Local port forwarding
ssh -L <local-port>:<target-ip>:<target-port <user>@<ssh-ip> -fN
Suppose we have SSH access to 172.16.0.5 & there is window server with ip 192.168.1.110 on port 445.
We can access using tools like netcat / smbclient on attacker local port by tunelling. -L for port forwarding -f background shell -N tell ssh not to execute any command
- On attacker machine, ssh -L 445:192.168.1.110:445 student@172.16.0.5 -fN
- On attacker machine , if we use smbclient , it will be connected to 192.168.1.110
smbclient -L 127.0.0.1 -U Administrator
👨💻
If window server is 2016 , then change smaba file configuration to sambav2 as 2016 not support v1
sudo nano /etc/samba/smb.conf
then add this line , min protocol = SMB2
resatrt service, sudo /etc/init.d/smbd restart
sudo nano /etc/samba/smb.conf
then add this line , min protocol = SMB2
resatrt service, sudo /etc/init.d/smbd restart