Categories

Archives

Pentest Lab Setup

Penetration Testing Lab Setup: Microsocks

Hello friends!! In our previous article we have discussed “Web Proxy Penetration Lab Setup Testing using Squid” and today’s article we are going to set up SOCKS Proxy to use it as a Proxy Server on Ubuntu/Debian machines and will try to penetrate it.

Table of Content

  • Introduction to proxy
  • What is socks proxy
  • Difference Between Socks proxy and HTTP Proxy
  • Socks proxy Installation
  • Connecting HTTP via Proxy
  • Connecting SSH via Proxy
  • Connecting FTP via Proxy

Introduction to Proxy

A proxy is a computer system or program that acts as a kind of middle-man or an intermediary to come between your web browser and another computer. Your ISP operates servers– computers designed to deliver information to other computers. It uses proxy servers to accelerate the transfer of information between the server and your computer.

For Example, Two users say A and B both have requested to access the same website of the server then Instead of retrieving the data from the original server, the proxy has “stored or cached” a copy of that site and sends it to User A without troubling the main server.

What is SOCKS Proxy?

A SOCKS server is an all-purpose proxy server that creates a TCP connection to another server on the client’s behalf, then exchanges network packets between a client and server. The Tor onion proxy software serves a SOCKS interface to its clients. Even SSH tunnel makes all the connections as per the SOCKS protocol.

For high security, you can go with SOCKS5 protocol that provides various authentication options which you cannot get with the SOCKS4 protocol.

Difference Between Socks proxy and HTTP Proxy

  • SOCKS Proxy is low-level which is designed to be a general proxy that will be able to accommodate effectively any protocol, program, or type of traffic.
  • SOCKS proxies support both TCP and UDP transfer protocols
  • SOCKS performs at Layer 5 of the OSI model SOCKS server
  • Accepts an incoming client connection on TCP port 1080.
  • HTTP proxies proxy HTTP requests, while SOCKS proxies proxy socket connections
  • HTTP proxies are High-Level which are designed for a specific protocol.
  • HTTP proxies can only process requests from applications that use the HTTP protocol.
  • An HTTP proxy is for proxying HTTP or web traffic at layer 7
  • Accepts an incoming client connection on HTTP port 3128.

Socks Proxy Installation

For socks proxy lab set-up we are going to download microsocks through GitHub. MicroSocks is multithreaded, small, efficient SOCKS5 server. It’s very lightweight, and very light on resources too. Even for every client, a thread with a stack size of 8KB is spawned.

Let’s start!!

Open the terminal with sudo rights and enter the following command:

git clone https://github.com/rofl0r/microsocks.git

Once downloading is completed run the following command for its installation:

cd microsocks
apt install gcc
make
make install

Now execute the following command to run socks proxy on port 1080 without authentication.

microsocks -p 1080

As you can observe FTP, SSH, HTTP and Socks are running in our local machine and now let’s go for socks penetration testing on a various protocol to ensure whether it is an all-purpose program or not as said above.

Connecting HTTP via Proxy

Now Configuring Apache service for Web Proxy, therefore, open the “000-default.conf” file from the path: /etc/apache2/sites-available/ and add following line to implement the following rules on /html directory over localhost or Machine IP (192.168.1.103).

<Directory /var/www/html/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order deny,allow
                deny from all
        allow from 127.0.0.1 192.168.1.103
</Directory>

Now the save the file and restart the apache service with the help of the following command.

service apache2 start

Now when someone tries to access web services through our network i.e. 192.168.1.103, he/she will welcome by following web page

“Error 403 forbidden You don’t have permission to access <requested page>”.

When you face that such type of situation where port 80 is open but you are unable to access it, hence proved the network is running behind a proxy server.

For web Proxy penetration testing we had already set-up lab for web application server such as DVWA (Read Article from here).

Now to test whether our  proxy server is working or not by configuring , let’s open Firefox and go to Edit –> Preferences –> Advanced –> Network –> Settings and then select “Manual proxy configuration” and enter SOCKS proxy server IP address (192.168.1.103) and Port (1080) to be used for all protocol.

BOOMMM!! Connected to the Proxy server successfully using HTTP Proxy in our Browser.

Connecting SSH via Proxy

Now configuring host.allow file for SSH Proxy, therefore, open /etc/hosts.allow file and following line to allow SSH connection on localhost IP and restrict for others.

sshd : localhost : allow
sshd : 192.168.1.103 : allow
sshd : ALL : deny

Now open a proxychains configuration file from the given path /etc/proxychains.conf in your Kali Linux and then add the following line at the bottom.

socks5 192.168.1.103 1080

Now when we try to connect with target machine via port 22 for SSH connection we got an error message “Connection reset by peer” as shown in below image after executing the 1st command.

ssh pentest@192.168.1.103

When you face that such type of situation where port 22 is open but you are unable to access it, hence proved the network is running behind the proxy server.

But if you will use proxychains along with the command after saving the configuration as said above then you can easily connect with target network via port 22 for ssh connection as shown in below image after executing the 2nd command.

proxychains ssh pentest@192.168.1.103

Connecting FTP via Proxy

For connecting FTP via proxy, we have used PRO FTP. SO, you can install it using the following command :

apt-get install proftpd

Now configuring vsftpd.conf file for FTP Proxy therefore open /etc/proftpd/proftpd.conf file and add the following line to allow FTP connection on localhost IP and restrict for other networks.

<Limit LOGIN>
Order Allow,Deny
Allow from 127.0.0.1 192.168.1.103
Deny from all
</Limit>

Using FileZilla when we try to connect 192.168.1.103 via port 21 for accessing FTP service, we got an Error “Connection closed by server”.

When you face that such type of situation where port 21 is open but you are unable to access it, hence proved the network is running behind a proxy server.

But FileZilla has multi features as it offers a generic proxy option that forced passive mode on FTP connection. Go to Settings > Connection > FTP and select “generic proxy” option and made the following configuration settings.

  • Choose SOCKS 5 as generic Proxy
  • Proxy HOST IP: 192.168.1.103
  • Proxy Port: 1080

Now again when you will try to connect the target machine via port 21 for accessing FTP service then you will be easily able to access it as shown in the last image.

Hence Proved the SOCKS is actually an all-purpose proxy server and Hopefully, you have found this article very helpful and completely understood the working of Proxy server and another related topic cover in this article.

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here