Skip to content

Instantly share code, notes, and snippets.

@jackm-g

jackm-g/ssh_tools.md

Last active April 15, 2020 18:31
Show Gist options
  • Save jackm-g/9f37d9486dc9484d451aa30b0f576417 to your computer and use it in GitHub Desktop.
Save jackm-g/9f37d9486dc9484d451aa30b0f576417 to your computer and use it in GitHub Desktop.
Download ZIP
Netwrk Investigation SSH Commands that Are Somewhat Useful
Raw
ssh_tools.md

Network Investigation Commands that Are Somewhat Useful

SSH on non-standard port

ssh username@10.50.32.111 -p 20099

Proxychains to Enable Nmap of internal network

Seems to make nmap scan slower.

ssh username@192.168.217.144 -D 9050 -N -f

proxychains nmap -n -sT -p 80 192.168.217.0/24

SSH Local Port Forwarding RDP

To be run on the local (external) host:

  • local_external_host is your local machine sitting outside the internal network that you would like to use rdp on.

  • internal_host is the internal machine you have ssh credentials for that you would like to pivot through to access the internal network.

  • internal_target is the internal machine running the target service you wish to access.

# This command will drop you into an ssh shell that needs to remain open during port forwarding
ssh username@<internal_host_ip> -p <internal_host_ssh_port> -L <local_external_host_port>:<internal_target_ip:<internal_target_port>

# example
ssh defend@10.50.32.111 -p 20099 -L 33335:172.24.18.5:3389

On MacOS, it is easy to download Microsoft Remote Desktop from the app store and use that to connect to the RDP service on localhost:<local_external_host_port>. This requires valid RDP credentials.

SSH multiple hops

https://superuser.com/questions/96489/an-ssh-tunnel-via-multiple-hops

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment