SSH Port Forwarding

- Look internal open ports:

• Linux

ss -tln

ss -tl

ss -nltp

netstat -nat

• Windows

netstat -oat

netstat -ano

netstat -aton

- Local Port Forwarding

ssh -L 1234:localhost:{discovered port} user@IP

- Remote Port Forwarding

The purpose of remote forwarding is to allow a remote server to access resources on your local machine. Remote forwarding represents an inversion of the local forwarding process we explored previously.

ssh -R remote_port:localhost:local_port ssh_server_hostname

ssh –R 1234:localhost:{local port with resources we want to load} pnap@ssh.server.com

- Dynamic Port Forwarding

Dynamic port forwarding can provide more flexibility as you no longer need to use a predefined remote port and server.

By using the ssh command and the –D argument, you can use your SSH client to create a SOCKS proxy on your local machine.:

ssh -D 1234 user@IP

In etc/proxychains4.conf check that strict_chain is not commented (dynamic_chain and random_chains should be commented)

In proxylists add:

socks5 127.0.0.1 1234

Then to connect we use proxychains before the command

Ex: proxychains psql -U christine -h localhost -p 5432