Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Pivoting

ProxyChains

Network Pivoting with ProxyChains

Network pivoting refers to the practice of leveraging a compromised system (also known as a "pivot point") within a network to access other systems or services that are otherwise inaccessible. In the context of penetration testing or red teaming, network pivoting is often used to move laterally within a network after gaining access to an initial host.

ProxyChains enables network pivoting by routing your traffic through a chain of proxies, allowing you to effectively "tunnel" your connections through an intermediate system and access services that would normally be outside of your reach.

Installing ProxyChains

Before using ProxyChains, ensure it is installed on your system. You can install it using your package manager.

sudo apt install proxychains

How ProxyChains Works

ProxyChains works by forcing an application to route its network traffic through a specified chain of proxies. These proxies can be of different types, including SOCKS5, HTTP, or HTTPS proxies.

In a network pivoting scenario, the proxy chain typically starts with the compromised system and uses it as a proxy to route your traffic to other internal systems. This allows you to access resources that are not directly exposed to the public internet.

Configuring ProxyChains

To use ProxyChains, you'll need to configure it by specifying the proxy chain in the /etc/proxychains.conf file.

Step 1: Open the Configuration File

Edit the proxychains.conf file:

sudo nano /etc/proxychains.conf

Step 2: Set the Proxy Servers

You’ll need to define the proxy servers that ProxyChains will use. You can specify multiple proxies for a chained configuration, meaning your traffic will go through each proxy in the order you list them.

Add the proxy information at the bottom of the configuration file. For example, you could use a SOCKS5 proxy for your pivot point:

# Example of a SOCKS5 proxy
socks5  127.0.0.1 1080

You can add more proxies as needed. For example, if you want to route traffic through two proxies, the file might look like this:

socks5  127.0.0.1 1080
http    192.168.1.1 8080

Step 3: Configure the Proxy Chain Mode

At the top of the file, you can specify the type of proxy chain to use. There are two main modes:

  • dynamic_chain: This mode will try to connect to the proxies in sequence but will skip any proxies that are unavailable.

  • strict_chain: This mode requires all proxies to be available in the chain; if one is down, the connection will fail.

For network pivoting, dynamic_chain is often preferred because it’s more flexible in case one of the proxies is down.

Make sure the dynamic_chain option is uncommented in the configuration file:

dynamic_chain

Step 4: Save and Exit

After editing the configuration, save and close the file. In nano, press CTRL + X, then press Y to confirm the changes.

Using ProxyChains for Network Pivoting

Once ProxyChains is configured, you can use it to route your application traffic through the proxy chain.

Step 1: Start ProxyChains

To use ProxyChains, you simply prepend it to any command that requires network access. For example, if you want to use nmap to scan an internal system behind a compromised host, you can use the following command:

proxychains nmap -sT 192.168.1.100

This command will route the nmap scan through the proxy chain you configured in proxychains.conf. The internal system 192.168.1.100 will only see traffic coming from the proxy chain rather than your local machine.

Step 2: Access Internal Services

You can also use ProxyChains to access internal services such as SSH, web applications, or file shares that are only accessible from the compromised system.

For example, to SSH into a machine behind the compromised host, you would use:

proxychains ssh user@192.168.1.100

This command will establish the SSH connection through the proxy chain, allowing you to access the internal machine behind the pivot.

Troubleshooting ProxyChains

  • Proxy Timeout: If the proxy server is too slow or unresponsive, try increasing the timeout value in the proxychains.conf file.

  • Check Proxy Availability: Make sure all proxies in the chain are up and running, especially if you're using strict_chain mode.

  • Testing: Test your proxy chain setup with simple applications like curl or wget to ensure it's routing traffic through the proxy chain properly.

PreviousPivoting: Using Remote DesktopNextMetasploit

Last updated 18 days ago