Dynamic Port Forwarding

Dynamic Port Forwarding is the most practical SSH port forwarding of the lot. In this technique any connection made to a local port can be forwarded to any port on a remote machine through a proxy. Now the connections are not limited to just one system or port, instead any number of connections can be made through proxychains.

Local Port Forwarding

Scenario/Goal

Let there be 3 systems - A, B and C.

A -> B is possible through an SSH connection

B -> C is on the same network with access to the service running on C

A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting

System A
Requirement

Level of Compromise

Root Access

Softwares

SSH

IP

192.168.1.10

System B
Requirement

Level of Compromise

Elevated Privilege with Passwords

IPs

192.168.1.20, 172.16.1.20

System C
Requirements

Level of Compromise

None

Softwares

Port no. of service to be accessed (e.g Shares on Windows)

IP

172.16.1.30

System A

sudo ssh -N -D 127.0.0.1:8080 [email protected]

We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,

socks4 	127.0.0.1 8080 #add this line to /etc/proxychains.conf

For this example since we are going to scan of a given IP,

sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40

Remote Port Forwarding

Similar to the previous scenario, but lets imagine a firewall blocking access to the compromised system B. However, you have gained reverse shell from system B to system A, then the Remote Dynamic Port Forwarding comes in handy.

System B

sudo ssh -N -R 8080 [email protected]

We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,

socks4 	127.0.0.1 8080 #add this line to /etc/proxychains.conf

For this example since we are going to scan of a given IP,

sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40

Last updated

Was this helpful?