Operator On The Wire
Join
← Back to Knowledge Base
RED TEAM / PIVOTING / TUNNELING

(SSH) Dynamic

Prerequisites

  • SSH access to a pivot host.
  • Proxychains configured with a matching SOCKS entry (see Configuration/Proxychains.md).

Core Commands

Create a SOCKS proxy on local port 9050 via SSH:

ssh -D 9050 ubuntu@<IPaddressofTarget>

Confirm Proxychains configuration (last lines):

tail -4 /etc/proxychains.conf

Example contents for SOCKS4 on 9050:

socks4 127.0.0.1 9050

Using Proxychains with the SOCKS Proxy

Send Nmap traffic through Proxychains and the SSH SOCKS proxy:

proxychains nmap -v -sn 172.16.5.1-200

Launch Metasploit through Proxychains:

proxychains msfconsole

Any tool wrapped with proxychains will route its traffic through the SSH dynamic SOCKS proxy.