Skip to content

rportfwd issue #1906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
4dr1rb opened this issue Mar 13, 2025 · 5 comments
Open

rportfwd issue #1906

4dr1rb opened this issue Mar 13, 2025 · 5 comments
Labels
bug Something isn't working

Comments

@4dr1rb
Copy link

4dr1rb commented Mar 13, 2025
edited
Loading

Describe the bug
There seems to be a problem when I use "rportfwd" in the implant:

rportfwd add -b 192.168.100.51:9000 -r 127.0.0.1:9000

[*] Reverse port forwarding 127.0.0.1:9000 <- 192.168.100.51:9000

 ID     Remote Address       Bind Address       
==== ================ ====================
  1      127.0.0.1:9000          192.168.100.51:9000

What I want is for the 192.168.100.51 machine to connect to port 9000, and it will be redirected to port 9000 on my machine.
It only works the first time I connect to 192.168.100.51:9000. On subsequent connections, the tunnel seems to close.

On machine 127.0.0.1:9000 I have a web server.

To Reproduce
rportfwd add -b 192.168.100.51:9000 -r 127.0.0.1:9000

Expected behavior
That the tunnel does not close.

Versions:

[*] Client v1.5.43 - e116a5ec3d26e8582348a29cfd251f915ce4a405 - linux/amd64
    Compiled at 2025-02-19 20:57:36 +0100 CET
    Compiled with go version go1.20.7 linux/amd64

[*] Server v1.5.43 - e116a5ec3d26e8582348a29cfd251f915ce4a405 - linux/amd64
    Compiled at 2025-02-19 20:57:35 +0100 CET

Additional context
Log:

INFO[2025-03-13T20:56:52+01:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:220] finished unary call with code OK 
INFO[2025-03-13T20:57:09+01:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:220] finished unary call with code OK 
INFO[2025-03-13T20:57:15+01:00] [sliver/server/handlers/sessions.go:285] [tunnel] Tunnel done, wrote 1309 bytes 
INFO[2025-03-13T20:57:15+01:00] [sliver/server/handlers/sessions.go:268] [portfwd] Closing tunnel 5449404239163939218 (%!s(<nil>)) 
ERRO[2025-03-13T20:57:20+01:00] [sliver/server/handlers/sessions.go:231] Session 92c74923-490c-4293-993d-2131e6756ef4 attempted to create reverse tunnel to 127.0.0.1:9000 without being initiated by a client
@rkervella rkervella added the bug Something isn't working label Mar 13, 2025
@rkervella
Copy link
Member

I think I know what's going on, I'll try to push a fix when I get some time.

@rkervella
Copy link
Member

This is the culprit:

sliver/server/handlers/sessions.go

Lines 229 to 235 in a89675d

remoteAddress := fmt.Sprintf("%s:%d", req.Rportfwd.Host, req.Rportfwd.Port)
if !rtunnels.Check(session.ID, remoteAddress) {
sessionHandlerLog.Errorf("Session %s attempted to create reverse tunnel to %s without being initiated by a client", session.ID, remoteAddress)
return nil
}
defer rtunnels.DeletePending(session.ID)

I wrongly assumed that createReverseTunnelHandler is only called once. We should probably keep the reverse tunnel info in the map until the tunnel is closed.

@4dr1rb
Copy link
Author

4dr1rb commented Mar 13, 2025

Thank you very much, will you release a binary version?

@rkervella
Copy link
Member

Yes, probably 1.5.44 when I get to it.

@rkervella rkervella mentioned this issue Mar 27, 2025
Closed
@4dr1rb
Copy link
Author

4dr1rb commented Apr 2, 2025

Can you fix the rportfwd issue? I'm trying to manage two mapped ports and am having a lot of trouble. It seems like when two or more ports are created, they get corrupted.

Thanks!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rkervella @4dr1rb