During a security test, you have compromised a system in a protected subnet. You need to direct scanning traffic from your local machine through this host to investigate additional systems. Which method achieves this goal?
Scan the internal subnets from your external system over normal traffic
Create a proxy on the compromised machine and point your scanning tools to it
Modify network settings on the compromised host so it directly redirects connections to your local port scanner
Stop the border filter so your direct access to every subnet is unrestricted
The best method is to configure a proxy on the compromised host and point your scanning tools to it, allowing all traffic to flow from your machine through the host’s interfaces. This approach leverages the foothold inside the restricted network, revealing the services visible to the compromised system. Other suggestions, such as directly scanning from outside or modifying configuration files without setting a proper relay, do not route traffic through an inside node capable of seeing internal subnets.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a proxy and how does it work in penetration testing?
Open an interactive chat with Bash
Why can’t scanning from an external system directly access internal subnets?
Open an interactive chat with Bash
What are common tools used to create a proxy on a compromised host?