From 7f53e63fcc0a12b8b89ca68f7243631515888814 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Thu, 13 Apr 2023 19:56:18 +0100
Subject: [PATCH] Update README.md
---
README.md | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 969b314..6bd01c0 100644
--- a/README.md
+++ b/README.md
@@ -305,15 +305,20 @@ The ssh connection goes via ssh-j.com into the reverse tunnel to the host behind
**2.v SSH pivoting to multiple servers**
-SSH ProxyJump trick can save you a lot of time and hassle when working with remote servers. Let's assume the scenario as below.
-We have $local-kali behind NAT, we want to ssh into $target-host without interactively login to each intermediary servers.
-The route is; we can SSH to C2, the C2 can SSH to internal-jumphost via internal IP(eth1) and internal-jumphost can SSH to target-host via eth2.
+SSH ProxyJump can save you a lot of time and hassle when working with remote servers. Let's assume the scenario:
+
+Our workstation is $local-kali and we like to SSH into $target-host. There is no direct connection between our workstation and $target-host. Our workstation can only reach $C2. $C2 can reach $internal-jumphost (via internal eth1) and $internal-jumphost can reach the final $target-host via eth2.
```sh
$local-kali -> $C2 -> $internal-jumphost -> $target-host
eth0 192.168.8.160 10.25.237.119
eth1 192.168.5.130 192.168.5.135
eth2 172.16.2.120 172.16.2.121
```
+
+> We do not execute `ssh` on any computer but our trusted workstation - and neither shall you (ever).
+
+That's where ProxyJump helps: We can 'jump' via the intermediary servers $C2 and $internal-jumphost without spawning a shell on those servers. The ssh-connection is end-2-end encrypted between our $local-kali and $target-host and no password or key is exposed to $C2 or $internal-jumphost.
+
```sh
## if we want to SSH to $target-host:
kali@local-kali$ ssh -J c2@10.25.237.119:22,jumpuser@192.168.5.135:22 target@172.16.2.121
@@ -322,6 +327,8 @@ kali@local-kali$ ssh -J c2@10.25.237.119:22,jumpuser@192.168.5.135:22 target@172
kali@local-kali$ ssh -J c2@10.25.237.119:22 jumpuser@192.168.5.135:22
```
+> We use this as well to hide our IP address when logging into servers.
+
---
## 3. Network