I have been trying to complete the 2nd question in the first module:
Apply the concepts taught in this section to pivot to the internal network and use RDP (credentials: victor:pass@123) to take control of the Windows target on 172.16.5.19. Submit the contents of Flag.txt located on the Desktop.
I have checked the etc/proxychains.conf for the correct socks4 127.0.0.1 9050. I have run proxychains nmap -v -sn 172.16.5.1-200 and every time it responds with no results. I have tried pwnbox’s, my own baremetal with multiple different vpns. Am I missing something? Has anyone experienced the same issue here?
EDIT:
I am unsure as to why, maybe due to firewalls on the windows machine, but I managed to bypass and pivot using an explicit and direct tunnel: ssh -L 3389:172.16.5.19:3389 ubuntu@10.129.x.x -N. Once that was configured, I was able to run xfreerdp /v:localhost:3389 /u:victor /p:pass@123 which gave me access via RDP to get the flag.txt
I don’t think you’re suppose to able to find the final target with nmap because it’s a Windows machine and like you said it’s likely the firewall is blocking the pings.
But if you want to check whether the nmap command works and does what it should try the following…
Activate the target and you’ll get an ip address (in my case it was 10.129.111.29), then issue the ‘magic command’ to see all the network interfaces on that host. You’ll see an address starting with 172.x.x.x, use this address as your target on nmap. I just tried this now and it found it ok.
I am struggling with this module so much, been stuck here for a while and I still don’t understand how it really work, thanks for your comment it was helpful, now I have to track back and find figure how this works