Pyenv + Proxychains doesn't route requests through proxy

[StefanDorresteijn]

Hi there,

I've been trying to get a pyenv installed version of python to route requests through proxychains on my mac. Unfortunately that hasn't been working. Other tools like nmap do work, but python won't.

Output when using proxychains with python:

proxychains4 python ~/Workspace/tools/impacket/examples/GetADUsers.py -all -k -no-pass -dc-ip --snip-- example.com/pete -debug

[proxychains] config file found: /usr/local/etc/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.dylib
Impacket v0.10.1.dev1+20230203.111903.32178de - Copyright 2022 Fortra

[+] Impacket Library Installation Path: /Users/stefandorresteijn/.pyenv/versions/3.7.13/lib/python3.7/site-packages/impacket
[+] Connecting to --SNIP--, port 389, SSL False

Using:
pyenv 2.3.11
proxychains-ng from homebrew
Python 3.7.13 (via pyenv)
M1 Mac

[rofl0r]

pyenv uses some sort of sandboxing, right ? that could be why.
also check first with curl whether proxychains works at all, you gotta disable lots of security things (see pinned issue).

[xinhuang]

Hi,

I got the same problem on Kali 2023.2a. curl works but not python/ruby scripts, no matter they are installed globally or from a local virtualenv. But it works when running the script with sudo.

However it works when I run the same tool from Kali 2023.1 or I run from the provided VBox image, but not from my manually set up VBox machine.

$ proxychains crackmapexec smb -d xxx.local -u xxx -p xxx -x 'mkdir \users\public\downloads' 192.168.x.x                                                                                  
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4

$ proxychains curl -vvv 192.168.110.52:5985                                                                                                                                                                     master * ] 8:05 PM
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
*   Trying 192.168.110.52:5985...
[proxychains] Strict chain  ...  127.0.0.1:9091  ...  192.168.110.52:5985  ...  OK
* Connected to 192.168.110.52 (127.0.0.1) port 5985 (#0)
> GET / HTTP/1.1
> Host: 192.168.110.52:5985
> User-Agent: curl/7.88.1
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< Date: Mon, 03 Jul 2023 11:13:06 GMT
< Connection: close
< Content-Length: 315
< 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
* Closing connection 0

I also tried strace and compared the output, one of the differences I notice is even both the log outputs preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4, only the working case there is a call to openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libproxychains.so.4", O_RDONLY|O_CLOEXEC) = 3.

I checked the two pinned issues but couldn't find what are the related security settings. Can anyone help point out what security settings are related to this behavior?

Thanks!

[rofl0r]

I checked the two pinned issues but couldn't find what are the related security settings.

i mentioned that because op is using a mac.

so crackmapexec is a ruby or python script ? make sure it's not written in go or calls programs written in go as they are statically linked by default and dont use the dynlinker, which is responsible for injecting the proxychains library. the new version on kali .2a might also do something to clear the environment variables, which would also prevent the hook from kicking in.

[xinhuang]

thanks for the information.

yes, crackmapexec is a python script and I also have problem with other ruby scripts as well. I don't think they are using any go binaries. it seems like some configuration problem as with sudo the proxychains works as expected.

I will try to dig more and find out what happened.

[xinhuang]

Finally found out the reason. It's because the following lines of code in my setup scripts:

sudo setcap 'cap_net_bind_service=+ep' `readlink -f $(which python3)`
sudo setcap 'cap_net_bind_service=+ep' `readlink -f $(which ruby)`

Guess adding extra capability prevents it loads proxychains library on the newer Kali due to some security related changes.

(I know this isn't a proper place to leave the comment, but just in case in the future someone is facing the same issue.)

Thanks for all the help.