Skip to content

rportfwd do not work #1918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Kano-2525-a opened this issue Mar 27, 2025 · 3 comments
Closed

rportfwd do not work #1918

Kano-2525-a opened this issue Mar 27, 2025 · 3 comments
Labels
duplicate This issue or pull request already exists

Comments

@Kano-2525-a
Copy link

Kano-2525-a commented Mar 27, 2025
edited
Loading

I compiled a sliver-server using the main branch, rportfwd do not work

rportfwd add -b 10.0.3.178:1000 -r 127.0.0.1:9911

[*] Reverse port forwarding 127.0.0.1:9911 <- 10.0.3.178:1000

sliver.log:
ERRO[2025-03-28T00:45:18+08:00] [sliver/server/handlers/sessions.go:231] Session d55d7a8f-fd3f-467a-9f12-e33b2ee0b1fe attempted to create reverse tunnel to 127.0.0.1:9900 without being initiated by a client
ERRO[2025-03-28T00:45:52+08:00] [sliver/server/handlers/sessions.go:231] Session d55d7a8f-fd3f-467a-9f12-e33b2ee0b1fe attempted to create reverse tunnel to 127.0.0.1:9900 without being initiated by a client
ERRO[2025-03-28T00:45:53+08:00] [sliver/server/handlers/sessions.go:231] Session d55d7a8f-fd3f-467a-9f12-e33b2ee0b1fe attempted to create reverse tunnel to 127.0.0.1:9900 without being initiated by a client
ERRO[2025-03-28T00:46:41+08:00] [sliver/server/handlers/sessions.go:231] Session d55d7a8f-fd3f-467a-9f12-e33b2ee0b1fe attempted to create reverse tunnel to 127.0.0.1:9900 without being initiated by a client
ERRO[2025-03-28T00:46:42+08:00] [sliver/server/handlers/sessions.go:231] Session d55d7a8f-fd3f-467a-9f12-e33b2ee0b1fe attempted to create reverse tunnel to 127.0.0.1:9900 without being initiated by a client
@rkervella rkervella added the duplicate This issue or pull request already exists label Mar 27, 2025
@rkervella
Copy link
Member

Closing as it's a duplicate of #1906

@Kano-2525-a
Copy link
Author

Closing as it's a duplicate of #1906

func createReverseTunnelHandler(implantConn *core.ImplantConnection, data []byte) *sliverpb.Envelope {
session := core.Sessions.FromImplantConnection(implantConn)

req := &sliverpb.TunnelData{}
proto.Unmarshal(data, req)

//bug point
// uniq(sessionID + port)
compositeKey := fmt.Sprintf("%s:%d", session.ID, req.Rportfwd.Port)
remoteAddress := fmt.Sprintf("%s:%d", req.Rportfwd.Host, req.Rportfwd.Port)

rtunnels.AddPending(compositeKey, remoteAddress)



if !rtunnels.Check(compositeKey, remoteAddress) {
	sessionHandlerLog.Errorf("Session %s attempted to create reverse tunnel to %s without being initiated by a client", session.ID, remoteAddress)
	return nil
}

//	defer rtunnels.DeletePending(session.ID)

var defaultDialer = new(net.Dialer)

ctx, cancelContext := context.WithCancel(context.Background())

dst, err := defaultDialer.DialContext(ctx, "tcp", remoteAddress)
//dst, err := net.Dial("tcp", remoteAddress)
if err != nil {
	tunnelClose, _ := proto.Marshal(&sliverpb.TunnelData{
		Closed:   true,
		TunnelID: req.TunnelID,
	})
	implantConn.Send <- &sliverpb.Envelope{
		Type: sliverpb.MsgTunnelClose,
		Data: tunnelClose,
	}
	cancelContext()
	return nil
}

if conn, ok := dst.(*net.TCPConn); ok {
	// {{if .Config.Debug}}
	//log.Printf("[portfwd] Configuring keep alive")
	// {{end}}
	conn.SetKeepAlive(true)
	// TODO: Make KeepAlive configurable
	conn.SetKeepAlivePeriod(1000 * time.Second)
}

tunnel := rtunnels.NewRTunnel(req.TunnelID, session.ID, dst, dst)
rtunnels.AddRTunnel(tunnel)

defer rtunnels.DeletePending(compositeKey)

maybe it works?i tested this could be work in my local pc. but msf met toubles

@rkervella
Copy link
Member

That could work, I was thinking about moving the call to rtunnels.DeletePending in rpc-rportforward instead, that way we're deleting the reference on user request, not arbitrarily in createReverseTunnelHandler. I just haven't had time to work on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rkervella @Kano-2525-a