12/3/2023 0 Comments Burp scannerUsing FoxyProxy to route traffic through our localhost:1080 proxy, we can access the internal webserver: (note that the FoxyProxy icon is green indicating the proxy is active) Without FoxyProxy, we can't access the internal host: Take note that the Burp Suite proxy uses HTTP, for the Proxy Type field and proxychains uses SOCKS5. In my FoxyProxy setup, I have 2 proxies configured, one is the default setup for Burp Suite, the other is for proxychains. One way to access that web service is to configure FoxyProxy to route through our socks5 proxy on localhost:1080. We're going to skip the internal network enumeration step, and assume that we've found an internal host with HTTP open on port 80. With that pivot in place, we can now access the private network in the 172.16.1.0/24 range. The image below shows the victim host making a connect back to our reverse proxy, and the chisel server output confirms that connection. In the lab environment I'll be working in, I've already setup my pivot, which included transfering a copy of the chisel binary onto the victim. For the rest of this article, I'm assuming you've used the setup and configuration options from that guide. I won't go into detail here about how to set that up, but if you want a walkthrough, Ap3x Security's writeup on chisel is a fantastic resource. ![]() My go-to method for pivoting is through a chisel socks5 proxy. Recently, I've been prepping for the OSCP and one of the major focus areas of the Penetration Testing with Kali course materials is understanding how to effectively pivot into internal subnets. I don't show any exploits or attack vectors, but if you're working through the labs on your own and don't want to see anything that could even remotely be considered a spoiler, you've been warned. Disclaimer: For this example I used HTB's Dante Pro Labs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |