Hello,
I was wondering when using proxychains. Does the pivoting server contain logs that can tie back to the attacking machine? Especially if the pivoting server is a windows machine as was demonstrated in the video.
-
Solved Pentest+ Proxy Chains quesiton
-
Off the top of my head, I can't remember if I had any specific logging turned on other than defaults, or if the default auditing would catch anything that would leave a trail of breadcrumbs back to the attacking machine. Not every system you encounter will be logging the same way. I assume, YES.
Assume that every box you're testing is logging. And that can easily be checked by spinning up a lab and performing the steps, then check the logs. Not only will you know for sure, but you'll have the experience which reinforces the knowledge. Don't forget to document the steps you took, any roadblocks you encountered and how you overcame them, and your results. Be DETAILED! There will be things you'll forget, so having it documented can be a real life/time saver when you attempt similar activities in the future.
The best way to really learn this stuff is to do it! What seems like an easy thing on paper can prove to be a bear in reality. So fire up some VMs and spend some time Red Teaming, then throw on your Blue Team hat and see what's up.
I hope this helps.
Daniel Lowrie
ITProTV
Show Host -
Thank you very much! I will def. put it to the test.