SSH Local Port Forwarding
Last updated
Was this helpful?
Last updated
Was this helpful?
Denoted by the '-L' flag, local forwarding can be accomplished as follows:
Forwarding into a service running locally on the remote machine. In this instance, a service is running on victim machine 129.168.1.92, on port 8000, and is not accessible externally.
First, we must issue the local forward:
This command is issued on the Kali (attack) machine. It instructs the Kali machine to take any traffic received locally (127.0.0.1) on port 5555, and send it to 129.168.1.92 - where it will then be sent to 127.0.0.1:8000 on the victim machine.
Once the local forward has been issued, we may open a new terminal window and connect to the service running on the victim machine. Although this service is running only locally on the victim, and is not visible or accessible from the outside, we can reach it by issuing a command on kali like this one:
By initiating a connection to 127.0.0.1:2222 on the attack machine, the connection is forwarded to 192.168.1.92, and then routed to port 8000 on the localhost of the victim.
In this instance, we have access to machine one (192.168.1.92) from our Kali machine. We want to reach machine two (172.150.10.138), however this machine is only available from within the same network as machine one. It cannot be reached by our attack machine directly; only from machine one. In a case like this, we can set up a local SSH forward to reach machine two through machine one.
On our attack machine, we issue:
Here, we have directed our Kali machine to take any traffic received locally at 127.0.0.1:4567 and send it to 192.168.1.92, where it will be forwarded to 172.150.10.138:22.
We can access machine two, by issuing this command on our Kali machine.:
