Proxy: Accessing Network Connection

 

In this blog, I will explain how to access network connections on Tryhackme/HTB/etc…. machines.Having an internet connection will make it a lot easier when we are trying to pwn machines or playing attack/defense challenges although it could be slow but works.

Setup

I am performing it on my machine which is free to play on TryHackMe Link: EnPass

The machine is up.

 connected ><

We have to install a proxy server on our local machine. I will be going to use Squid Proxy.
I am using arch on wsl2.  squid-install ><

For arch: sudo pacman -Sy squid
For ubuntu: sudo apt install squid -y

Then enable the squid service and start it.

sudo systemctl enable squid
sudo systemctl start squid
or
sudo service squid start

Let’s check locally if it is working or not.

 squid-check >< As you see the connection is made via squid proxy. On normal, it would have been looked like this ( without Via: header)..  squid-check ><

So far we are good with the setup. Now let’s first gain root access to the remote machine.

Performing

Right now I am on the remote machine as a root user.  root-access ><

The squid proxy runs on port 3128. We have to first forward our traffic to the remote machine via ssh.

Basically, it’s a remote port forwarding where all the traffic/connections are passed from the SSH server to
the remote server via an SSH client.
In a simple term, we are giving access to the people who can’t whereas in the local port forward, we access the resources that we cannot.

 port-forwarding >< We have successfully port forwarded.

ssh -R 3128:<your-ip>:3128 -i id_rsa root@<machine-ip>
ss -ltnp | grep 3128

Let’s confirm with the help of curl.

 proxy-check ><

curl  -x http://127.0.0.1:3128 http://www.google.com/ -I

We are good with it

We have successfully made the network connection work.

Extra

What if we want to download packages? apt cmdline won’t download or update anything without an internet connection. Just a few steps and it will start working.

Add the following line into the /etc/profile. This will make the proxy environment enable for all users globally.

export http_proxy=http://127.0.0.1:3128/

 proxy-check-without-x ><

 proxy-check-without-x ><

We don’t have to now mention the “-x” flag.
apt will also work now. you can see Nmap is not installed first. Let’s try installing Nmap.

 proxy-check-without-x ><

Yea, we are now successfully getting an internet connection.

If you can’t install any packages ( apt ) then you can try adding following line into a file “/etc/apt/apt.conf”.
Create it if you can’t find it.

Acquire::http::Proxy "http://127.0.0.1:3128/";

 

 

Thank you for reading. :)

Have a good day/night.

Recent Posts

03

2022

Docker: Creating a Pivoting Lab and Exploiting it

You may be familiar with the concept of pivoting. Pivoting is the way to move from one compromised system

21

2022

Proxy: Accessing Network Connection

In this blog, I will explain how to access network connections on Tryhackme/HTB/etc…. machines.Having an internet connection will make it a lot easier when we are trying to pwn machines

16

2022

Phishing: Creating and Analyzing

In this blog, I am going to phish myself. Jumping directly into a conclusion does not make sense so I will be explaining from “how-to-create” to “how-to-do”.

07

2021

Suspicious USB Stick

One of our clients informed us they recently suffered an employee data breach. As a startup company, they had a constrained budget allocated for security and employee