Dynamic Port Forwarding
Dynamic Port Forwarding is the most practical SSH port forwarding of the lot. In this technique any connection made to a local port can be forwarded to any port on a remote machine through a proxy. Now the connections are not limited to just one system or port, instead any number of connections can be made through proxychains.
Local Port Forwarding
Scenario/Goal
Let there be 3 systems - A, B and C.
A -> B is possible through an SSH connection
B -> C is on the same network with access to the service running on C
A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting
Level of Compromise
Root Access
Softwares
SSH
IP
192.168.1.10
Level of Compromise
Elevated Privilege with Passwords
IPs
192.168.1.20, 172.16.1.20
Level of Compromise
None
Softwares
Port no. of service to be accessed (e.g Shares on Windows)
IP
172.16.1.30
System A
sudo ssh -N -D 127.0.0.1:8080 [email protected]We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,
socks4 127.0.0.1 8080 #add this line to /etc/proxychains.confFor this example since we are going to scan of a given IP,
sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40Remote Port Forwarding
Similar to the previous scenario, but lets imagine a firewall blocking access to the compromised system B. However, you have gained reverse shell from system B to system A, then the Remote Dynamic Port Forwarding comes in handy.
System B
sudo ssh -N -R 8080 [email protected]We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,
socks4 127.0.0.1 8080 #add this line to /etc/proxychains.confFor this example since we are going to scan of a given IP,
sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40Last updated
Was this helpful?