# Dynamic Port Forwarding

Dynamic Port Forwarding is the most practical SSH port forwarding of the lot. In this technique any connection made to a local port can be forwarded to any port on a remote machine through a proxy. Now the connections are not limited to just one system or port, instead any number of connections can be made through proxychains.&#x20;

## Local Port Forwarding

## Scenario/Goal

<figure><img src="https://3470837105-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FU115BGIftbzjCVw3TMug%2Fuploads%2FJvbL085IyMOUeInOsBQz%2FIMG_0905.JPG?alt=media&#x26;token=e72345d8-0de5-442f-9a32-ec1e70618d60" alt=""><figcaption></figcaption></figure>

Let there be 3 systems - A, B and C.&#x20;

A -> B is possible through an SSH connection

B -> C is on the same network with access to the service running on C

A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting  &#x20;

| System A            | Requirement  |
| ------------------- | ------------ |
| Level of Compromise | Root Access  |
| Softwares           | SSH          |
| IP                  | 192.168.1.10 |

| System B            | Requirement                       |
| ------------------- | --------------------------------- |
| Level of Compromise | Elevated Privilege with Passwords |
| IPs                 | 192.168.1.20, 172.16.1.20         |

| System C            | Requirements                                               |
| ------------------- | ---------------------------------------------------------- |
| Level of Compromise | None                                                       |
| Softwares           | Port no. of service to be accessed (e.g Shares on Windows) |
| IP                  | 172.16.1.30                                                |
|                     |                                                            |

### System A

```
sudo ssh -N -D 127.0.0.1:8080 xyz@192.168.1.20
```

We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,

```
socks4 	127.0.0.1 8080 #add this line to /etc/proxychains.conf
```

For this example since we are going to scan of a given IP,

```
sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40
```

## Remote Port Forwarding

Similar to the previous scenario, but lets imagine a firewall blocking access to the compromised system B. However, you have gained reverse shell from system B to system A, then the Remote Dynamic Port Forwarding comes in handy.&#x20;

### System B

```
sudo ssh -N -R 8080 xyz@192.168.1.10
```

We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,

```
socks4 	127.0.0.1 8080 #add this line to /etc/proxychains.conf
```

For this example since we are going to scan of a given IP,

```
sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40
```