WinGate Proxy Server
Systems Affected
Networks Employing the WinGate Proxy 2
The Problem
Aim: To infiltrate
internal "protected" network using the Wingate Proxy Server via file sharing. (a) A default installation of Wingate 2
Demonstration Code:
Due to the nature of the system, one is only capable of getting the machine name of the
gateway computer using such commands as nbtstat and nmblookup (samba). The method i was
trying was to set up a udp relay in order to utilise the internal machine"s udp netbios
port (137) to use such problems, but fortunately I spent a while studying up on the
netbios RFC and wrote my own code to do so. As this is now not an option via the socks 5
proxy, there only leaves a glimmer of hope, namely the dns server, which in the past i
have used a number of times to find out some names, but this was on the whole a fairly
unsuccessful method. Another point is that if the gateway machine is an NT box prior to
sp3 then one is able to see other machine names.
But the essence of my initial claim is that file sharing is capable through the Wingate
Server.
Attached is a very large and crude vb binary, but
alas it demonstrates the problem well.
Notes on use:
======
(a) install
smbclient -L
-p 1000
(f) to use one of the shares:
smbclient \\\\ of wingate host> -p 1000
In this example one requires the use of samba, but if I had the time I'd write a pure
windows version in a real language, but this should suffice.
Countermeasures
(a) a secure wingate server
That"s about it, commonsense.
Stopping the Problem:
Load the new beta version of WinGate 2.1 located here.
To learn
more about new NT security concerns, subscribe to NTSD.
Credit: |
WinGate Proxy Server Again
0 comments
Hide comments