Tunneling

Assorted Tunneling Commands

SOCKS Proxy (Linux)

The below example illustrates a way one might leverage a dynamic port forward to pivot into a network. In this example an individual is leveraging a Linux endpoint to SSH into a Linux jump box and perform a port scan of a Domain Controller through the jump box. The steps executed are:

  1. Modifying the proxychains configuration file on the attacking endpoint to support SOCKS5 and be in alignment with the port established for the dynamic port forward.

  2. SSHing into the jump box using previously validated credentials. Additionally, requesting a dynamic port forward, requesting no command execution on the remote endpoint, and requesting the process be moved to the background.

  3. Exporting a variable that will allow the proxychains command to be able to resolve DNS through the proxy.

  4. Performing a port scan of a Domain Controller through the proxy.

sed -i "/#socks4 127.0.0.1 9050/c\socks5 127.0.0.1 9050" /etc/proxychains4
ssh -i ~/ssh/jump_box -D 9050 -N -f [email protected]
export PROXY_DNS_SERVER=<IP_ADDRESS>
proxychains4 nmap -Pn -sT -p 88 dc.example.com

PreviousFile System ReconnaissanceNextWindows

Last updated

Was this helpful?