If you are performing a pentest, you have to stay as anonymous as you can, even ifyou are performing such a simple task as a banner grab. Anonymity is specially important when performing a bind shell to a remote computer, and you don’t want your computer savvy victim to take notice, or at least, be able to track you.

In this post I will explain two methods of connecting through a proxy and I also might give you a few extra tips on how to stay anonymous, those small tweaks and leaking holes that might expose you 😉

The first method is the one I use the most, I don’t know why but it seems that this method is a little more stable than the next one. It involves connecting to the proxy FIRST and THEN connecting to your victim, I’ll first show you a example and then give you the details (I will use ‘ncat‘, it’s exactly the same thing as ‘netcat‘ or ‘nc‘ but is more widely updated, if not modern):

ncat -vv (proxy) (port) [ENTER]
‘Connected to yada yada yada’
CONNECT (victim):(port) [ENTER]
[Start pwning]

Simple right? A tip I would give you is not to use DNS names (ex google.com) and combine it with the ‘-n‘ flag to tell netcat NOT to do a DNS lookup, which may give your IP address away to the DNS provider.

The second method feels, as I said, a little buggy in my opinion. It may claim that you are connected, when you in fact is not. Anyway, it involves supplying BOTH the proxy AND the victims address in the same command string. In other words, netcat (or “ncat“) will do the rest for you:

ncat -vv (victim) (port) –proxy (proxy):(port) [ENTER]
‘Connected to yada yada yada’
[Start pwning]

Even simpler! But still, not nearly as stable or reliable.

I would like to thank nmap.org and irongeek.com for supplying such great tutorials on this subject.

Footnotes:

• Variable: ‘-n‘ = no DNS lookup
• Variable: ‘-vv‘ = Be very verbose (tell everything that’s happening)
• Variable: ‘–proxy‘ = Use a proxy

NOTE: I am not responsible for any illegal actions or similar this method may cause.