how to create a tunnel when I only have ssh?
For a CTF, I was given access to machines in a private network, I use those machines as a private lab for myself. This private network exposes a ssh server to the internet. The thing is this is my only way to access the machines I was given access to, and I can't make any permanent changes on the ssh server since it is regularly rolled back to the original state.
So to perform my automation and tests I have to first log into the SSH server (via ssh) and then perform the actions I want (nmap, web config, ssh, custom scripts, etc)
I would like to be able to interact with the target machines and the private network in general, as if my personal computer was in the network.
I tried ssh tunnelling like so:
ssh -D 9999 -f -N username@psshserver-adress -p 2222
But using it I can't perform either nmap or ssh connection to any of the targets. It seems like a ssh tunneling limitation.
My goal is to be able to create a script that will create my tunnel, so I need something really generic (I don't want to have to change the port I forward between each scripts / software that I use), so here are my questions
- Am I doing something wrong with ssh dynamic port forwarding?
- I thought about using a ligolo-ng (or any other software you could recommend me) but since I can't make 'permanent' changes on the ssh server, is there a software I could drop and configure using only one custom script, and that would allow me to perform all the kind of task I want to manage my target machines?
PS: I also have heard of ptunnel but it's not stand-alone and doesn't let me use any port I want.
EDIT: This network is a CTF network and the ssh server is my entry point to test the machines behind it