Lateral Movement

Pivot from a compromised Linux host to its reachable networks.

Local Port Forwarding

Create a local port forwarding rule to pivot through the host for specific ports.

Netcat Relay

As netcat provides two-way communication, we can use it together with a named pipe to create a temporary local port forwarding rule.

mknod /tmp/mybackpipe p
nc -l -p <allowed_inbound_port> 0</tmp/mybackpipe | nc <destination_host> <destination_port> 1>/tmp/mybackpipe &

SOCKS Proxy

Create a SOCKS proxy on the host to pivot all network traffic.

Using SSH

If you already have SSH access on the host, use it to create a listening SOCKS proxy on your machine that will tunnel traffic through the SSH session.

ssh -N -D 127.0.0.1:1080 <username>@<ip address>