Scenario 1:

Started an SSH Session with my cyber.local account:

Created "Jaden" directory and added content to "index.html" and used python3 to start the server. I curled the address and it failed:

---

Deliverable 1:

---

Scenario 2:

Let's say you don't have direct SSH access to the target but rather you have an interactive console like a reverse shell that you acquired during the process of landing a foothold on the target. Furthermore, maybe the target does not have SSH services running at all.

We can still use the SSH client on the target to create a tunnel. In this case Kali would be the SSH server.

Great care needs to be taken so that your target doesn't actually reach over and exploit you.

Deliverable 2:

Step 2:

Using a root user I made a fake user that will only be able to ssh via public key:

Gave trashusr a password with passwd command:

Step 3:

Deliverable 3:

For some reason trashusr always demanded a password to ssh even with the proper command so I made a new user following the exact same steps and this one worked: