infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/auxiliary/server/socks4a.md

2.3 KiB
Raw Blame History

Verification Steps

  1. Start msfconsole
  2. Do: use auxiliary/server/socks4a
  3. Do: run
  4. Do: curl --proxy socks4a://localhost:1080 https://github.com
  5. You should see the source for the Github homepage

Options

SRVHOST

The local IP address to bind the proxy to. The default value of 0.0.0.0 will expose the proxy to everything on the attacker's network.

SRVPORT

The local port to bind the proxy to. The default value is 1080, the standard port for a socks4a proxy.

Scenarios

This module is great when pivoting across a network. Suppose we have two machines:

  1. Attacker's machine, on the 192.168.1.0/24 subnet.
  2. Victim machine with two network interfaces, one attached to the 192.168.1.0/24 subnet and the other attached to the non-routable 10.0.0.0/24 subnet.

We'll begin by starting the socks4a proxy:

msf > use auxiliary/server/socks4a
msf auxiliary(socks4a) > run
[*] Auxiliary module execution completed
[*] Starting the socks4a proxy server
msf auxiliary(socks4a) >

Preparing to pivot across a network requires us to first establish a Meterpreter session on the victim machine. From there, we can use the autoroute script to enable access to the non-routable subnet:

meterpreter > run autoroute -s 10.0.0.0/24

The autoroute module will enable our local socks4a proxy to direct all traffic to the 10.0.0.0/24 subnet through our Meterpreter session, causing it to emerge from the victim's machine and thus giving us access to the non-routable subnet. We can now use curl to connect to a machine on the non-routable subnet via the socks4a proxy:

curl --proxy socks4a://localhost:1080 http://10.0.0.15:8080/robots.txt

We can take this a step further and use proxychains to enable other tools that don't have built-in support for proxies to access the non-routable subnet. The short-and-sweet guide to installing and configuring proxychains looks something like this:

# apt-get install proxychains
# cp /etc/proxychains.conf /etc/proxychains.conf.backup
# echo "socks4 127.0.0.1 8080" > /etc/proxychains.conf

From there, we can use our other tools by simply prefixing them with proxychains:

# proxychains curl http://10.0.0.15:8080/robots.txt
# proxychains nmap -sT -Pn -n -p 22 10.0.0.15
# proxychains firefox