TwitterGitHubLinkedIn

Tunneling/Port Forwarding

Linux

Local port forwarding

ssh <gateway> -L <local port>:<remote host>:<remote port>

Remote port forwarding

ssh <gateway> -R <remote port>:<local host>:<local port>

Dynamic port forwarding

ssh -D <local port> -p <remote port> <target>

HTTP tunneling – technique to encapsulate a protocol within HTTP

HTTPTunnel or stunnel

Windows

Netsh

Netsh is installed on Windows by default, but requires the IP Helper service and IPv6 must be installed (both enabled by default).

netsh interface portproxy add v4tov4 listenport=$port listenaddress=$ip connectport=$port connectaddress=$ip

A firewall rule may be required to open the desired port.

netsh advfirewall firewall add rule name="forward_port_rule" protocol=TCP dir=in localip=$ip localport=$port action=allow

Plink.exe

plink.exe -ssh -l kali -pw ilak -R 10.11.0.4:1234:127.0.0.1:3306 10.11.0.4
plink.exe -l root -pw mysecretpassword 192.168.0.101 -R 8080:127.0.0.1:8080

Meterpreter

portfwd add -l <attacker port> -p <victim port> -r <victim ip>
portfwd add -l 3306 -p 3306 -r 192.168.1.10

PreviousWindows privilege escalationNextConnections

Last updated