Infosec Mentor Profile picture
Jan 27, 2021 13 tweets 10 min read Read on X
I have seen a lot of #pentesters struggle with tunneling and port-forwarding concepts. All #hackers should definitely understand these concepts for successful tests.

This thread is dedicated to Tunneling/PortForwarding tricks.

#infosec #pentest #tunneling #security #bugbounty
Local Port2Port

Open new Port in SSH Server --> Other port

ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in port 10521 from everywhere

ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1 #Remote port 1521 accessible in port 10521 from everywhere
Port2hostnet (proxychains)

Local Port --> Compromised host(SSH) --> Wherever

ssh -f -N -D <attacker_port> <username>@<ip_compromised>

#pentest #security #infosec #bugbounty
SSHUTTLE

You can tunnel via ssh all the traffic to a subnetwork through a host.
Example, forwarding all the traffic going to 10.0.0.1/24

pip install sshuttle
sshuttle -r user@host 10.0.0.1/24

#pentest #security #infosec #bugbounty
NTLM proxy bypass

Using Rpivot
OpenVPN can also be used to bypass it, setting these options in the configuration file:

http-proxy <proxy_ip> 8080 <file_with_creds> ntlm

#pentest #security #infosec #bugbounty
Port2Port using Socat

socat TCP-LISTEN:<lport>,fork TCP:<redirect_ip>:<rport> &

#pentest #security #infosec #bugbounty
Meterpreter
@metasploit

meterpreter > portfwd add -l 80 -r 172.16.0.0 -p 80

#pentest #security #infosec #bugbounty
Ncat Port Forwarder
mknod pivot p
nc -l -p < port to listen on> 0<pivot | nc 1>pivot
Remote port forwarding

ssh -N -R 10.10.1.1:4455:127.0.0.1:445 attacker@10.10.1.1
Socks5 with SSH

ssh -N -D 127.0.0.1:8888 admin@10.1.1.1
#SSH Dynamic Port Forwarding

ssh -N -D 127.0.0.1:1337 user@remotehost -p 8888
#pentest #security #infosec #bugbounty
Ncat Http Proxy

ncat -vv --listen 3128 --proxy-type http
SSH graphical connection (X)

ssh -Y -C <user>@<ip>
<-Y is less secure but faster than -X>

#pentest #security #infosec #bugbounty

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Infosec Mentor

Infosec Mentor Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @infosec_mentor

Jan 28, 2021
How many of you will agree that @PortSwigger @PortSwiggerRes @burpsuite is the best #Web #AppSec #bugbounty Tool available on the internet?

This thread includes some of the best Burp Extensions, which I personally love.

#pentest #security #infosec #bugbounty
Turbo Intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
portswigger.net/bappstore/9aba…

#pentest #security #infosec #bugbounty
Retire.js
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
portswigger.net/bappstore/3623…

#pentest #security #infosec #bugbounty
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(