Creating the SOCKS tunnel and using Proxychains Step 1 - Set up the SOCKS Server and the SOCKS tunnel using SSH We can configure proxychains to pipe all of the data that an application would normally just push out to the network through normal means, through proxychains, into our SOCKS tunnel, and out of the router on the internal interface. Proxychains allows us to interface with our SOCKS tunnel. Most people think of proxies as needing to be a separate host that you connect to and it will forward your traffic on in your place. However, it is possible to proxy traffic from one application on your local computer through another application on your local computer. We will pipe traffic from an application of interest, in this case msfconsole, through the SOCKS tunnel, into the router, and out of the router's internal interface as if it traffic coming from the router itself. Using those credentials, we are going to set up a SOCKS proxy server on our attacker box that is connected via a SOCKS tunnel to the router. HOW WE'RE GOING TO USE SOCKS: In our example we assume that we have credentials to the router depicted above. WHAT YOU CAN DO: Run something like metasploit's msfconsole, HTTP, SMTP or any other application layer (layer 7) protocol through the tunnel. From an attacker's standpoint, it is also helpful to know that it won't allow you to perform scans using tools such as NMAP if they are scanning based on half open connections etc because that's all functionality happening below layer 5. This includes things such as ping, ARP, etc. That means it doesn't care about anything below that layer in the OSI model! That means that you can't use it to tunnel protocols operating below layer 5. WHAT YOU CAN'T DO: SOCKS is a layer 5 protocol. A SOCKS tunnel would allow you to do that. Through that tunnel we can push any traffic and it will appear on the other side of the router, in the router's internal network, as if that traffic were coming from the router. Let's say that the router is blocking port 445, but you want to target the vulnerable port 445 on the internal server at 11.0.0.32. In our scenario we will use SOCKS to create a dedicated tunnel between the attacker box and the router. One of its most common uses is as a circumvention tool, allowing traffic to bypass internet filtering to access content that is otherwise blocked. We will use the network below as an example: In this tutorial, we will cover using proxychains and SSH to connect to a multihomed device (like a router) that is SSH enabled and using that device to forward traffic from a machine in one network, through the SSH machine, to a network on the other side. Proxychains is an incredibly useful tool that is incredibly poorly documented.
0 kommentar(er)
