diff options
Diffstat (limited to 'docs/writeups/Metasploit_Community_CTF_2020/socks5.txt')
| -rw-r--r-- | docs/writeups/Metasploit_Community_CTF_2020/socks5.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/docs/writeups/Metasploit_Community_CTF_2020/socks5.txt b/docs/writeups/Metasploit_Community_CTF_2020/socks5.txt new file mode 100644 index 0000000..f3b8e00 --- /dev/null +++ b/docs/writeups/Metasploit_Community_CTF_2020/socks5.txt @@ -0,0 +1,18 @@ +PORT 1080 + +nmap detected a socks5 proxy on this port. I did a bit of reading into socks5 and proxies in general as I didn't have a lot of experience actually using them. + +The basic idea of socks5 is that any traffic we send to this port will be sent back out from the perspective of the machine hosting the proxy (our target in this case). This means we can see things from behind any firewalls or on other networks that the target has access to. + +The easiest way to use the proxy was with proxychains. +In /etc/proxychains.conf +add the line +socks5 172.15.18.117 1080 + +then we can scan the target localhost from the other side of the its firewall +proxychains nmap -A -p- 127.0.0.1 + +The scan results are in target_scan_local_through_proxy.txt +we can see ssh on 22, the socks5 on 1080 that we used to get here, and a web server on 8000 +proxychains wget http://127.0.0.1:8000 +gets us a webpage with the flag |