Merge pull request #7 from ropnop/feature/socksproxy

add socks proxy support

Author: ropnop

README.md

@@ -30,8 +30,9 @@ $ ./windapsearch --version
 `windapsearch` is a standalone binary with multiple modules for various common LDAP queries
 
 ```
+$ ./windapsearch -h
 windapsearch: a tool to perform Windows domain enumeration through LDAP queries
-Version: dev (131fd6d) | Built: 06/10/20 (go1.14.3) | Ronnie Flathers @ropnop
+Version: dev (f78ee36) | Built: 06/23/20 (go1.14.3) | Ronnie Flathers @ropnop
 
 Usage: ./windapsearch [options] -m [module] [module options]
 
@@ -45,6 +46,7 @@ Options:
       --ntlm              Use NTLM auth (automatic if hash is set)
       --port int          Port to connect to (if non standard)
       --secure            Use LDAPS. This will not verify TLS certs, however. (default: false)
+      --proxy string      SOCKS5 Proxy to use (e.g. 127.0.0.1:9050)
       --full              Output all attributes from LDAP
   -o, --output string     Save results to file
   -j, --json              Convert LDAP output to JSON

go.mod

@@ -3,6 +3,7 @@ module github.com/ropnop/go-windapsearch
 go 1.13
 
 require (
+	github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c
 	github.com/audibleblink/msldapuac v0.2.0
 	github.com/bwmarrin/go-objectsid v0.0.0-20191126144531-5fee401a2f37
 	github.com/go-ldap/ldap/v3 v3.2.1
@@ -13,5 +14,6 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/tcnksm/go-input v0.0.0-20180404061846-548a7d7a8ee8
 	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
+	golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
 	golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd // indirect
 )

go.sum

@@ -29,9 +29,7 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/magefile/mage v1.9.0 h1:t3AU2wNwehMCW97vuqQLtw6puppWXHO+O2MHo5a50XE=
 github.com/magefile/mage v1.9.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
-github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI=
 github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4=
-github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY=
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=

pkg/ldapsession/session.go

@@ -2,8 +2,9 @@ package ldapsession
 
 import (
 	"context"
-	"crypto/tls"
 	"fmt"
+	"golang.org/x/net/proxy"
+	"net"
 	"strings"
 
 	"github.com/ropnop/go-windapsearch/pkg/dns"
@@ -20,6 +21,7 @@ type LDAPSessionOptions struct {
 	UseNTLM          bool
 	Port             int
 	Secure           bool
+	Proxy            string
 	PageSize         int
 	Logger           *logrus.Logger
 }
@@ -81,13 +83,31 @@ func NewLDAPSession(options *LDAPSessionOptions, ctx context.Context) (sess *LDA
 		url = fmt.Sprintf("ldap://%s:%d", dc, port)
 	}
 
-	lConn, err := ldap.DialURL(url)
-	if err != nil {
-		return
-	}
-	if options.Secure {
-		lConn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+	var conn net.Conn
+	defaultDailer := &net.Dialer{Timeout: ldap.DefaultTimeout}
+
+	// Use socks proxy if specified
+	if options.Proxy != "" {
+		pDialer, err := proxy.SOCKS5("tcp", options.Proxy, nil, defaultDailer)
+		if err != nil {
+			return nil, err
+		}
+		conn, err = pDialer.Dial("tcp", fmt.Sprintf("%s:%d", dc, port))
+		if err != nil {
+			return nil, err
+		}
+		sess.Log.Debugf("establishing connection through socks proxy at %s", options.Proxy)
+	} else {
+		conn, err = defaultDailer.Dial("tcp", fmt.Sprintf("%s:%d", dc, port))
+		if err != nil {
+			return
+		}
 	}
+	sess.Log.Debugf("tcp connection established to %s:%d", dc, port)
+
+	lConn := ldap.NewConn(conn, options.Secure)
+	lConn.Start()
+
 	sess.LConn = lConn
 	sess.PageSize = uint32(options.PageSize)
 

pkg/windapsearch/windapsearch.go

@@ -40,6 +40,7 @@ type CommandLineOptions struct {
 	NTLMHash         string
 	UseNTLM          bool
 	Port             int
+	Proxy            string
 	Secure           bool
 	ResolveHosts     bool
 	Attributes       []string
@@ -68,6 +69,7 @@ func NewSession() *WindapSearchSession {
 	wFlags.BoolVar(&w.Options.UseNTLM, "ntlm", false, "Use NTLM auth (automatic if hash is set)")
 	wFlags.IntVar(&w.Options.Port, "port", 0, "Port to connect to (if non standard)")
 	wFlags.BoolVar(&w.Options.Secure, "secure", false, "Use LDAPS. This will not verify TLS certs, however. (default: false)")
+	wFlags.StringVar(&w.Options.Proxy, "proxy", "", "SOCKS5 Proxy to use (e.g. 127.0.0.1:9050)")
 	wFlags.BoolVar(&w.Options.FullAttributes, "full", false, "Output all attributes from LDAP")
 	wFlags.StringVarP(&w.Options.Output, "output", "o", "", "Save results to file")
 	wFlags.BoolVarP(&w.Options.JSON, "json", "j", false, "Convert LDAP output to JSON")
@@ -250,6 +252,7 @@ func (w *WindapSearchSession) Run() (err error) {
 		Hash:             w.Options.NTLMHash,
 		UseNTLM:          w.Options.UseNTLM,
 		Port:             w.Options.Port,
+		Proxy:            w.Options.Proxy,
 		Secure:           w.Options.Secure,
 		PageSize:         w.Options.PageSize,
 		Logger:           w.Log.Logger,