OSCP: Understanding SSH Tunnels

  1. Local Port Forwarding: Connections from the SSH client are forwarded via the SSH server to a destination server
  2. Remote Port Forwarding: Connections from the SSH server are forwarded via the SSH client to a destination server
  3. Dynamic Port Forwarding: Connections from various programs are forwarded via the SSH client to the SSH server and then the destination server

Local Port Forwarding

  • ssh — The ssh command itself
  • -L — Specifies a given port on the client side to be forwarded to the remote side
  • 123 — port 123 on our machine (Kali) to receive the forwarded port from the remote host
  • localhost — The forward to host. In this particular case it’s the victim machine
  • 456 — port 456 on the target machine (victim) to be forwarded to the remote host
  • remotehost — system we want to SSH into and forward ports from.
  • -N — not one of the flags above. However, this says do not execute a command. Useful if you do not want a ssh terminal open on the server after successful ssh execution.

Remote Port Forwarding

  • ssh — The ssh command itself
  • -R — Specifies a given port on the remote side to be forwarded to the client side
  • 123 — port 123 on the target machine (victim) to be forwarded to our Kali machine
  • localhost — The forward to host. In this particular case it’s our Kali machine
  • 456 — port 456 is the port we want on our Kali machine
  • remotehost —Our Kali machine
  • -N — not one of the flags above. However, this says do not execute a command. Useful if you do not want a ssh terminal open on the server after successful ssh execution.
ssh -R 7000:localhost:8080 user@example.com

Dynamic Port Forwarding

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Django Shortcuts: Social Auth

Encode Hack Club: Welcome Event 2 | Video + Slides

TLS Certificates for Kubernetes Admission Webhooks made easy with Certificator and Helm Hook?

Blyncsy Pulse - Weather Panel

Acceptance Test-Driven Development in .net core with Specflow

Making the most of your first year as a developer

Overall idea about PHP frameworks

Java Essentials story 1 — Story behind hashcode and equal in Java

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
FalconSpy

FalconSpy

More from Medium

Automating a Active Directory Lab Build using Vagrant and PowerShell

Tryhackme: Wonderland writeup

TryHackMe: Linux Fundamentals II — Walkthrough

HackTheBox — Paper write-up