1

I am trying to execute a ping throught proxychains, after create SSH tunnel, but the response of the petition is Destination Host Unreachable.

Concretly, I want to do a lab about pivoting. The attacker machine have visibility over A machine, but not over B machine. A machine have visibility over B machine. In this probe, I want to verify created tunnel execute a ping to B machine from attacker machine.

enter image description here

I have this on /etc/proxychains.conf :

socks4  127.0.0.1 9050

And I used these two commands:

ssh -D 9050 user@192.168.1.132

ssh -f -N -D 9050 user@192.168.1.132

But any of them allow me to execute a ping with proxychains.

What can I do?

  • Maybe try telnet instead of ping. – Aria Dec 22 '17 at 12:27
  • Not directly related to your question, but you may want to know this anyway. I assume since you have specified port 9050 that you are using Tor. If that's true, you should use socks5 instead of socks4, as socks5 (and socks4a) support doing domain lookups, whereas socks4 triggers DNS leaks. – forest Dec 22 '17 at 13:01
  • I tried changing from socks4 to socks5 but I have recived the same result. – Iratzar Carrasson Bores Dec 26 '17 at 08:57
  • It doesn't matter if I use telnet or ping, it isn't a tool problem, the problem is in the conexion. – Iratzar Carrasson Bores Dec 26 '17 at 09:00

3 Answers3

1

Socks proxies TCP and UDP, while ping sends ICMP packets. So you need to test using another protocol. If you want it lightweight and stateless like ping you can try to resolve a DNS name for testing UDP. Otherwise try to load a website for testing TCP connectivity.

allo
  • 3,173
  • 11
  • 24
1

Inspired by the second answer, I found the solution to fix this problem.

The connection with machine A is the same:

ssh -f -N -D 9050 user@192.168.1.132

And in the proxychains configuration I have:

socks4  127.0.0.1 9050

But I couldn't execute ping command from the attacker machine to machine B, because ping uses ICMP. Therefore, I had to use TCP or UDP ports to detect machine B, so I executed the following code:

proxychains nmap -sT -Pn -n -v -p <ports> <B machine IP>

And if we want discover more IPs, we have to analyze the range using the same code. When we execute this code, we will see the correct connections to online machines.

proxychains nmap -sT -Pn -n -v -p <ports> <range> 

Result:

ProxyChains-3.1 (http://proxychains.sf.net)

Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-28 04:18 EST
Initiating Connect Scan at 04:18
Scan 256 hosts [1 port/host]
[S-chain]-<>-127.0.0.1:9050-<><>-10.128.0.1:83-<--timeout
[S-chain]-<>-127.0.0.1:9050-<><>-10.128.0.4:83-<><>-OK
Discovered open port 83/tcp on 10.128.0.4
[S-chain]-<>-127.0.0.1:9050-<><>-10.128.0.5:83-<--timeout
[S-chain]-<>-127.0.0.1:9050-<><>-10.128.0.8:83-<--timeout
...
kasperd
  • 5,402
  • 1
  • 19
  • 38
-1

If you are using tor you cannot send ICMP commands in it. I believe that only the TCP/UDP stack is transported using TOR.

If you are using SOCKS then SOCKS4 if I am not mistaken uses TCP and SOCKS5 TCP and UDP, none of them is able to use ICMP.

You can use other tools to do the ping instead a pure ping command. example nmap or httping.

Hugo
  • 1,701
  • 11
  • 12