So we found our way into some SSH creds for a webserver. Now we want to pivot to the internal network and start some recon. The problem is our pivot box doesn't have all those fancy hacking tools our attacking machine has on it, and we might not have permission to install them with our current credentials. Also it might raise some red flags if all these hacking tools show up on the webserver.. So how do we get around this? Meet my friends SSH tunnel and Proxy Chains. You might have used SSH tunneling in the past as just a way to visit an internal URL from your external attacking machine. but we can go even further than that we can use SSH tunneling to create a forwarding port to the internal network and use all our favorite hacking tools using proxy chains. We can use a couple of switches with SSH here. -D allows us to specify a local port to tunnel to this connection, This is important if you are lazy.. use port 9050 because it's the default port for proxychains, which m
@circusmonkey404 on the twitters; DM for contact