🐲
OSCP Notes
  • 🐲OSCP Notes
  • 🐲OSCP Methodology
  • 💡Misc
    • Metasploit
    • Antivirus Evasion
    • Password attacks
    • Reverse Shells
    • Port Forwarding, Tunneling and Pivoting
      • Local Port Forwarding
      • Remote Port Forwarding
      • Dynamic Port Forwarding
      • Lingolo-ng
    • Information Gathering
      • Passive Reconnaissance
        • Whois
        • Google Dorks
        • NetCraft
        • Git Repository
      • Active Reconnaissance
        • DNS Enumeration
        • Host Discovery
        • Port scanning
        • SMTP - 25
        • SNMP
  • Linux
    • Local Enumeration
    • Local Privileges Escalation
      • Scheduled tasks
      • Password Authentication
      • Monitor Processes
      • SetUID Binaries and Capabilities
      • Sudoers
      • Kernel Exploits
  • Windows
    • 🧠Mindmap
    • 🥝Mimikatz Basics
    • Enumeration
      • External Enumeration
      • Local Enumeration
      • Active Directory
        • PowerView
    • NTLM Hashes
    • Local Privilege Escalation
      • Service Binary Hijacking
      • Service DLL Hijacking
      • Unquoted Service Paths
      • Scheduled Tasks
      • Token impersonation
      • Backup Operators Group
    • Lateral Movement
      • WMI and WinRM
      • PsExec
      • Pass The Hash
      • Overpass The Hash
      • Pass The Ticket
      • DCOM
    • Persistence
      • Golden Ticket
      • Shadow Copy
    • Authentication Attacks
      • AS-REP Roasting
      • Kerberoasting
      • Password Spray
      • Silver Ticket
      • DC Sync
    • Client Side
    • NTLM Authentication
    • Kerberos Authentication
    • Cached Credentials
  • Web attacks
    • WordPress
    • SQL Injection (SQLi)
    • Command Injection
    • Directory Traversal
    • Local File Inclusion (LFI)
    • File Upload
Powered by GitBook
On this page
  • Socat
  • Netsh
  • SSH
  1. Misc
  2. Port Forwarding, Tunneling and Pivoting

Local Port Forwarding

Local forwarding allows to forward a port on your local machine to a port on a remote target.

Socat

A tool for bidirectional data transfer between two endpoints.

Opens a listening TCP port on the local machine on given port and uses fork to handle multiple connections. Then forwards the incoming traffic to the remote IP on given port

socat -ddd TCP-LISTEN:<local_port>,fork TCP:<remote_ip>:<remote_port>
  • -ddd: Enables debug mode with detailed output

Netsh

netsh (Network Shell) is a command-line utility in Windows that allows for the configuration and management of networking components and settings.

Local Admin is required to use this tool. In order to bypass UAC use it through RDP running batch shell as administrator

Adds a rule to forward traffic from <LISTEN_IP>:<LISTEN_PORT> to <TARGET_IP>:<TARGET_PORT>.

netsh interface portproxy add v4tov4 listenport=<LISTEN_PORT> listenaddress=<LISTEN_IP> connectport=<TARGET_PORT> connectaddress=<TARGET_IP>

Displays the existing port forwarding rules.

netsh interface portproxy show all

Allows incoming traffic for <LISTEN_IP>:<LISTEN_PORT> via TCP.

netsh advfirewall firewall add rule name="<RULE_NAME>" protocol=TCP dir=in localip=<LISTEN_IP> localport=<LISTEN_PORT> action=allow

Removes a specified firewall rule.

netsh advfirewall firewall delete rule name="<RULE_NAME>"

Deletes the port forwarding rule for <LISTEN_IP>:<LISTEN_PORT>.

netsh interface portproxy del v4tov4 listenport=<LISTEN_PORT> listenaddress=<LISTEN_IP>

SSH

ssh -N -L <local_ip>:<local_port>:<target_ip>:<target_port> <ssh_server_username>@<ssh_server_ip>

PreviousPort Forwarding, Tunneling and PivotingNextRemote Port Forwarding

Last updated 7 months ago

💡
Drawing