hacktricks/pentesting/1080-pentesting-socks.md

# 1080 - Pentesting Socks

## Basic Information

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication,  
so only authorized users may access a server.

Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.  
SOCKS performs at Layer 5 of the OSI model

**Default Port:** 1080

## Enumeration

### Authentication Check

```bash
nmap -p 1080 <ip> --script socks-auth-info
```

### Brute Force

#### Basic usage

```bash
nmap --script socks-brute -p 1080 <ip>
```

#### Advanced usage

```bash
nmap  --script socks-brute --script-args userdb=users.txt,passdb=rockyou.txt,unpwdb.timelimit=30m -p 1080 <ip>
```

#### Output

```text
PORT     STATE SERVICE
1080/tcp open  socks
| socks-brute:
|   Accounts
|     patrik:12345 - Valid credentials
|   Statistics
|_    Performed 1921 guesses in 6 seconds, average tps: 320
```

## Tunneling and Port Forwarding

### Basic proxychains usage

Setup proxy chains to use socks proxy

```text
nano /etc/proxychains4.conf
```

Edit the bottom and add your proxy

```text
socks5 10.10.10.10 1080
```

With auth

```text
socks5 10.10.10.10 1080 username password
```

#### More info: [Tunneling and Port Forwarding](../tunneling-and-port-forwarding.md)
GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			`# 1080 - Pentesting Socks`
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00
			`## Basic Information`

GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			`SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication,`
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00			`so only authorized users may access a server.`

GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			`Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.`
			`SOCKS performs at Layer 5 of the OSI model`
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00
			`Default Port: 1080`

			`## Enumeration`

			`### Authentication Check`

			```bash
			`nmap -p 1080 <ip> --script socks-auth-info`
			```

GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			`### Brute Force`

			`#### Basic usage`
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00
			```bash
			`nmap --script socks-brute -p 1080 <ip>`
			```
GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00
			`#### Advanced usage`

Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00			```bash
			`nmap --script socks-brute --script-args userdb=users.txt,passdb=rockyou.txt,unpwdb.timelimit=30m -p 1080 <ip>`
			```

GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			`#### Output`
Updated some errors updated file name to lowercase, added in output 2021-05-14 00:14:06 +00:00
GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			```text
Updated some errors updated file name to lowercase, added in output 2021-05-14 00:14:06 +00:00			`PORT STATE SERVICE`
			`1080/tcp open socks`
			`\| socks-brute:`
			`\| Accounts`
			`\| patrik:12345 - Valid credentials`
			`\| Statistics`
			`\|_ Performed 1921 guesses in 6 seconds, average tps: 320`
			```

Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00			`## Tunneling and Port Forwarding`

			`### Basic proxychains usage`

			`Setup proxy chains to use socks proxy`
GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00
			```text
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00			`nano /etc/proxychains4.conf`
			```

			`Edit the bottom and add your proxy`
GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00
			```text
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00			`socks5 10.10.10.10 1080`
			```

			`With auth`
GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00
			```text
Created 1080 I tried to keep to your format and style for the document. very sorry if this is not fully correct. Thank you again for all of your hardwork! 2021-05-14 00:08:24 +00:00			`socks5 10.10.10.10 1080 username password`
			```

GitBook: [master] 5 pages and 10 assets modified 2021-05-25 22:52:07 +00:00			`#### More info: [Tunneling and Port Forwarding](../tunneling-and-port-forwarding.md)`