Pivoting ( ProxyChains )
Pivoting lets the attacker access the services/machines the compromised machines connected to.
Pivoting allows the attacker to enlarge the attack surface by performing actions as the network-connected machine
Tools Required:
ProxyChains
SSH / CHISEL
NEED: With proxychains tools which are not available in the compromised machine can be used from the attaker machine (eg: medusa etc..,)
kali -> proxychains -> compromised_machine -> request for accessing from internal_machine -> internal_machine:80
Exploitation
After installing proxychains in the attackers machine
Configure the port that will be used by the proxychains with its protocol being SOCK Proxy
Perform Dynamic port forwarding
Chisel
When SSH Password is not available, make use of chisel to perform
Start a chisel server on the attacker machine
On the compromised machine connect to the attackers reverse connection
Once the connection is made successfully from the compromised machine to the attackers machine, the chisel on the attackers machine will show the port the chisel is connected to
By default chisel will connect on port 1080, so lets change the configuration in the proxychains to perform actions on this port (1080)
Now we can execute commands with proxychains
SSH
Perform Dynamic Port Forwarding
Once the connection initializes, an attacker can use proxychains to leverage the attack surface
Legend
1 - Added the port 9051 in the /etc/proxychains config file
2 - Inspecting the port activity of 9051 in attackers machine
3 - Dynamic port forwarding to the port configured in proxychains
-D 90514 - Activity on the port 9051 in attakcers machine
5 - Grabbing banner of the service running on port 25 in the compromised machine
6 - Using proxy chains to obtain the banner of the service on port 25 in the compromised machine
Bruteforces / Automated attack tools can be used with proxychains
Last updated
Was this helpful?