Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Port Fowarding

NetSH for Port Forwarding

Using Netsh for Port Forwarding

Netsh (Network Shell) is a powerful command-line utility in Windows that allows users to configure and manage various network settings. It’s a native tool included in Windows, making it a Living Off the Land Binary (LOLbin), meaning attackers can leverage it without needing to download or install any additional software. Since it's already part of the operating system, it's less likely to be flagged by security software or endpoint defenses.

In this guide, we’ll walk through how to use Netsh for port forwarding in a Windows environment.

What is Port Forwarding in Netsh?

Port forwarding allows you to map traffic from one port on a device (usually a router or firewall) to a specific port on another device or system. In the case of Netsh, you can configure port forwarding on a Windows machine to forward traffic from one local port to another, often for remote access or to enable internal services to be exposed externally.

Using Netsh for Port Forwarding

Netsh allows users to create inbound rules for port forwarding directly from the command line. Here’s how to set up a basic port forwarding rule:

Step 1: Open Command Prompt with Administrative Privileges

You’ll need to run Command Prompt as an administrator to execute Netsh commands that modify network settings:

  1. Search for cmd in the Start menu.

  2. Right-click Command Prompt and select Run as Administrator.

Step 2: Add the Port Forwarding Rule

To forward a port using Netsh, use the following command syntax:

netsh interface portproxy add v4tov4 listenport=[LISTEN_PORT] listenaddress=[LISTEN_IP] connectport=[CONNECT_PORT] connectaddress=[CONNECT_IP]

  • listenport: The port on the local machine where you want to listen for incoming traffic.

  • listenaddress: The IP address of the local machine (usually 0.0.0.0 for any IP on the local machine).

  • connectport: The port on the remote machine or target service that you want to forward traffic to.

  • connectaddress: The target machine's IP address to forward traffic to.

Example 1: Forward Port 8080 to Localhost

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=127.0.0.1

This command forwards all traffic that comes to port 8080 on the local machine to port 80 on localhost.

Example 2: Forward External Port to Internal Network

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8080 connectaddress=192.168.1.10

This will forward any traffic arriving on port 8080 of the machine's external IP to port 8080 on the internal network machine at 192.168.1.10.

Checking the Current Port Forwarding Rules

To view the active port forwarding rules on your system, use the following command:

netsh interface portproxy show all

This will display a list of all active port forwarding configurations.

Deleting a Port Forwarding Rule

If you need to remove a port forwarding rule, use the following command:

netsh interface portproxy delete v4tov4 listenport=[LISTEN_PORT] listenaddress=[LISTEN_IP]

Example: Remove the Port Forwarding Rule for Port 8080

netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0

This will remove the rule that forwards traffic from port 8080 on the local machine.

Why Use Netsh for Port Forwarding? (LOLbin)

As a Living Off the Land Binary (LOLbin), Netsh is a built-in tool that is often overlooked by security teams. It allows attackers to configure network settings, including port forwarding, without the need for additional software. Since Netsh is already part of the Windows operating system, it's more likely to bypass security defenses like antivirus software or endpoint detection and response (EDR) systems.

In a penetration testing or red teaming scenario, leveraging Netsh for port forwarding provides a way to pivot within the network or expose services without raising suspicion. The fact that it is a native tool makes it harder to detect and block, giving attackers an advantage when trying to maintain stealth access to a target network.

PreviousChisel Port ForwardingNextPlink for Port Forwarding

Last updated 18 days ago