hacktricks/network-services-pentesting/3128-pentesting-squid.md

4 KiB

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Basic Information

From Wikipedia:

Squid ni proxy ya wavuti ya HTTP inayohifadhi na kupeleka. Ina matumizi mbalimbali, ikiwa ni pamoja na kuongeza kasi ya seva ya wavuti kwa kuhifadhi maombi yanayorudiwa, kuhifadhi wavuti, DNS na utafutaji mwingine wa mtandao wa kompyuta kwa kundi la watu wanaoshiriki rasilimali za mtandao, na kusaidia usalama kwa kuchuja trafiki. Ingawa inatumika hasa kwa HTTP na FTP, Squid ina msaada mdogo kwa protokali nyingine kadhaa ikiwa ni pamoja na Internet Gopher, SSL, TLS na HTTPS. Squid haisaidii protokali ya SOCKS, tofauti na Privoxy, ambayo Squid inaweza kutumika ili kutoa msaada wa SOCKS.

Default port: 3128

PORT     STATE  SERVICE      VERSION
3128/tcp open   http-proxy   Squid http proxy 4.11

Enumeration

Web Proxy

Unaweza kujaribu kuweka huduma hii iliyogunduliwa kama proxy kwenye kivinjari chako. Hata hivyo, ikiwa imewekwa na uthibitisho wa HTTP, utaombwa kwa majina ya watumiaji na nywila.

# Try to proxify curl
curl --proxy http://10.10.11.131:3128 http://10.10.11.131

Nmap proxified

You can also try to abuse the proxy to scan internal ports proxifying nmap.
Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: http 10.10.10.10 3128
Kwa proxies zinazohitaji uthibitisho, ongeza taarifa za kuingia kwenye usanidi kwa kujumuisha jina la mtumiaji na nenosiri mwishoni: http 10.10.10.10 3128 username passw0rd.

Then run nmap with proxychains to scan the host from local: proxychains nmap -sT -n -p- localhost

SPOSE Scanner

Alternatively, the Squid Pivoting Open Port Scanner (spose.py) can be used.

python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131

{% hint style="success" %} Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}