💻
oscp-study-notes
  • What is this?
  • Scanning & Enumeration
    • FTP 21
    • SMTP 25
    • HTTP/HTTPS 80/443/*
    • SMB 139/443
  • Vulnerabilites & Exploitation
    • Socket Programming
    • Generate shellcodes
    • Shellshock
    • Cross Compiling
    • LFI/RFI
    • SQL Injection
    • CVE2009-3103
    • MS17-010
  • Privilege Escalation
  • File Transfers
  • Buffer Overflow
  • Port Redirection and Tunneling
  • Password Cracking
  • Proof
  • Netcat
  • Third-party Tools
  • Bypass AV
  • Methodology
  • Writing a report
  • Further Reading
Powered by GitBook
On this page
  • SSH Tunneling
  • Local Port Forwarding
  • Remote Port Forwarding
  • Dynamic Port Forwarding
  • Proxychains
  • References

Was this helpful?

Port Redirection and Tunneling

SSH Tunneling

Local Port Forwarding

ssh -L <local-port-to-listen>:<remote-host>:<remote-port> remote-host

Remote Port Forwarding

ssh -R <remote-port-to-listen>:<local-host>:<local-port> remote-host

Dynamic Port Forwarding

ssh -D <local-port-to-listen> <remote-host>

This command creates a SOCKS proxy listening at <local-port>. It is required to configure the browser to point to the SOCKS proxy at <local-port> to redirect all traffics to <remote-host>.

Proxychains

Change proxy value to desired proxy server.

/etc/proxychains.conf
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 	127.0.0.1 9050

Usage

proxychains nmap -Pn -sT -sV -p 445,446 $TARGET_IP

Metasploit Usage

  1. Add route to a destined subnet through a session

  2. Run socks4a server to listen traffics from proxychains

msf > route add 172.16.85.0 255.255.255.0 2
msf > use auxiliary/server/socks4a

References

PreviousBuffer OverflowNextPassword Cracking

Last updated 5 years ago

Was this helpful?

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/