## 2. SSH tunneling / Pivoting
Format:
here,
3 systems are there: attacker,
compromised PC,
system to go to = victim
here SSH is running on port 443 there fore -p 443. Else supply the port where SSH is running on
Therefore,
ssh -i \ -p 443 \@\ -L \:\:\
ssh -i ssh\_key -p 443 root\@172.16.1.1 -L 8080:172.16.1.2:22
## 3. Proxychains nmap scan to a hidden PC accessible via pivoting
Premise:
Attacker machine: 10.10.0.10
Compromised machine: 10.10.0.66, 172.16.1.1
Victim Machine: 172.16.1.2
Target: nmap scan 172.16.1.2
Process: Use ssh -D option to create a proxy on local port. Here, 8080. 443 is the port where victim SSH is running.
ssh -D 127.0.0.1:8080 gibson\@172.16.1.1 -p 443
Then add this in proxychains conf file
Then run nmap scan
