Port Forwarding Cheatsheet

1. Container port forwarding to local system using SSH

A service running on docker was discovered

ssh -L <local port>:<ip of container>:<remote port> <username>@<host>

ssh -L 6767:172.17.0.2:8080 aubreanna@internal.thm

2. SSH tunneling / Pivoting

Format:

here,

3 systems are there: attacker,

compromised PC,

system to go to = victim

here SSH is running on port 443 there fore -p 443. Else supply the port where SSH is running on

Therefore,

ssh -i <id_rsa of compromised PC> -p 443 <hostname of compromissed PC>@<ip of compromised PC> -L <local port to forward on>:<victim IP>:<victim port to forward to on our local system>

ssh -i ssh_key -p 443 root@172.16.1.1 -L 8080:172.16.1.2:22

3. Proxychains nmap scan to a hidden PC accessible via pivoting

Premise:

Attacker machine: 10.10.0.10

Compromised machine: 10.10.0.66, 172.16.1.1

Victim Machine: 172.16.1.2

Target: nmap scan 172.16.1.2

Process: Use ssh -D option to create a proxy on local port. Here, 8080. 443 is the port where victim SSH is running.

ssh -D 127.0.0.1:8080 gibson@172.16.1.1 -p 443

Then add this in proxychains conf file

Then run nmap scan

PreviousData Exfiltration Post Exploitation NextPowershell Essentials

Last updated 2 years ago

Was this helpful?