/security
Hack-Technics

security
network

Port Forwarding technics: a non exhaustive collection (yet)

In these various examples, we expose a Mysql server listening on port 3306 to an other machine’s port 12345

Local Forwarding

In local forwarding, the port receiving the tunnelled connection lives on the same machine as the client initiating the connection.

SSH

For a single machine, listening to 3306 locally, you can use

 _local__             __remote________
| client |           |server          |
|        |==tunnel===|>0.0.0.0:22     |
| :12345 |           | 127.0.0.1:3306 |
|________|           |________________|

ssh -L localhost:12345:localhost:3306 user@server

To access port 3306 of a db_server living in a private network through a bastion machine, use

 _local__             __remote_priv_net
| client |           |bastion          |
|        |==tunnel===|>0.0.0.0:22      |
| :12345 |           |   _____________ |
|________|           |  |db_server    ||
                     |  |>0.0.0.0:3306||
                     |  |_____________||
                     |_________________|

ssh -L localhost:12345:db_server:3306 user@bastion

Remote forwarding

In remote forwarding, the port receiving the tunnelled connection lives on a different machine as the one initiating the connection.

SSH

To expose a local 3306 on a remote gateway through its port 12345, use

  _____local_____            _remote_______
 | 127.0.0.1:3306|          |gateway       |
 |         client|==tunnel==|>0.0.0.0:22   |
 |_______________|          |0.0.0.0:12345<|
                            |______________|

ssh -R 0.0.0.0:12345:localhost:3306 user@gateway

To expose the port 3306 of a db_server living in a private network on a remote gateway through its port 12345, use

 __local_priv_net             _remote_______
|                 |          |gateway       |
|           client|==tunnel==|>0.0.0.0:22   |
| _____________   |          |0.0.0.0:12345<|
||db_server    |  |          |______________|
||>0.0.0.0:3306|  |
||_____________|  |
|_________________|

ssh -R 0.0.0.0:12345:db_server:3306 user@gateway

Chisel

  _____local_____            _remote_______
 | 10.10.10.10   |          |target        |
 |  0.0.0.0:8888<|==tunnel==|client        |
 |         :12345|          |127.0.0.1:3306|
 |_______________|          |______________|

When SSH is not a option, try to sneak a chisel compiled binary on the remote machine to perform the following

on local

./chisel server --port 8888 --reverse

on remote

./chisel client 10.10.10.10:8888 R:12345:127.0.0.1:3306

NB: client and server version should match

zar3bski

DataOps

By David Zarebski , 2025-02-03

On this page: