search

Port Forwarding and SSH Tunneling

hashtag
ssh.exe

circle-info

Tool path on windows: %systemdrive%\Windows\System32\OpenSSH

Find ssh with command:

where ssh

For the tunneling part see:

Port Forwarding and SSH Tunnelingchevron-right

hashtag
plink.exe

Network administrators can avoid leaving ssh on the computers. When this happens you are able to upload plink.exe (PuTTY command line counterpart).

plink.exe -ssh -l kali -pw <KALI_PASSWORD> -R 127.0.0.1:<KALI_PORT>:127.0.0.1:<WINDOWS_PORT_TO_FORWARD> <KALI_IP> # loopbakc can be windows RDP port

Verify the open port on kali:

ss -ntplu

hashtag
Netsh

Native way to create a port forward on Windows

Add rule which binds remote port to local machine:

netsh interface portproxy add v4tov4 listenport=<LOCAL_PORT_BIND> listenaddress=<LOCAL_SERVER> connectport=<PORT_TO_FORWARD> connectaddress=DESTINATION_SERVER

Check if port is listening

Add firewall rule that opens a port:

Confirm that port forward is stored:

chevron-rightHow to delete the rulehashtag

Close the port:

Delete port forward

hashtag
Ligolo

Ligolo link: https://github.com/nicocha30/ligolo-ngarrow-up-right

hashtag
Network visibility

Kali set up

Add interface:

Enable interface:

Run ligolo proxy:

Windows set up

Continue after establishing connection on Kali:

List sessions and choose the created one:

Add network to routing tables:

Verify:

Start in ligolo:

hashtag
Port Forwarding

Add listener (in kali ligolo):

Any connection that is coming to our jumphost on REV_SH_SPECIFIED_PORT is going to be transmitted to KALI_NC_PORT

During reverse shell creation specify the IP and PORT on the jumphost instead of kali's.

PreviousUseful commandsNextGeneral information

Last updated