WinGate Proxy Server
Networks Employing the WinGate Proxy 2
The ProblemAim: To infiltrate internal "protected" network using the Wingate Proxy Server via file sharing.
(a) A default installation of Wingate 2
Due to the nature of the system, one is only capable of getting the machine name of the gateway computer using such commands as nbtstat and nmblookup (samba). The method i was trying was to set up a udp relay in order to utilise the internal machine"s udp netbios port (137) to use such problems, but fortunately I spent a while studying up on the netbios RFC and wrote my own code to do so. As this is now not an option via the socks 5 proxy, there only leaves a glimmer of hope, namely the dns server, which in the past i have used a number of times to find out some names, but this was on the whole a fairly unsuccessful method. Another point is that if the gateway machine is an NT box prior to sp3 then one is able to see other machine names.
But the essence of my initial claim is that file sharing is capable through the Wingate Server.
Attached is a very large and crude vb binary, but alas it demonstrates the problem well.
Notes on use:
(b) start it up
(c) put in the ip of the wingate server in the first textbox
(d) get on a unix box with samba on it
(e) to view shares of a wingate internal host type in:
of wingate host> -p 1000
In this example one requires the use of samba, but if I had the time I'd write a pure windows version in a real language, but this should suffice.