csk

Msfconsole over Tor Network

November 23, 2019394 words

Small POC about running msfconsole over tor

First without torify ... (let's say my IP address is 123.123.123.123)

msfconsole -q -x 'use auxiliary/gather/external_ip;run;quit'             
[+] Source ip to ifconfig.me is 123.123.123.123
[*] Auxiliary module execution completed

And with torify ...

torify msfconsole -q -x 'use auxiliary/gather/external_ip;run;quit'
1569426930 WARNING torsocks[34645]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:193)
1569426930 WARNING torsocks[34645]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:193)
[-] ***
[-] * WARNING: No database support: could not connect to server: Operation not permitted
    Is the server running on host "localhost" (127.0.0.1) and accepting
    TCP/IP connections on port 5432?

[-] ***
[+] Source ip to ifconfig.me is 23.129.64.170
[*] Auxiliary module execution completed

It does work, but we can not use the connection to our db running on localhost. Did not find torify configuration file or parameters to enable localhost connections. But proxychains4 does have a /etc/proxychains.conf configuration file to enable connections that connects to localhost. The following is done adding this line to the config file

cat /etc/proxychains.conf |grep -B4 '^localnet'
## RFC5735 Loopback address range
## if you enable this, you have to make sure remote_dns_subnet is not 127
## you'll need to enable it if you want to use an application that 
## connects to localhost.
localnet 127.0.0.0:5432/255.0.0.0

And after that we get a tor address without database issues.

proxychains -q msfconsole -q -x 'use auxiliary/gather/external_ip;run;quit'
[+] Source ip to ifconfig.me is 23.129.64.187
[*] Auxiliary module execution completed

To do scanning remember to use -Pn to disable host discovery, probably because of ICMP over tor causing issues.

msf5 > db_nmap -sT -p80 check.torproject.org
[*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-25 12:17 EDT
[*] Nmap: 'nmap: netutil.cc:1379: int collect_dnet_interfaces(const intf_entry*, void*): Assertion `rc == 0' failed.'
msf5 > db_nmap -sT -Pn -p80 check.torproject.org
[*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-25 12:17 EDT
[*] Nmap: Nmap scan report for check.torproject.org (224.0.0.1)
[*] Nmap: Host is up (0.41s latency).
[*] Nmap: rDNS record for 224.0.0.1: all-systems.mcast.net
[*] Nmap: PORT   STATE SERVICE
[*] Nmap: 80/tcp open  http
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds

More from csk
All posts