Skip to main content

Local Port Forwarding

Local port forwarding is a technique used to redirect network traffic from a local machine to a remote target machine, often for the purpose of bypassing network restrictions or gaining access to services that would otherwise be inaccessible. It is commonly used when a pentester has access to a remote machine but wants to access an internal service behind a firewall or on a different network segment.

In local port forwarding, the pentester creates a tunnel between their local machine and a remote machine (which they might have compromised or gained access to). The pentester binds a local port on their machine to a port on the remote machine, allowing them to forward traffic from their local machine to that remote port.

Techniques

SSH

## Single
ssh -L 1337:localhost:8080 rezy@10.10.10.10
# It forwards local port 1337 to port 8080 on the remote machine's localhost.

## Multiple
ssh -L 1337:localhost:8080 -L 6969:localhost:3306 rezy@10.10.10.10

Meterpreter

meterpreter > portfwd add -l 1337 -p 3306 -r 192.168.1.7

The command sets up port forwarding, allowing you to access port 3306 on the remote machine (192.168.1.7) by connecting to local port 1337.

Socat

# From Pivot Host
socat TCP4-LISTEN:8080,fork TCP4:192.168.1.7:6969

This command will forward all traffic incoming on port pivot_host:8080 to 192.168.1.7:6969.

Chisel

# Attack-Host
./chisel server -p 1337 --reverse

# Target-Host
./chisel client <ATTACK-HOST-IP>:1337 R:8080:127.0.0.1:8080

This forwards the target-host's 127.0.0.1:8080 to the attack-host's 127.0.0.1:8080.

plink.exe

### [[[---WINDOWS---]]]
plink.exe -L 8080:localhost:80 rezydev@10.10.10.10

This forwards local port 8080 (from your attack machine) to port 80 on localhost of target host.