ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 88 - PT0-003 discussion

Report
Export

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

A.
attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22
Answers
A.
attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22
B.
attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0<backpipe | nc <target_cidr> 80 | tee backpipe
Answers
B.
attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0<backpipe | nc <target_cidr> 80 | tee backpipe
C.
attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000
Answers
C.
attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000
D.
attacker_host$ proxychains nmap -sT <target_cidr>
Answers
D.
attacker_host$ proxychains nmap -sT <target_cidr>
Suggested answer: D

Explanation:

ProxyChains is a tool that allows you to route your traffic through a chain of proxy servers, which can be used to anonymize your network activity. In this context, it is being used to route Nmap scan traffic through the compromised host, allowing the penetration tester to pivot and enumerate other targets within the network.

Step-by-Step Explanation

Understanding ProxyChains:

Purpose: ProxyChains allows you to force any TCP connection made by any given application to follow through proxies like TOR, SOCKS4, SOCKS5, and HTTP(S).

Usage: It's commonly used to anonymize network traffic and perform actions through an intermediate proxy.

Command Breakdown:

proxychains nmap -sT <target_cidr>: This command uses ProxyChains to route the Nmap scan traffic through the configured proxies.

Nmap Scan (-sT): This option specifies a TCP connect scan.

Setting Up ProxyChains:

Configuration File: ProxyChains configuration is typically found at /etc/proxychains.conf.

Adding Proxy: Add the compromised host as a SOCKS proxy.

plaintext

Copy code

socks4 127.0.0.1 1080

Execution:

Start Proxy Server: On the compromised host, run a SOCKS proxy (e.g., using ssh -D 1080 user@compromised_host).

Run ProxyChains with Nmap: Execute the command on the attacker's host.

proxychains nmap -sT <target_cidr>

Reference from Pentesting Literature:

ProxyChains is commonly discussed in penetration testing guides for scenarios involving pivoting through a compromised host.

HTB write-ups frequently illustrate the use of ProxyChains for routing traffic through intermediate systems.

Penetration Testing - A Hands-on Introduction to Hacking

HTB Official Writeups

asked 02/10/2024
Ajay Jaiswal
28 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first