BenV's notes » ssh

SOCKS, Opera, and brute force

BenV — Wed, 21 Oct 2009 16:27:08 +0000

Especially force, that’s what we need.
Because somehow Opera still hasn’t bothered to implement SOCKS proxy support. And if you would like to use… oh I don’t know… tor… or maybe simple ssh proxying support to test stuff from an external IP instead of from inside your local network, or for whatever your reason might be (working around your corperate firewall? )…. you have to use Firefox. Because they DO have SOCKS support. Strange. A case to bash Opera

So Opera doesn’t suck^Wsocks, huh.
However, since I personally don’t like Firefox enough to recommend people using it over Opera, we’ll have to get socks support using an external program. There are several options for doing this. Bascially what we need is some method to catch the calls to the socket system call and converts them to go through the socks proxy. My expert google skills have found me 3 solutions:

From this list TSocks sounds like the easiest one, even though it hasn’t been updated in _years_. Means either it works or it’s impossible to get to work these days . Anyway, slackbuild didn’t have any issues building me a tsocks package. Let’s see if it works!
First we create a little tsocks.conf file:

root@janeman# echo -e "local = 192.168.1.0/24\nserver = 127.0.0.1\nserver_port = 1234" > /etc/tsocks.conf

This tells tsocks that we want to access the proxy for everything that isn’t in our LAN (192.168.1.0/24) using a server on 127.0.0.1 on port 1234. It’s picky about the whitespace around the ‘=’ in the config though, don’t forget them. Now we have to enable tsocks, either by running the application by using the tsocks wrapper script, or by letting tsocks put itself in the LD_PRELOAD environment variable. I chose the latter:

root@janeman# source tsocks on ; tsocks show
ERROR: ld.so: object '/usr/lib/libtsocks.so' from LD_PRELOAD cannot be preloaded: ignored.
LD_PRELOAD="/usr/lib/libtsocks.so"

*BZZZT* WRONG! That’s strike 1 for being an ancient (not updated for more than 5 years) piece of junk. I’m running a 64 bit OS, that means the library is inside /usr/lib64. Fine, we patch it:

root@janeman# sed -ie 's#/lib/#/lib64/#g; s#\\/lib\\/#\\/lib64\\/#g' /usr/bin/tsocks

If you’re getting errors about that /usr/lib/libtsocks.so not being found, unset your LD_PRELOAD variable
Good, time for a test!

benv@janeman$ ssh -D 1234 -N some.host.to.proxy.with
benv@some.host.to.proxy.with's password: ******
# SSH is forwarding but doesn't take commands from you now, leave it, switch to another terminal and continue there
benv@janeman$ source tsocks on ; echo -e 'GET / HTTP/1.0\r\nHost: www.whatismyip.crg \n\r\n' | nc www.whatismyip.org 80 | tail -1
123.456.789.012

It works! In order to make Opera use it simply start it like that:

benv@janeman$ source tsocks on ; opera

NEXT! ProxyChains
“Q: Why use it in the first place? Tsocks works!”
A: Because it’s always good to have more than 1 tool available to use. Because its latest version is not 7 years old (only 2 *cough*). Because it has other features. Because it’s fun to test shit

Chalk down another success for slackbuild. Next, the configuration file. /etc/proxychains.conf is automagically installed, so we only have to adapt it if we choose to. The default config should work for tor, but we want it for my SSH proxy. I changed the default proxy at the end of the file to be ‘socks5 127.0.0.1 1234′. Note that it has the cool features to use several proxies (hence the name I suppose) in a chain (randomly if wanted) and also to proxy DNS. Anyway, the test (after unsettings the LD_PRELOAD variable!):

Cool, another working solution. Note how it proxied the DNS request for us. Also I find this one easier to use than tsocks.

Finally there’s this Kernel Socks Bouncer module, but it’s too much of a hassle for me to run kernel modules for a simple socks proxy. Let me know if it’s great if you used it
Thanks for reading folks!

Pokemon OS, rsync/ssh and MAC

BenV — Fri, 11 Sep 2009 10:26:14 +0000

So yesterday at work I ran into the famous ssh MAC failure like this:

wouter@wouter-laptop:~:0> rsync -varP ./vmware/ wouter@192.168.1.2:/archive/archive2/programs/vmware/
Password:
sending incremental file list
./
Keys
116 100% 0.00kB/s 0:00:00 (xfer#1, to-check=8/10)
linux/
linux/VMware-server-2.0.1-156745.i386.tar.gz
32768 0% 800.00kB/s 0:10:11 Received disconnect from 192.168.1.2: 2: Corrupted MAC on input.

rsync: writefd_unbuffered failed to write 4 bytes to socket [sender]: Broken pipe (32)
rsync: connection unexpectedly closed (53 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]

No, that has nothing to do with Apple/Mac computers or Media Access Control, it’s
part of the SSH protocol (and others) called Messenge Authentication Code. This blog has a nice explanation: Jan Pechanec on SSH messages.

Funny thing, my brother also had this exact issue with the same kind of laptop. Well…. in his case it was putty failing his connection from a windows machine to this laptop.
The reason? Same as ever, checksum offloading.
You can check if your card does this with the ethtool program:

wouter@wouter-laptop:~:0> sudo ethtool -k eth0
Offload parameters for eth0:
Cannot get device flags: Operation not supported
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: on
generic-receive-offload: off
large-receive-offload: off

And the fix for this:

wouter@wouter-laptop:~:85> sudo ethtool -K eth0 tx off

Fixed.

” Wait, what does Pokemon OS have to do with this?”
Well, isn’t that obvious? It’s supposed to magically work, and it doesn’t!
Probably more a kernel thing though… oh well.

The wonders of SSH forwarding

BenV — Fri, 21 Aug 2009 15:20:24 +0000

This is trivial stuff, but nice to know.

Do they have a cute little firewall at your work that only allows outgoing traffic on a certain port? Does some site have retarded IP restrictions? Does the piratebay block you from home?
Have no fear, ssh is slow as a bear. (huh?)

Anyway, you could use an anonymous proxy to get around all of this, but they are often slow and hard to find. Not only that, they often require you to use a specific port.
So the simple solution for all this: use ssh. Of course this requires you to have ssh access on a machine outside of the network that you’re trying to get out of.
But if you don’t even have that, you probably suck anyway. (get lost with your micro~s fail piece of cardboard).

Solution #1, for simple TCP port forwards. For instance when you’re trying to access a remote snmp server that has the irc port (6667 by default) firewalled:

idiot@yourmachine$ ssh -L 1234:127.0.0.1:6667 ip.of.irc.machine
*username and password stuff*

After a successful login you can now connect an IRC program to localhost on port 1234 and it will act as if you were connecting to the remote machine directly. (bypassing the firewall).
Woei. Too bad this fails for UDP though. You also need to keep the ssh connection open, but that’s pretty obvious.

Solution #2, for a real proxy solution. When you’re trying to access a remote web server it becomes more annoying to use a simple port forward, since your browser will not pass the correct
information to the remote server. (It will say Host: 127.0.0.1 for where it was supposed to be Host: www.piratebay.org for example).
To make this work we simply turn ssh into a socks proxy like this:

moron@yourmom$ ssh -D 1234 ip.remote.shell.machine
*username and password stuff*

Now you can enter localhost and port 1234 in your browser’s proxy configuration in the SOCKS proxy section. Magic, you can now go to any site and it will be tunneled through the nicely encrypted ssh session. (although it might be a bit slower).

Well, so much for the obvious stuff today.