Plink for Port Forwarding

Using Plink (and PuTTY) for Port Forwarding

Plink is a command-line interface tool that comes with PuTTY, a popular SSH client for Windows. Plink allows users to establish SSH connections and supports functionalities such as port forwarding. As it is already included in common environments, Plink (and PuTTY) are often used for post-exploitation activities or for administrators needing to create secure connections without raising red flags.

In this guide, we’ll show you how to use Plink and PuTTY for port forwarding.

What is Port Forwarding with Plink?

Plink enables SSH port forwarding by tunneling traffic between your local machine and a remote machine over an encrypted SSH connection. This can be useful for securely accessing services that are behind firewalls, bypassing network restrictions, or creating secure communication channels between systems.

Using Plink for Port Forwarding

Plink, a command-line tool, supports both local and remote port forwarding. It works similarly to SSH, but is intended to be run from the command line without the GUI interface provided by PuTTY.

Step 1: Download and Set Up Plink

First, make sure Plink is available on your system. It is bundled with PuTTY, so if you already have PuTTY installed, you should also have Plink.

You can download PuTTY (and Plink) from the official website: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Step 2: Use Plink for Local Port Forwarding

Local port forwarding allows you to forward a port on your local machine to a port on a remote machine through an SSH tunnel. Here’s how to configure it using Plink:

plink.exe -ssh [USER]@[REMOTE_IP] -L [LOCAL_PORT]:[REMOTE_IP]:[REMOTE_PORT] -N

• -ssh: Specifies to use SSH for the connection.

• [USER]: Your username on the remote machine.

• [REMOTE_IP]: The IP address of the remote server.

• [LOCAL_PORT]: The local port to forward.

• [REMOTE_PORT]: The target port on the remote machine.

• -N: Tells Plink to not execute any commands once connected (only the tunnel is created).

Example 1: Forward Local Port 8080 to Remote Port 80

plink.exe -ssh user@192.168.1.100 -L 8080:127.0.0.1:80 -N

This command forwards local port 8080 to port 80 on the remote machine at 192.168.1.100. Any traffic sent to localhost:8080 will be forwarded over the SSH tunnel to port 80 on the remote machine.

Step 3: Use Plink for Remote Port Forwarding

Remote port forwarding works similarly to local port forwarding, but instead of forwarding local ports, it forwards remote ports to local systems. This is useful if you want to expose a service on your local machine to a remote server.

plink.exe -ssh [USER]@[REMOTE_IP] -R [REMOTE_PORT]:[LOCAL_IP]:[LOCAL_PORT] -N

• -R: Specifies remote port forwarding.

• [REMOTE_PORT]: The port on the remote server to forward traffic from.

• [LOCAL_IP]: The local machine's IP address or 127.0.0.1 for localhost.

• [LOCAL_PORT]: The local port on which to forward traffic.

Example 2: Forward Remote Port 8080 to Local Port 80

plink.exe -ssh user@192.168.1.100 -R 8080:127.0.0.1:80 -N

This command will make the local web server (running on port 80 of 127.0.0.1) available to the remote machine at 192.168.1.100 on port 8080.

Using PuTTY for Port Forwarding

PuTTY provides a graphical interface for setting up SSH port forwarding. If you prefer not to use the command line, you can achieve the same results with the PuTTY GUI:

1. Open PuTTY and configure your SSH session as usual.

2. In the Session settings, go to the Tunnels category under Connection > SSH.

3. For Local Port Forwarding:

   • In the Source Port field, enter the local port you want to forward.

   • In the Destination field, enter [REMOTE_IP]:[REMOTE_PORT].

4. For Remote Port Forwarding:

   • In the Source Port field, enter the port on the remote machine you want to forward.

   • In the Destination field, enter [LOCAL_IP]:[LOCAL_PORT].

5. Click Add, then Open to start the SSH connection and establish the tunnel.

Why Use Plink and PuTTY for Port Forwarding?

These tools are already commonly installed on systems (especially Windows), meaning attackers can exploit them without needing to download or install any external software, which can often trigger security defenses like antivirus or endpoint detection systems.

By leveraging Plink and PuTTY for port forwarding, attackers can tunnel traffic over secure SSH channels, bypassing firewalls or network segmentation, and pivoting deeper into a network. Since these tools are so widely used, they are often less likely to raise suspicion, making them useful for maintaining persistence or conducting covert operations within a target network.