Port Forwarding - Tunneling

Chisel

Portforwarding,

Forwarding remote port 8080 to localhost

On kali,

./chisel server --reverse --port 9001

example,
./chisel server --reverse --port 9001

On target,

.\chisel.exe client <kali-ip>:9001 R:<local-port>:127.0.0.1:<target-port>

example,
.\chisel.exe client 10.10.14.38:9001 R:8080:127.0.0.1:8080

Sock5 proxy with chisel,

On kali,

./chisel server -p 9001 --socks5 --reverse

On target,

chisel client <kali-ip>:9001 R:5000:socks

R:5000:socks

  • the R means that we want to perform a reverse port forward.

  • 5000 will be the port on the attacker machine that will act as the entry point to our SOCKS5 proxy; and

  • socks simply means we are using the SOCKS protocol.

Add socks5 127.0.0.1 5000 to /etc/proxychains.conf

  • Don't forget to disable DNS resolution over proxychains.

udp port forward

/opt/chisel/chisel_1.7.7_linux_386 server --reverse --port 9001
./chisel_1.7.7_linux_386  client 192.168.119.203:9001 R:10.1.1.89:1978/udp

Sshuttle

This is the best tunneling tool

Standalone (compiled and ready to be executed) binaries,

sshuttle -vvv -e 'ssh -i id_rsa' -r morph3@10.11.1.252 -x 10.11.1.252 10.2.2.1/24
sudo ./sshuttle -e "ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c 3des-cbc" -r morph3@10.11.1.252:22000 10.2.2.1/24

SSH

Port forwarding,

forwards remote host 10.10.10.99:2049 back to localhost:2049

ssh -L 127.0.0.1:1978:10.10.10.99:1978 morph3@1.3.3.7

Tunneling,

ssh morph3@1.3.3.7 -p22000 -D 127.0.0.1:1080
proxychains firefox
proxychains impacket-psexec administrator@10.13.37.1

Regeorg

PreviousWriteOwnerNextCloud

Last updated