port forwarding
meterpreter port forwarding:
portfwd list
portfwd [add | delete] -l LOCAL_PORT -p TARGET_PORT -r TARGET_IP
portfwd flush # to remove all port-forwarding
ssh port forwarding:
-f
: background shell, to give shell back-N
: only setup connect, no commands are to be run
Forward connections (outgoing)
# for connecting to remote port via localhost (-L) (outgoing)
ssh -L KALI-IP:KALI-PORT:localhost:TARGET-PORT TARGET-USER@TARGET-IP
Reverse connections (incoming)
authorized_keys file
from="IP",command="echo 'This account can only be used for Port Forwarding'",no-agent-forwarding,no-X11-forwarding,no-pty <SSH-PUBLIC-key>
Command
# for allowing a connecting to your port from outside (incoming)
ssh -fN -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -R KALI-IP:KALI-PORT:localhost:TARGET-PORT -i <id_rsa> KALI-USER@KALI-IP
# -N: not running commands
# -f: go to background
# UserKnownHostsFile=/dev/null & StrictHostKeyChecking=no will not ask kali password; not safe to enter password on target.
chisel port forwarding
Remote Port Forward
# server on kali
chisel server -p 8000 --reverse
# client on target
chisel client KALI_IP:8000 R:KALI_LISTENING_PORT:TARGET_IP:TARGET_PORT_FORWARD [-v]
ex. chisel.exe client 10.10.16.161:9000 R:8989:127.0.0.1:8888
# chisel server is 10.10.16.161:9000
# any requests to kali:8989 ==> target:8888
Local Port Forward
# server on target
chisel server -p 8000
# client on kali
chisel client TARGET_IP:8000 KALI_PORT:TARGET_IP:TARGET_PORT [-v]
plink.exe
# /usr/share/windows-binaries/plink.exe
plink.exe kashz@IP -R <remote-port>:localhost:<local-port>
socat port forwarding
# listen on PORT1,bind to IP1 and route to IP2:PORT2
socat tcp-l:PORT1,fork,reuseaddr,bind=IP1 tcp:IP2:PORT2
Socket Check:
ss FLAG
flag
description
-t
TCP sockets
-u
UDP sockets
-l
Listening sockets only
-p
Process using the socket
-n
No DNS resolution
Last updated
Was this helpful?