Previous

Local port forwarding

ssh -L <local-port>:<target-ip>:<target-port <user>@<ssh-ip> -fN

Suppose we have SSH access to 172.16.0.5 & there is window server with ip 192.168.1.110 on port 445.

We can access using tools like netcat / smbclient on attacker local port by tunelling. -L for port forwarding -f background shell -N tell ssh not to execute any command

👨‍💻
If window server is 2016 , then change smaba file configuration to sambav2 as 2016 not support v1

sudo nano /etc/samba/smb.conf

then add this line , min protocol = SMB2

resatrt service, sudo /etc/init.d/smbd restart