New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added a module for SOCKSv5 proxying #478

Merged
merged 1 commit into from Apr 21, 2017

Conversation

Projects
None yet
3 participants
@klustic

klustic commented Apr 5, 2017

When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:
https://github.com/klustic/AlmondRocks

** Server Usage **
$ ./almondrocks.py server -d -t 8443 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 8443
set Agent ...

Added a new module for SOCKSv5 proxying
When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:

https://github.com/klustic/AlmondRocks
** Server Usage **
$ ./almondrocks.py server -d -t 4433 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 4433
set Agent ...

@xorrior xorrior self-assigned this Apr 9, 2017

@xorrior

This comment has been minimized.

Contributor

xorrior commented Apr 9, 2017

Will test this once I have a macOS test box. Thanks for the PR.

@klustic

This comment has been minimized.

klustic commented Apr 9, 2017

Awesome, thanks! I have tested on Ubuntu 14 / 16 LTS and CentOS 7. Windows will likely fail due to use of select() on stdin and the decision to use Unix sockets. I don't see a reason why OS X should have issues. Keep me posted on your findings

@xorrior

This comment has been minimized.

Contributor

xorrior commented Apr 21, 2017

Didn't get the chance to test on OSX but it looks good. Tested on Ubuntu 16 and it worked like charm. Thanks again.

@xorrior

This comment has been minimized.

Contributor

xorrior commented Apr 21, 2017

fyi, I'm going to move the module after merging to the management folder.

@xorrior xorrior self-requested a review Apr 21, 2017

@xorrior xorrior merged commit 042f24a into EmpireProject:2.0_beta Apr 21, 2017

@klustic

This comment has been minimized.

klustic commented Apr 21, 2017

Sweet! Thanks, I've used it a bunch, I hope it will come in handy for others.

@johncole2017

This comment has been minimized.

johncole2017 commented May 12, 2018

Hi,
Please explain how can we use this? I mean how can i use SOCKS proxy for http listeners with windows/hta stage generated ?
thanks

@klustic

This comment has been minimized.

klustic commented May 14, 2018

Hi @johncole2017 ,

To use this module, you need the AlmondRocks server

Clone that project, generate TLS certs, and start the server (instructions on that github's readme). Then interact with your agent, and:

usemodule management/multi/socks
set HOST <your AlmondRocks server>
set PORT <your AlmondRocks port>
execute

You should get a connection on your AlmondRocks server from your agent. You also notice that port 1080 is listening on your AlmondRocks server loopback. This is a SOCKS proxy, so you can point proxychains or some SOCKSv5 proxy-aware app at it and that traffic will proxy through your Empire agent.

Hope this helps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment