GIAC
GCIH · Question #780
GCIH Question #780: Real Exam Question with Answer & Explanation
The correct answer is A: ssh -D 2000 [email protected]. The SSH -D flag enables dynamic port forwarding, creating a local SOCKS proxy that tunnels application traffic through the encrypted SSH connection to the remote host.
Web Application Attacks & Post-Exploitation
Question
Which of the following SSH commands will start a SOCKS proxy server on the local system?
Options
- Assh -D 2000 [email protected]
- Bssh -R 9762:localhost:3576 [email protected]
- Cssh -L 0.0.0.0:7324:10.10.10.200:80 [email protected]
- Dssh -L 8895:10.10.10.200:80 [email protected]
Explanation
The SSH -D flag enables dynamic port forwarding, creating a local SOCKS proxy that tunnels application traffic through the encrypted SSH connection to the remote host.
Common mistakes.
- B. The -R flag creates a remote port forward, binding a port on the remote SSH server (9762) and forwarding inbound connections on that port back to localhost:3576 on the client - not a SOCKS proxy.
- C. The -L flag with a bind address (0.0.0.0:7324) creates a static local port forward that maps a specific local port to a single specific destination (10.10.10.200:80), which is not a dynamic SOCKS proxy.
- D. This -L command also creates a static local port forward bound only to the loopback interface (8895) forwarding to a single fixed destination, not a SOCKS proxy capable of dynamic routing.
Concept tested. SSH dynamic port forwarding and SOCKS proxy creation
Reference. https://man.openbsd.org/ssh#D
Topics
#SSH SOCKS proxy#dynamic port forwarding#tunneling#pivoting
Community Discussion
No community discussion yet for this question.