Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Added a module for SOCKSv5 proxying #478

Merged
merged 1 commit into from Apr 21, 2017
Merged

Added a module for SOCKSv5 proxying #478

merged 1 commit into from Apr 21, 2017

Conversation

klustic
Copy link

@klustic klustic commented Apr 5, 2017

When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:
https://github.com/klustic/AlmondRocks

** Server Usage **
$ ./almondrocks.py server -d -t 8443 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 8443
set Agent ...

@klustic
Added a new module for SOCKSv5 proxying
05dae22 
When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:

https://github.com/klustic/AlmondRocks
** Server Usage **
$ ./almondrocks.py server -d -t 4433 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 4433
set Agent ...
@xorrior xorrior self-assigned this Apr 9, 2017
@xorrior
Copy link
Contributor

xorrior commented Apr 9, 2017

Will test this once I have a macOS test box. Thanks for the PR.

@klustic
Copy link
Author

klustic commented Apr 9, 2017

Awesome, thanks! I have tested on Ubuntu 14 / 16 LTS and CentOS 7. Windows will likely fail due to use of select() on stdin and the decision to use Unix sockets. I don't see a reason why OS X should have issues. Keep me posted on your findings

@xorrior
Copy link
Contributor

xorrior commented Apr 21, 2017

Didn't get the chance to test on OSX but it looks good. Tested on Ubuntu 16 and it worked like charm. Thanks again.

@xorrior
Copy link
Contributor

xorrior commented Apr 21, 2017

fyi, I'm going to move the module after merging to the management folder.

@xorrior xorrior self-requested a review April 21, 2017 01:17
@xorrior xorrior merged commit 042f24a into EmpireProject:2.0_beta Apr 21, 2017
@klustic
Copy link
Author

klustic commented Apr 21, 2017

Sweet! Thanks, I've used it a bunch, I hope it will come in handy for others.

@johncole2017
Copy link

Hi,
Please explain how can we use this? I mean how can i use SOCKS proxy for http listeners with windows/hta stage generated ?
thanks

@klustic
Copy link
Author

klustic commented May 14, 2018

Hi @johncole2017 ,

To use this module, you need the AlmondRocks server

Clone that project, generate TLS certs, and start the server (instructions on that github's readme). Then interact with your agent, and:

usemodule management/multi/socks
set HOST <your AlmondRocks server>
set PORT <your AlmondRocks port>
execute

You should get a connection on your AlmondRocks server from your agent. You also notice that port 1080 is listening on your AlmondRocks server loopback. This is a SOCKS proxy, so you can point proxychains or some SOCKSv5 proxy-aware app at it and that traffic will proxy through your Empire agent.

Hope this helps

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@xorrior xorrior Awaiting requested review from xorrior

Assignees

@xorrior xorrior

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@klustic @xorrior @johncole2017