> For the complete documentation index, see [llms.txt](https://hexisanoob.gitbook.io/hexisanoob/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hexisanoob.gitbook.io/hexisanoob/port-forwarding-cheatsheet.md).

# Port Forwarding Cheatsheet

## 1. **Container port forwarding to local system using SSH**

A service running on docker was discovered

<div align="left"><img src="/files/HoI1Iu7xRZgTFAGgJcwF" alt=""></div>

<div align="left"><img src="/files/Lbq4jT4LPaFTIfiurmw4" alt=""></div>

**`ssh -L <local port>:<ip of container>:<remote port> <username>@<host>`**

```
ssh -L 6767:172.17.0.2:8080 aubreanna@internal.thm
```

<div align="left"><img src="/files/khPBqbwA35U1Uro4MQpt" alt=""></div>

## 2. SSH tunneling / Pivoting

Format:

here,

3 systems are there: attacker,&#x20;

compromised PC,&#x20;

system to go to = victim

here SSH is running on port 443 there fore -p 443. Else supply the port where SSH is running on

Therefore,

ssh -i \<id\_rsa of compromised PC> -p 443 \<hostname of compromissed PC>@\<ip of compromised PC> -L \<local port to forward on>:\<victim IP>:\<victim port to forward to on our local system>

ssh -i ssh\_key -p 443 root\@172.16.1.1 -L 8080:172.16.1.2:22

<figure><img src="/files/4lU3r290nJaM3ZlQy9eD" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/yB3ujV3TdhpLptBA6iBf" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/bg5lxBbxK4yIZrxs1fEA" alt=""><figcaption></figcaption></figure>

## 3. Proxychains nmap scan to a hidden PC accessible via pivoting

Premise:&#x20;

Attacker machine: 10.10.0.10

Compromised machine: 10.10.0.66, 172.16.1.1

Victim Machine: 172.16.1.2

Target: nmap scan 172.16.1.2

Process: Use ssh -D option to create a proxy on local port. Here, 8080. 443 is the port where victim SSH is running.

ssh -D 127.0.0.1:8080 gibson\@172.16.1.1 -p 443

<figure><img src="/files/rH4FjDqrF9xiqy5exPlT" alt=""><figcaption></figcaption></figure>

Then add this in proxychains conf file

<figure><img src="/files/2LAyDhCdIg1DyCGJx6l3" alt=""><figcaption></figcaption></figure>

Then run nmap scan

<figure><img src="/files/bIqABaAey5vUjxB9SpW9" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/bAvHNUsRsUcfeSq1WGJR" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hexisanoob.gitbook.io/hexisanoob/port-forwarding-cheatsheet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.