SSH Local Port Forwarding
Local SSH Forwarding to Remote Service
Denoted by the '-L' flag, local forwarding can be accomplished as follows:
Forwarding into a service running locally on the remote machine. In this instance, a service is running on victim machine 129.168.1.92, on port 8000, and is not accessible externally.
First, we must issue the local forward:
ssh user@192.168.1.92 -L 127.0.0.1:5555:127.0.0.1:8000This command is issued on the Kali (attack) machine. It instructs the Kali machine to take any traffic received locally (127.0.0.1) on port 5555, and send it to 129.168.1.92 - where it will then be sent to 127.0.0.1:8000 on the victim machine.
Once the local forward has been issued, we may open a new terminal window and connect to the service running on the victim machine. Although this service is running only locally on the victim, and is not visible or accessible from the outside, we can reach it by issuing a command on kali like this one:
nc 127.0.0.1 2222By initiating a connection to 127.0.0.1:2222 on the attack machine, the connection is forwarded to 192.168.1.92, and then routed to port 8000 on the localhost of the victim.
Local Forward to Remote Machine (hop)
In this instance, we have access to machine one (192.168.1.92) from our Kali machine. We want to reach machine two (172.150.10.138), however this machine is only available from within the same network as machine one. It cannot be reached by our attack machine directly; only from machine one. In a case like this, we can set up a local SSH forward to reach machine two through machine one.
On our attack machine, we issue:
ssh user@192.168.1.92 -L 127.0.0.1:4567:172.150.10.138:22 Here, we have directed our Kali machine to take any traffic received locally at 127.0.0.1:4567 and send it to 192.168.1.92, where it will be forwarded to 172.150.10.138:22.
We can access machine two, by issuing this command on our Kali machine.:
ssh user@127.0.0.1 -p 4567
Last updated
Was this helpful?