https://leikah.haoyingcao.xyz/en/tags/tunneling/Recent content in Tunneling on LEIKAHHugoenhttps://leikah.haoyingcao.xyz/en/docs/tunneling/Mon, 01 Jan 0001 00:00:00 +0000https://leikah.haoyingcao.xyz/en/docs/tunneling/<p>Many enterprise networks are separated into the <strong>Demilitarized Zone (DMZ)</strong> and one or more internal networks. The DMZ is often used to host public-facing services, such as the organization&rsquo;s website, VPN servers, and etc., while internal networks are what office workstations and internal servers are connected to. This separation helps minimize the impact of the compromise of one or more public-facing service from spreading into the internal network.</p> <p>However, there are also machines that serve as <strong>jump hosts</strong> that can be used to manage hosts on other networks. If such host is compromised in the DMZ, it can facilitate the attack to pivot into the internal networks. Techniques such as SSH/Socat Port Forwarding, SOCKS Tunneling and others may be used to achieve this end.</p>https://leikah.haoyingcao.xyz/en/docs/tunneling/ssh_port_forward/Mon, 01 Jan 0001 00:00:00 +0000https://leikah.haoyingcao.xyz/en/docs/tunneling/ssh_port_forward/<h2 id="what-is-port-forwarding">What is port forwarding?<a class="td-heading-self-link" href="#what-is-port-forwarding" aria-label="Heading self-link"></a></h2> <p>Port forwarding is a technique that allows communication requests to be redirected from one port to another. This can be for ports on the same machine, or different machines on the same network.</p> <p>SSH, in addition to providing secure remote shell for management, also provides secure port forwarding tunnel connections. It can be used to create three types of port forwarding:</p> <ul> <li><strong>Local</strong>: Forward one specified port the pivot host has access to one local port of the local host, as if a remote service is running directly on the local host.</li> <li><strong>Dynamic</strong>: Create SOCKS proxy on local host, and route all traffic to a specific network through the pivot host.</li> <li><strong>Reverse</strong>: Forward one specified port on the local machine to the pivot host, allowing machines on an internal network access a service on the local machine through the pivot host.</li> </ul> <h2 id="local-port-forwarding">Local Port Forwarding<a class="td-heading-self-link" href="#local-port-forwarding" aria-label="Heading self-link"></a></h2> <p>Suppose we have access to a web server via SSH that is also running a MySQL database server on <code>localhost:3306</code>. We can leverage our SSH access to have it create a listener on our local machine (port 1234/TCP), which forwards traffic to the SSH server, which then forwards the traffic to <code>localhost:3306</code> of the web server. We can then communicate to thislistener as if we are communicating to the MySQL server directly.</p>