git a/pkg/ldap/utils.go b/pkg/ldap/utils.go
@@ -2,11 +2,11 @@ package ldap
 
 import (
 	"fmt"
-	"net"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/5amu/goad/pkg/utils"
 	ldapfingerprint "github.com/praetorian-inc/fingerprintx/pkg/plugins/services/ldap"
 )
 
@@ -61,12 +61,11 @@ func DecodeZuluTimestamp(timestamp string) string {
 }
 
 func IsLDAP(host string, port int) bool {
-	timeout := 2 * time.Second
-	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), timeout)
+	conn, err := utils.GetConnection(host, port)
 	if err != nil {
 		return false
 	}
-	res, err := ldapfingerprint.DetectLDAP(conn, timeout)
+	res, err := ldapfingerprint.DetectLDAP(conn, 2*time.Second)
 	if err != nil {
 		return false
 	}

diff --git a/pkg/smb/smb.go b/pkg/smb/smb.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/5amu/goad/pkg/utils"
 	"github.com/praetorian-inc/fingerprintx/pkg/plugins"
 	smbfingerprint "github.com/praetorian-inc/fingerprintx/pkg/plugins/services/smb"
 	zgrabsmb "github.com/zmap/zgrab2/lib/smb/smb"
@@ -34,30 +35,29 @@ func (i *SMBInfo) String() string {
 
 func GatherSMBInfo(host string) (*SMBInfo, error) {
 	var info SMBInfo
-	timeout := 3 * time.Second
 
-	conn, err := net.DialTimeout("tcp", net.JoinHostPort(host, fmt.Sprintf("%d", 445)), timeout)
+	conn, err := utils.GetConnection(host, 445)
 	if err != nil {
 		return nil, err
 	}
 
 	var metadata *plugins.ServiceSMB
-
-	metadata, err = smbfingerprint.DetectSMBv2(conn, timeout*2)
+	metadata, err = smbfingerprint.DetectSMBv2(conn, 5*time.Second)
 	if err != nil {
+		fmt.Println(err)
 		return nil, err
 	}
 	_ = conn.Close()
 
-	conn, err = net.Dial("tcp", fmt.Sprintf("%s:%d", host, 445))
+	conn, err = utils.GetConnection(host, 445)
 	if err != nil {
 		return nil, err
 	}
 	_, err = getSMBInfo(conn, true, true)
 	info.SMBv1Support = err == nil
 	_ = conn.Close()
 
-	conn, err = net.Dial("tcp", fmt.Sprintf("%s:%d", host, 445))
+	conn, err = utils.GetConnection(host, 445)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/ssh/ssh.go b/pkg/ssh/ssh.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/5amu/goad/pkg/utils"
 	zgrab "github.com/zmap/zgrab2/lib/ssh"
 	"golang.org/x/crypto/ssh"
 )
@@ -15,23 +16,27 @@ type Client struct {
 	conn *ssh.Client
 }
 
-func connect(user string, signer ssh.AuthMethod, fullHost string) (*Client, error) {
-	client, err := ssh.Dial("tcp",
-		fullHost,
-		&ssh.ClientConfig{
-			User:            user,
-			Auth:            []ssh.AuthMethod{signer},
-			HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-			Timeout:         3 * time.Second,
-		},
-	)
+func connect(user string, signer ssh.AuthMethod, host string, port int) (*Client, error) {
+	conn, err := utils.GetConnection(host, port)
+	if err != nil {
+		return nil, err
+	}
+	c, ch, req, err := ssh.NewClientConn(conn, fmt.Sprintf("%s:%d", host, port), &ssh.ClientConfig{
+		User:            user,
+		Auth:            []ssh.AuthMethod{signer},
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		Timeout:         3 * time.Second,
+	})
+	if err != nil {
+		return nil, err
+	}
 	return &Client{
-		conn: client,
+		conn: ssh.NewClient(c, ch, req),
 	}, err
 }
 
 func ConnectWithPassword(user, pass string, host string, port int) (*Client, error) {
-	return connect(user, ssh.Password(pass), fmt.Sprintf("%s:%d", host, port))
+	return connect(user, ssh.Password(pass), host, port)
 }
 
 func ConnectWithKey(user, keyPath string, host string, port int) (*Client, error) {
@@ -43,7 +48,7 @@ func ConnectWithKey(user, keyPath string, host string, port int) (*Client, error
 	if err != nil {
 		return nil, err
 	}
-	return connect(user, ssh.PublicKeys(signer), fmt.Sprintf("%s:%d", host, port))
+	return connect(user, ssh.PublicKeys(signer), host, port)
 }
 
 func (c *Client) Run(cmd string, stdout, stderr io.Writer) error {
@@ -109,7 +114,7 @@ func (c *Client) Close() error {
 	return c.conn.Close()
 }
 
-func GrabBanner(rhost string) (string, error) {
+func GrabBanner(host string, port int) (string, error) {
 	data := new(zgrab.HandshakeLog)
 
 	sshConfig := zgrab.MakeSSHConfig()
@@ -121,10 +126,16 @@ func GrabBanner(rhost string) (string, error) {
 		return nil
 	}
 
-	client, err := zgrab.Dial("tcp", rhost, sshConfig)
+	conn, err := utils.GetConnection(host, port)
 	if err != nil {
 		return "", err
 	}
+	c, ch, req, err := zgrab.NewClientConn(conn, fmt.Sprintf("%s:%d", host, port), sshConfig)
+	if err != nil {
+		return "", err
+	}
+
+	client := zgrab.NewClient(c, ch, req)
 	defer client.Close()
 	return data.ServerID.SoftwareVersion, nil
 }
diff --git a/pkg/utils/proxy.go b/pkg/utils/proxy.go
@@ -0,0 +1,19 @@
+package utils
+
+import (
+	"fmt"
+	"net"
+	"time"
+
+	"golang.org/x/net/proxy"
+)
+
+var DefaultTimeout = 3 * time.Second
+
+func GetConnection(host string, port int) (net.Conn, error) {
+	pd := proxy.FromEnvironment()
+	if pd != nil {
+		return pd.Dial("tcp", fmt.Sprintf("%s:%d", host, port))
+	}
+	return net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), DefaultTimeout)
+}