Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Infosec Mentor Profile picture
Infosec Mentor
@infosec_mentor
I retweet useful links around #Infosec #OSINT #cybersecurity. Views here are of my own.

Jan 27, 2021, 13 tweets

I have seen a lot of #pentesters struggle with tunneling and port-forwarding concepts. All #hackers should definitely understand these concepts for successful tests.

This thread is dedicated to Tunneling/PortForwarding tricks.

#infosec #pentest #tunneling #security #bugbounty

Local Port2Port

Open new Port in SSH Server --> Other port

ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in port 10521 from everywhere

ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1 #Remote port 1521 accessible in port 10521 from everywhere

Port2hostnet (proxychains)

Local Port --> Compromised host(SSH) --> Wherever

ssh -f -N -D <attacker_port> <username>@<ip_compromised>

#pentest #security #infosec #bugbounty

SSHUTTLE

You can tunnel via ssh all the traffic to a subnetwork through a host.
Example, forwarding all the traffic going to 10.0.0.1/24

pip install sshuttle
sshuttle -r user@host 10.0.0.1/24

#pentest #security #infosec #bugbounty

NTLM proxy bypass

Using Rpivot
OpenVPN can also be used to bypass it, setting these options in the configuration file:

http-proxy <proxy_ip> 8080 <file_with_creds> ntlm

#pentest #security #infosec #bugbounty

Tunneling option in Go

github.com/hotnops/gtunnel

#pentest #security #infosec #bugbounty

Port2Port using Socat

socat TCP-LISTEN:<lport>,fork TCP:<redirect_ip>:<rport> &

#pentest #security #infosec #bugbounty

Meterpreter
@metasploit

meterpreter > portfwd add -l 80 -r 172.16.0.0 -p 80

#pentest #security #infosec #bugbounty

Ncat Port Forwarder
mknod pivot p
nc -l -p < port to listen on> 0<pivot | nc 1>pivot

Remote port forwarding

ssh -N -R 10.10.1.1:4455:127.0.0.1:445 attacker@10.10.1.1
Socks5 with SSH

ssh -N -D 127.0.0.1:8888 admin@10.1.1.1

#SSH Dynamic Port Forwarding

ssh -N -D 127.0.0.1:1337 user@remotehost -p 8888
#pentest #security #infosec #bugbounty

Ncat Http Proxy

ncat -vv --listen 3128 --proxy-type http

SSH graphical connection (X)

ssh -Y -C <user>@<ip>
<-Y is less secure but faster than -X>

#pentest #security #infosec #bugbounty

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling