From 452ba0102dcc2674fa1323143c4849c628c7603d Mon Sep 17 00:00:00 2001 From: dusoleil Date: Thu, 5 Aug 2021 02:19:42 -0400 Subject: Dusoleil's Writeups from Metasploit Community CTF 2020 Signed-off-by: dusoleil --- docs/writeups/Metasploit_Community_CTF_2020/socks5.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 docs/writeups/Metasploit_Community_CTF_2020/socks5.txt (limited to 'docs/writeups/Metasploit_Community_CTF_2020/socks5.txt') diff --git a/docs/writeups/Metasploit_Community_CTF_2020/socks5.txt b/docs/writeups/Metasploit_Community_CTF_2020/socks5.txt new file mode 100644 index 0000000..f3b8e00 --- /dev/null +++ b/docs/writeups/Metasploit_Community_CTF_2020/socks5.txt @@ -0,0 +1,18 @@ +PORT 1080 + +nmap detected a socks5 proxy on this port. I did a bit of reading into socks5 and proxies in general as I didn't have a lot of experience actually using them. + +The basic idea of socks5 is that any traffic we send to this port will be sent back out from the perspective of the machine hosting the proxy (our target in this case). This means we can see things from behind any firewalls or on other networks that the target has access to. + +The easiest way to use the proxy was with proxychains. +In /etc/proxychains.conf +add the line +socks5 172.15.18.117 1080 + +then we can scan the target localhost from the other side of the its firewall +proxychains nmap -A -p- 127.0.0.1 + +The scan results are in target_scan_local_through_proxy.txt +we can see ssh on 22, the socks5 on 1080 that we used to get here, and a web server on 8000 +proxychains wget http://127.0.0.1:8000 +gets us a webpage with the flag -- cgit v1.2.3