SocksOverRDP

https://www.youtube.com/watch?v=ZD1mQHZKymQ

Requirements

Have this on the attack host

  1. SocksOverRDP x64 Binaries

  2. Proxifier Portable Binary

Steps

Assuming Windows A -> Windows B

  1. Copy the SocksOverRDPx64.zip to the target (Windows A)

  2. Loading the dll (Windows A with Admin Privs)

C:\Users\htb-student\Desktop\SocksOverRDP-x64> regsvr32.exe SocksOverRDP-Plugin.dll

  1. Connect to rdp using mstsc.exe (Windows A -> Windows B)

  2. Transfer SocksOverRDPx64.zip or just the SocksOverRDP-Server.exe (Windows B)

  3. Start SocksOverRDP-Server.exe with Admin privileges (Windows B)

Note: To confirm that the SOCKS listener is started

C:\Users\htb-student\Desktop\SocksOverRDP-x64> netstat -antb | findstr 1080

  TCP    127.0.0.1:1080         0.0.0.0:0              LISTENING

  1. Download proxifier to Windows A

  2. Configure proxifier on Windows A (SOCKS5, 127.0.0.1, 1080)

Previousptunnel-ngNextFFUF

Last updated