Pivoting with Proxychains

by Vince
in Blog
Hits: 1035

Let's say we have a small hole into an environment, like a web server sitting behind the firewall with a port open to the Internet.  We compromise the web server and from the web server, we can see other targets in the environment but we are unable to see those targets directly from our attacking machine.  We need a way of pivoting through that web server in order to attack those targets and that's where we can use Proxychains. 

In this first image, I'm getting ahead of myself a little bit but I wanted to paint the picture. 



I assume if you're here, you're already familiar with Proxychains but looking at the man pages, we find:



In summary, we can route traffic through a proxy -- the proxy being our compromised web server.  But first we need to modify proxychains.conf:



Once we get the configuration saved, we can then execute our SSH command from above.  With everything in place, we're listening on port 9050 for traffic and we're routing that traffic through SSH to our compromised web server which will then redirect to our intended target.  We are not able to perform ping, nmap scans, or do anything below Layer 5.  That being said, we can preface commands like metasploit and various other tools to run through our proxy.



We are also capable of redirecting browser traffic directly through tunnel by configuring the proxy settings on the browser for 127.0.0.1:9050 or whichever port you've picked.