hacktricks/network-services-pentesting/1080-pentesting-socks.md
2024-12-12 11:39:29 +01:00

3.5 KiB

1080 - Pentesting Socks

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Basic Information

SOCKS is a protocol used for transferring data between a client and server through a proxy. The fifth version, SOCKS5, adds an optional authentication feature, allowing only authorized users to access the server. It primarily handles the proxying of TCP connections and the forwarding of UDP packets, operating at the session layer (Layer 5) of the OSI model.

Default Port: 1080

Enumeration

Authentication Check

nmap -p 1080 <ip> --script socks-auth-info

Brute Force

Basic usage

nmap --script socks-brute -p 1080 <ip>

Advanced usage

nmap  --script socks-brute --script-args userdb=users.txt,passdb=rockyou.txt,unpwdb.timelimit=30m -p 1080 <ip>

Output

PORT     STATE SERVICE
1080/tcp open  socks
| socks-brute:
|   Accounts
|     patrik:12345 - Valid credentials
|   Statistics
|_    Performed 1921 guesses in 6 seconds, average tps: 320

Tunneling and Port Forwarding

Basic proxychains usage

Setup proxy chains to use socks proxy

nano /etc/proxychains4.conf

Edit the bottom and add your proxy

socks5 10.10.10.10 1080

With auth

socks5 10.10.10.10 1080 username password

More info: Tunneling and Port Forwarding

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}