Port Forwarding and SSH Tunneling

ssh.exe

Tool path on windows: %systemdrive%\Windows\System32\OpenSSH

Find ssh with command:

where ssh

For the tunneling part see:

Port Forwarding and SSH Tunneling

plink.exe

Network administrators can avoid leaving ssh on the computers. When this happens you are able to upload plink.exe (PuTTY command line counterpart).

plink.exe -ssh -l kali -pw <KALI_PASSWORD> -R 127.0.0.1:<KALI_PORT>:127.0.0.1:<WINDOWS_PORT_TO_FORWARD> <KALI_IP> # loopbakc can be windows RDP port

Verify the open port on kali:

ss -ntplu

Netsh

Native way to create a port forward on Windows

Add rule which binds remote port to local machine:

netsh interface portproxy add v4tov4 listenport=<LOCAL_PORT_BIND> listenaddress=<LOCAL_SERVER> connectport=<PORT_TO_FORWARD> connectaddress=DESTINATION_SERVER

Check if port is listening

Add firewall rule that opens a port:

Confirm that port forward is stored:

How to delete the rule

Close the port:

Delete port forward

Ligolo

Ligolo link: https://github.com/nicocha30/ligolo-ng

Network visibility

Kali set up

Add interface:

Enable interface:

Run ligolo proxy:

Windows set up

Continue after establishing connection on Kali:

List sessions and choose the created one:

Add network to routing tables:

Verify:

Start in ligolo:

Port Forwarding

Add listener (in kali ligolo):

Any connection that is coming to our jumphost on REV_SH_SPECIFIED_PORT is going to be transmitted to KALI_NC_PORT

During reverse shell creation specify the IP and PORT on the jumphost instead of kali's.

PreviousUseful commandsNextGeneral information

Last updated