[IOML] Shell/Perl/Whatever script wanted
dyls at alioth.net
Thu Jul 21 08:42:00 BST 2005
On 21 Jul 2005, at 08:02, Simon Booth wrote:
> The reason that I want to be able to find an outward bound proxy is
> because I want to be able to get a reverse shell from the machine
> (using cryptcat and tunnelling it over HTTP using gnuhttptunnel).
> This I believe is the most sure-fire way of getting a connection out
> as whilst most companies block a lot of traffic they generally allow
If they provide the ability to use HTTPS, you can do an HTTP CONNECT on
the proxy which will probably be nicer to use than encapsulating
everything in HTTP requests (since a HTTP CONNECT allows you to pass
traffic both ways completely unmolested - indeed, some ssh clients (see
PuTTY) actually incorporate this method of getting out via a web
proxy). You'll probably need to listen on port 443 on your end (most
proxies will restrict which ports you can HTTP CONNECT to). If you have
that ability you can just use SSH (set up an sshd on port 443 on your
machine, have the remote machine ssh in and use ssh port forwarding to
allow you to get back to the machine at the other end). If you're using
OpenSSH, you'll have to write a small program (you can do this in Perl,
and indeed there are examples on the internet) to do the actual HTTP
CONNECT, and then have ssh connect to this on localhost. You then get
your encrypted tunnel for free as it were.
> One thing I guess I can't get around is if the client uses
> authentication on the proxy so obviously that is a scenario where they
> would have to provide some credentials, but, I'm not sure how
> mainstream that is.
In my experience of these things, if they do and they are using ISA
Server, since the authentication is proprietary and only supported by
Redmondware, they have to have a second unauthenticated proxy for other
programs (such as BACS processing or virus definition updates).
More information about the IOM