# Port Forwarding In some instances, a root process may be bound to an internal port, through which it communicates. If for some reason, an exploit cannot run locally on the target machines, the port can be forwarded using SSH to your local machines: ```bash $ ssh -R <local-port>:127.0.0.1:<services-port> <username>@<local-machines> ``` The exploit code can now be run on your local machines at whichever port you choose. ## Port Forwarding Example In this example we will forward the internal port for mysql to our machine so we can run commands against it. ![[Pasted image 20220804223946.png]] Target machine: ```bash $ ssh -R 4444:127.0.0.1:3306 root@<address of our kali machine> ``` Local machine: Leaving the connection open, open another terminal. ```bash $ mysql -u root -h 127.0.0.1 -P 4444 ```