Hey all,
I have been using my own VPS to attempt to understand how linux logs attacks. I have a text file with the correct password in and simply run proxychains hydra.
However, I notice that for some reason my home IP always shows on the auth.log file on the server im attacking, in the following format:
"reverse mapping checking getaddrinfo for MYHOMEIP failed - POSSIBLE BREAK-IN ATTEMPT!"
It confuses me because I have about 10 proxies (socks4 and socks5) in my proxychain file. I am using dynamic chains and the command I run is the following:
"proxychains hydra -s 22 -v -V -l root -P /usr/share/wordlists/testlist.txt -t 4 -w 60 SERVERIP ssh"
I have tried the above with tor and it worked fine plus my home IP was never shown in the auth.log (it showed some tor IP). However I would like to know how to get this to work/why it currently isnt working with proxy chains.
My only thought is that all the proxies in the proxy chains file are either failing or passing my information? However I feel this is unlikely (I check the proxies are up before running the command).
Any advice would be appreciated!
4 Responses
Can you do two things for me, first make sure any reverse listener is using the exit proxy IP and not your public IP. Second can you post your proxychains config here so I can make sure you have the right syntax and stuff.
Many thanks for the reply,
Im abit confused about the first task, im not sure how I make sure any reverse listener is using the exit proxy IP and not your public IP? When I look at the auth.log file it states "reverse mapping checking getaddrinfo for" followed by my home IP, not any of the IP's on the proxy chain?
And for the second, here is my proxychains config:
http://pastebin.com/tFikPcwz
"# By default enable localnet for loopback address ranges" I don't think that's in my conf files, but everything else looks fine to me. I just started learning about proxychains though.
So do you mean just # out the "localnet 127.0.0.0/255.0.0.0"?
Share Your Thoughts