I have seen a lot of #pentesters struggle with tunneling and port-forwarding concepts. All #hackers should definitely understand these concepts for successful tests.

This thread is dedicated to Tunneling/PortForwarding tricks.

#infosec #pentest #tunneling #security #bugbounty

Local Port2Port

Open new Port in SSH Server --> Other port

ssh -R 0.0.0.0:10521:127.0.0.1:1521 [email protected] #Local port 1521 accessible in port 10521 from everywhere

ssh -R 0.0.0.0:10521:10.0.0.1:1521 [email protected] #Remote port 1521 accessible in port 10521 from everywhere

Port2hostnet (proxychains)

Local Port --> Compromised host(SSH) --> Wherever

ssh -f -N -D <attacker_port> <username>@<ip_compromised>

#pentest #security #infosec #bugbounty

SSHUTTLE

You can tunnel via ssh all the traffic to a subnetwork through a host.
Example, forwarding all the traffic going to 10.0.0.1/24

pip install sshuttle
sshuttle -r user@host 10.0.0.1/24

#pentest #security #infosec #bugbounty

Meterpreter
@metasploit

meterpreter > portfwd add -l 80 -r 172.16.0.0 -p 80

#pentest #security #infosec #bugbounty

Ncat Port Forwarder
mknod pivot p
nc -l -p < port to listen on> 0<pivot | nc 1>pivot

Remote port forwarding

ssh -N -R 10.10.1.1:4455:127.0.0.1:445 [email protected]
Socks5 with SSH

ssh -N -D 127.0.0.1:8888 [email protected]

#SSH Dynamic Port Forwarding

ssh -N -D 127.0.0.1:1337 user@remotehost -p 8888
#pentest #security #infosec #bugbounty

Ncat Http Proxy

ncat -vv --listen 3128 --proxy-type http

SSH graphical connection (X)

ssh -Y -C <user>@<ip>
<-Y is less secure but faster than -X>

#pentest #security #infosec #bugbounty