Announcement

Collapse
No announcement yet.

NxProxy

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    NxProxy

    Hi

    Just wondering about NxProxy, I have installed it on the client machine (on a home lab) and set the server IP to NxFilter and used the correct user token and the test succeeded and have also set it up on the server Policy > NxFilter

    However NxProxy on the client keeps reverting the DNS to 127.0.0.1 which is stopping the connection to the DC.

    Am I doing something wrong?

    Click image for larger version Name: image.png Views: 39 Size: 30.6 KB ID: 3386Click image for larger version Name: image.png Views: 33 Size: 241.3 KB ID: 3387
    Tags: None
  • #2
    NxProxy itself is a DNS server. It hijacks local DNS requests and sends it to NxFilter. So, it should change the system DNS settings to be pointing 127.0.0.1.

    If it's in AD then I guess hawks.internal is your AD domain. If you set your DC IP in Local DNS Server, it will bypass the domain to your DC that is your MS DNS server.

    Comment

    • #3
      Thank you, just misunderstood

      Comment

      • #4
        Hi sorry I have had to set this up again, everything looks correct but NxProxy on the client machine is showing connection error, the ip and token are both correct

        IP ending 138 is the main domain controller

        IP ending 131 is another dc which has nxfilter running on it

        Code:
        INFO [05-04 11:48:06] - NxPolicy.httpPolicyToken, url = https://192.168.232.131/hxlistener?action=/NXP&token=441SOQM3
 INFO [05-04 11:48:06] - LocalResolver.setResolver, Local resolver IP = 8.8.8.8.
 INFO [05-04 11:48:06] - Main.doWork, LocalResolver started.
 INFO [05-04 11:48:06] - Main.doWork, HandyMan started.
 INFO [05-04 11:48:06] - Main.doWork, Starting DNS.
 INFO [05-04 11:48:06] - Main.doWork, RequestHandler started.
 INFO [05-04 11:48:06] - Main.doWork, UdpServer started.
 INFO [05-04 11:48:06] - LocalResolver.findLocalDnsIpByDhcp, Current system DNS IP = 192.168.232.138.
 INFO [05-04 11:48:06] - LocalResolver.findLocalDnsIpByDhcp, It's not started with '127.'. We try to use it, curIp = 192.168.232.138.
 INFO [05-04 11:48:06] - LocalResolver.findLocalDnsIpByDhcp, New local DNS server = 192.168.232.138.
 INFO [05-04 11:48:06] - LocalResolver.setResolver, Local resolver IP = 192.168.232.138.
ERROR [05-04 11:48:08] - NxPing.run, Connection error! IP = 192.168.232.131
 INFO [05-04 11:48:08] - HandyMan.isDnsHijacked, We found a DNS server IP not updated, 192.168.232.138
 INFO [05-04 11:48:08] - HandyMan.hijackDns, Updating DNS settings on Windows.
 INFO [05-04 11:48:09] - Config.setWinLocalDomain, New winLocalDomain = hawk.internal
 INFO [05-04 11:48:09] - HandyMan.isDnsHijacked, We found that it's already hijacked by nslookup.
 INFO [05-04 11:48:09] - HandyMan.hijackDns, We changed DNS settings.
ERROR [05-04 11:48:12] - NPr, No text from httpPolicyToken! - ip = 192.168.232.131
 INFO [05-04 11:48:16] - LocalResolver.findLocalDnsIpByDhcp, Current system DNS IP = 127.0.0.1.
 INFO [05-04 11:48:17] - NxPolicy.httpPolicyToken, url = https://192.168.232.131/hxlistener?action=/NXP&token=441SOQM3
ERROR [05-04 11:48:23] - NPr, No text from httpPolicyToken! - ip = 192.168.232.131
 INFO [05-04 11:48:24] - HandyMan.isDnsHijacked, We found that it's already hijacked by nslookup.
 INFO [05-04 11:48:24] - HandyMan.hijackDns, It's already 127.0.0.1.

        Comment

        • #5
          Can you access TCP/443 port of your server from your client?

          Comment

          Previous template Next
          Working...
          X