Port Forwarding and SSH Tunneling
Port Forwarding [Socat]
You are able to open a port on a machine that will allow us to forward our traffic through the victim's server.
Listen on PORT1.
Then forward all traffic it receives to TCP PORT2 on the another IP machine.
Now you PORT1 becomes PORT2 on the other machine.
socat -ddd TCP-LISTEN:<PORT1>,fork TCP:<IP>:<PORT2> # open portSSH Tunneling
You can tunnel the network traffic through other servers using SSH.
SSH Local Port Forwarding
Sharing a specific port across the networks.
0.0.0.0:<PORT1> - We are opening port on machine we execute the command
<DESTINATION_IP>:<PORT2> - Machine which we want to "borrow" port from
<USER_JUMP>@<JUMP_IP> - Proxy server which has access to both networks
SSH Dynamic Port Forwarding
Sharing jumphost which allow to reach multiple ports across the network using proxychains.
0.0.0.0:<LOCAL_PORT> - opening a port on the machine we execute the command
<USER>@<IP> - remote machine which will forward our commands
Edit the /etc/proxychains4.conf:
You can run the commands using proxychains:
SSH Remote Port Forwarding
Reverse shell but for port forwarding
Bypassing firewall by creation outgoing SSH traffic from victim server. Port can be shared even if we have no access to connect to any port on the victim server.
Kali set up:
PasswordAuthentication to yes in /etc/ssh/sshd_config.
PermitRootLogin to yes in /etc/ssh/sshd_config.
Start ssh:
Check if port is in fact open
Victim Server set up:
Kali check:
If everything went right you should be able to access the port on your kali machine.
SSH Remote Dynamic Port Forwarding
Reverse shell but for port forwarding (multiple ports instead of one)
Victim server:
Kali opened port check:
Sshuttle
SSH as VPN that force traffic through the SSH tunnel
Last updated