Red/Blue Cheatsheet | NORI ZAMURAI
Search…
Introduction
Pentesting Cheatsheets
Reconnaissance
Enumeration
Privilege Escalation
Shell
Password Crack
Exploit
Paylaod
File Transfer
Port Forwarding
Service Login and Interaction
Useful Commands
Linux Commands
Powershell
CMD
Python
Editor: Vi & Tmux
Metasploit
Powershell Empire
Powered By GitBook
Port Forwarding

SSH Local Port Forwarding

ssh -L 6999:localhost:5901 [email protected]
[email protected] = SSH host to connect to
-L = Option to enable local port forwarding
6999 = Port on the client PC
localhost = Host server to connect to (the remote PC, same as 127.0.0.1)
5901 = Port on the remote host (forwarded from the client PC)
SSH Local and Remote Port Forwarding with VNC
Computing Tidbits
Local port forwarding – A port from the client PC is forwarded to the remote PC. A connection to this port enables data to be sent bidirectionally over the SSH connection between the client and remote PC.

SSH: Dynamic Port Forwarding

# Listen on local port 8080 and forward incoming traffic to REMOT_HOST:PORT via SSH_SERVER
# Scenario: access a host that's being blocked by a firewall via SSH_SERVER;
ssh -L 127.0.0.1:8080:REMOTE_HOST:PORT [email protected]_SERVER

SSH: Remote Port Forwarding

# Open port 5555 on SSH_SERVER. Incoming traffic to SSH_SERVER:5555 is tunneled to LOCALHOST:3389
# Scenario: expose RDP on non-routable network;
ssh -R 5555:LOCAL_HOST:3389 [email protected]_SERVER
plink -R ATTACKER:ATTACKER_PORT:127.0.01:80 -l root -pw pw ATTACKER_IP

Proxy Tunnel

# Open a local port 127.0.0.1:5555. Incoming traffic to 5555 is proxied to DESTINATION_HOST through PROXY_HOST:3128
# Scenario: a remote host has SSH running, but it's only bound to 127.0.0.1, but you want to reach it;
proxytunnel -p PROXY_HOST:3128 -d DESTINATION_HOST:22 -a 5555
ssh [email protected] -p 5555

HTTP Tunnel: SSH Over HTTP

# Server - open port 80. Redirect all incoming traffic to localhost:80 to localhost:22
hts -F localhost:22 80
# Client - open port 8080. Redirect all incoming traffic to localhost:8080 to 192.168.1.15:80
htc -F 8080 192.168.1.15:80
# Client - connect to localhost:8080 -> get tunneled to 192.168.1.15:80 -> get redirected to 192.168.1.15:22
ssh localhost -p 8080

Netsh - Windows Port Forwarding

# requires admin
netsh interface portproxy add v4tov4 listenaddress=localaddress listenport=localport connectaddress=destaddress connectport=destport

Pentesting Cheatsheets - Previous
File Transfer
Next - Pentesting Cheatsheets
Service Login and Interaction
Last modified 2yr ago
Copy link
Outline
SSH Local Port Forwarding