nerdexam
GIAC

GCIH · Question #780

Which of the following SSH commands will start a SOCKS proxy server on the local system?

The correct answer is A. ssh -D 2000 [email protected]. The SSH -D flag enables dynamic port forwarding, creating a local SOCKS proxy that tunnels application traffic through the encrypted SSH connection to the remote host.

Web Application Attacks & Post-Exploitation

Question

Which of the following SSH commands will start a SOCKS proxy server on the local system?

Options

How the community answered

(64 responses)
  • A
    77% (49)
  • B
    6% (4)
  • C
    14% (9)
  • D
    3% (2)

Why each option

The SSH -D flag enables dynamic port forwarding, creating a local SOCKS proxy that tunnels application traffic through the encrypted SSH connection to the remote host.

Assh -D 2000 [email protected]Correct

The command 'ssh -D 2000 [email protected]' binds a SOCKS4/SOCKS5 proxy listener on local port 2000 and forwards all proxied connections through the SSH tunnel to the remote server at 10.10.10.20. Applications configured to use localhost:2000 as a SOCKS proxy will have their traffic transparently routed through the encrypted SSH session.

Bssh -R 9762:localhost:3576 [email protected]

The -R flag creates a remote port forward, binding a port on the remote SSH server (9762) and forwarding inbound connections on that port back to localhost:3576 on the client - not a SOCKS proxy.

Cssh -L 0.0.0.0:7324:10.10.10.200:80 [email protected]

The -L flag with a bind address (0.0.0.0:7324) creates a static local port forward that maps a specific local port to a single specific destination (10.10.10.200:80), which is not a dynamic SOCKS proxy.

Dssh -L 8895:10.10.10.200:80 [email protected]

This -L command also creates a static local port forward bound only to the loopback interface (8895) forwarding to a single fixed destination, not a SOCKS proxy capable of dynamic routing.

Concept tested: SSH dynamic port forwarding and SOCKS proxy creation

Source: https://man.openbsd.org/ssh#D

Topics

#SSH SOCKS proxy#dynamic port forwarding#tunneling#pivoting

Community Discussion

No community discussion yet for this question.

Full GCIH Practice