Akash Mahajan
A blog about Technology and Life


Hackish SSH Chaining

Posted on

Step 1

SSH to the kali box

ssh root@kali

Now we create a weird tunnel thing

ssh -L 8001:localhost:8002 sean@10.11.1.251 -t ssh -D 8002 jambo@10.1.1.1

Now in Burp Suite in Kali give the following for SOCKS proxy.

`Socks Proxy Host` 127.0.0.1
`Socks Proxy Port` 8001

Note: You can also use socat in TCP forwarder mode and forward the local 8001 port to other interfaces so that you can proxy directly using your host computer. on Kali, once the tunnel to 10.1.1.1 is created, run in another terminal window:

socat TCP-LISTEN:8008,fork TCP:127.0.0.1:8001

Obviously you can give any values for the ports but for now this is working for me.

Using this in the Kali browser I managed to browsed to http://10.3.3.34.

References