Port Redirection and Tunneling

SSH Tunneling

Local Port Forwarding

ssh -L <local-port-to-listen>:<remote-host>:<remote-port> remote-host

Remote Port Forwarding

ssh -R <remote-port-to-listen>:<local-host>:<local-port> remote-host

Dynamic Port Forwarding

ssh -D <local-port-to-listen> <remote-host>

This command creates a SOCKS proxy listening at <local-port>. It is required to configure the browser to point to the SOCKS proxy at <local-port> to redirect all traffics to <remote-host>.

Proxychains

Change proxy value to desired proxy server.

/etc/proxychains.conf

# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 	127.0.0.1 9050

Usage

proxychains nmap -Pn -sT -sV -p 445,446 $TARGET_IP

Metasploit Usage

Add route to a destined subnet through a session
Run socks4a server to listen traffics from proxychains

msf > route add 172.16.85.0 255.255.255.0 2
msf > use auxiliary/server/socks4a

References

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

PreviousBuffer Overflow NextPassword Cracking

Last updated 6 years ago

hashtagSSH Tunneling

hashtagLocal Port Forwarding

hashtagRemote Port Forwarding

hashtagDynamic Port Forwarding

hashtagProxychains

hashtagUsage

hashtagMetasploit Usage

hashtagReferences