This article provides a practical, lab-oriented walkthrough of SSH tunnelling techniques—Local (-L), Dynamic (-D), Remote (-R), and GatewayPorts-enabled forwarding—to reach services bound to loopback interfaces and pivot RDP sessions. It includes step-by-step commands, configuration changes, and verification methods using Apache2, proxychains, netstat, and rdesktop so practitioners can reproduce the scenarios in authorized environments. #SSH #RDP
Keypoints
- Sets up an Apache2 web server bound to 127.0.0.1:8080 to demonstrate a protected target service.
- Shows Local (-L) port forwarding to map a local port to a remote loopback service through SSH.
- Demonstrates Dynamic (-D) SOCKS proxying with proxychains to route arbitrary application traffic via the SSH server.
- Explains Remote (-R) reverse tunnels and how enabling GatewayPorts exposes forwarded ports to the network.
- Provides mitigation strategies including restricting SSH forwarding, enforcing key-based/MFA authentication, and network monitoring for long-lived SSH sessions.
Read More: https://www.hackingarticles.in/a-detailed-guide-on-ssh-port-forwarding-tunnelling/