![]() ![]() What makes this beneficial? Not having to reinvent the wheel by reimplementing a specific protocol, or using a reimplementation that may not fit your specific needs. ![]() The value I wanted to stress with this post is the ability to proxy RPC traffic (and more) from Windows tools into a target network. Proxying traffic from Windows for offensive purposes has also been addressed previously and this post will build on these resources by focusing on the protocols being proxied and address issues that may arise regarding configuration of SOCKS. The idea is not to replace the resources and tools that already exist, but to extend usability of tools (largely Windows-based) that otherwise would have required some kind of on-host execution. This post will instead cover proxying Windows tooling through a compromised host via SOCKS, such as several of the C# and Powershell projects we’ve come to know and love, along with some of the nuances that come along with leveraging this technique. Pushing traffic associated with tools such as Impacket, through utilities like Proxychains, is a well-documented topic. Proxying offensive tools into a network is not a new concept, from *nix-based or Windows operating systems. Skip to the Proxying Offensive Windows Tooling section for practical examples. TLDR Enable remote name resolution, as well as the proxying of Windows service / SYSTEM processes within Proxifier to resolve DNS issues and also coerce traffic from SYSTEM processes / Kernel-initiated TCP through your SOCKS proxy. Operational tips while proxying using this technique.Address nuances with common protocols an attacker would want to proxy, as well as Proxifier client specifics to maximize value for the offensive use case. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |