3gsocks

command module

v0.0.0-...-f488bbc Latest Latest Go to latest Published: Mar 21, 2021 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aj-code/3gsocks

Links

Open Source Insights

README ¶

3gsocks

This is a multi-platform reverse connect remote socks5 network pivot.

Socks5 based network pivoting
TLS transport with cert pinning
Should run on damn near anything
- Tested - windows and linux
- Totally untested but probably working - various bsds, mac os, aix, solaris, plan9, android
Precompiled binaries available (under dist/) if you're that way inclined

Inspired by some socks functionality I found that one time in some malware I was reversing.

Usage

Spin up the server on your local machine (or your c2 server, whatever) which will listen on two ports. One port accepts TLS connections from the remote client and the other is a socks5 server which you can pipe whatever you like through.

If you're on some sort of linux you can do the following:

Generate some self signed certs:

$ openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 90

Run the server (note that windows or whatever should work too if you grab the right binaries):

$ ./3gsocks_server_linux_amd64 --connect-back-address 127.0.0.1:9999 (there's way more switches, run with a -h to see these and override defaults)

This will then spit out the config key for the client. This hex string just includes the cert hash for TLS pinning, and the connect back address and port.

Then run up the client on the remote machine you want to pivot through, pick the right binary for the machine you're working with. In this case let's imagine it's netbsd on arm64:

$ ./3gsocks_client_netbsd_arm64 505cb6d2460438313aa557f43ef0fefb5e414a5eeaabd6e340b5b6e4867d1cb53132372e302e302e313a39393939

This will then connect back to your server and all going well anything you pipe down the local socks5 port will appear as if it's originating from the remote machine.

Any issues will end up pushed to stdout/stderr, so look at those if you're having issues.

FAQ

Can I have multiple clients connect to the same server? Nooope

What about an android client? Try the linux binaries, and if that doesn't work then recompile using the android NDK.

It doesn't work!? I dunno duuude, fix it up and fire me a pull request.

Acknowledgements

The nspps golang rat authors who inspired me to replicate and improve their socks5 pivot.
3gstudent who's "homework" code I used as a base, as I have a sneaking (and totally unproven) suspicion this was also used as a base by the nspps authors.

License

BSD License, see LICENSE file

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL