|
|
@@ -122,8 +122,35 @@ sh> proxychains nmap -sT -Pn <ip>
|
|
|
|
|
|
## Method 3: Port Forwarding using a ssh tunnel
|
|
|
|
|
|
+### 3.1 Local Forwarding
|
|
|
+
|
|
|
+With local forwarding, a port of the client is forwarded to another port on the server.
|
|
|
+In this case, the SSH client is listening for a connection and redirect it to another host via the SSH server.
|
|
|
+
|
|
|
+
|
|
|
+Local forwarding can be configured like that:
|
|
|
+
|
|
|
+```
|
|
|
+sh> ssh -L 80:10.1.1.X:80 10.11.1.251
|
|
|
+```
|
|
|
+
|
|
|
+This forwards the local port 80 via the SSH server to a host in the IT network.
|
|
|
+
|
|
|
+
|
|
|
+### 3.2 Remote Forwarding
|
|
|
+
|
|
|
+Remote forwarding works exactly the same, only from the SSH server towards the SSH client.
|
|
|
+
|
|
|
+Remote forwarding can be configured like that:
|
|
|
+
|
|
|
+```
|
|
|
+sh> ssh -R 8080:localhost:80 10.11.1.251
|
|
|
+```
|
|
|
+
|
|
|
+This forwards a incoming connection on the remote host (via port 8080) to localhost port 80 (the SSH client).
|
|
|
|
|
|
|
|
|
## Resources:
|
|
|
|
|
|
[pentest.blog](https://pentest.blog/explore-hidden-networks-with-double-pivoting/)
|
|
|
+[ssh.com](https://www.ssh.com/ssh/tunneling/example)
|
Hans Martin