I am in module 158 section 1426 about port forwading.
I want to nmap one of the ip of the compromised host. there are two ips, each one in a network, and I only have access to the ip1, which is in the network 1. i am looking for a pivoting to the second.
The course suggest that for doing that, I can create a ssh channel with the -D flag, and as I have understood, that will make a connection to a theoretical ip of 0.0.0.0:22, which is the broadcast of the compromised machine. So doing ssh -D 1234 username@ip1 , it would make a broadcast connection and every data input to the local port 1234, would broadcast to all the ips in the remote host. An nmap to the localhost of 1234 would return all ports of both ips of the remote host.
Did I uderstood that right? Thanks.