Tunnels & Port Forward

Access Port on Target Host Locally

  • Useful for RDPing into specific hosts via Kali

#SSH Local Port Forwarding
ssh -L localPort:targetIp:targetPort user@kali-fN

#For RDP - RDP to localhost:3388 from local host
ssh -L 3388: user@kali -fN

Access Web Services via Jumpbox

  • Useful to enumerate admin interfaces within internal network

#Dynamic Port Forward
ssh -D 1337 user@ -fN

#Add SOCKS Proxy configuration to your web browser's proxy setting
Use Wappalyzer + FoxyProxy plugins

Tunneling Internet to Kali via Jumpbox

  • Requires an SSH server on the jumpbox - MSDN ( i.e, Local Admin access)

#Set up reverse port forwarding from the Kali (18888) to Jumpbox (8085)
ssh -R 18888:localhost:8085 user@kali

#Modify proxychains on Kali to allow traffic through port 18888

#Set up SSH dynamic port forwarding to tunnel traffic from Kali to the Jumpbox and out to the internet
ssh -D 8085 user@kali

SOCKS Proxy via Web Server

  • Compromise a bastion webserver and create SOCKS proxies through the DMZ

python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/tunnel.jsp

Last updated