Skip to main content

Dynamic Port Forwarding

Dynamic port forwarding is a technique used to forward network traffic through a flexible tunnel, often to access multiple remote services or bypass network restrictions. It is commonly used when a pentester has access to a compromised machine and wants to route traffic to various destinations on the internal network using a single point of entry.

In dynamic port forwarding, the pentester sets up a SOCKS proxy on their local machine, which allows them to forward traffic dynamically to different remote services. This proxy can be configured to forward requests to various destinations within the compromised network, providing the pentester with access to multiple systems and services without needing to set up specific port forwarding rules for each destination.

Technique

Step 1:

socks4 127.0.0.1 1337
# The line 'socks4 127.0.0.1 1337' in /etc/proxychains.conf directs
# ProxyChains to route traffic through a local SOCKS4 proxy on port 1337,
# enabling access to remote systems and bypassing restrictions.

Step 2:

SSH

ssh -D 1337 rezydev@10.10.10.10 -fN

Metasploit

# The command will create SOCKS proxy on port 1337.
msfconsole -x "use auxiliary/server/socks_proxy; set SRVPORT 1337; set SRVHOST 0.0.0.0; set version 4a; run"

# The command is used for automatically adding routing to access additional
# subnets through a compromised session.
ms6 > use post/multi/manage/autoroute; set SESSION 1; set SUBNET 192.168.1.0/24; run"

# Alternative directly from meterpreter shell:
meterpreter > run autoroute -s 192.168.1.0/24

# List the active routes
meterpreter > run autoroute -p

plink.exe

### [[[---WINDOWS---]]]
plink.exe -D 1337 rezydev@10.10.10.10

This sets up a SOCKS proxy on port 1337 on your local machine, forwarding traffic through the pivot host 10.10.10.10.

Step 3:

proxychains nmap 192.168.1.7
proxychains curl http://192.168.1.7
proxychains msfconsole # To open metasploit using proxychains
proxychains firefox # To open browser using proxychains
info

Use proxychains4 -q nmap 192.168.1.7 to remove unwanted terminal outputs.