Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Port Fowarding

Plink for Port Forwarding

Using Plink (and PuTTY) for Port Forwarding

Plink is a command-line interface tool that comes with PuTTY, a popular SSH client for Windows. Plink allows users to establish SSH connections and supports functionalities such as port forwarding. As it is already included in common environments, Plink (and PuTTY) are often used for post-exploitation activities or for administrators needing to create secure connections without raising red flags.

In this guide, we’ll show you how to use Plink and PuTTY for port forwarding.

What is Port Forwarding with Plink?

Plink enables SSH port forwarding by tunneling traffic between your local machine and a remote machine over an encrypted SSH connection. This can be useful for securely accessing services that are behind firewalls, bypassing network restrictions, or creating secure communication channels between systems.

Using Plink for Port Forwarding

Plink, a command-line tool, supports both local and remote port forwarding. It works similarly to SSH, but is intended to be run from the command line without the GUI interface provided by PuTTY.

Step 1: Download and Set Up Plink

First, make sure Plink is available on your system. It is bundled with PuTTY, so if you already have PuTTY installed, you should also have Plink.

You can download PuTTY (and Plink) from the official website: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Step 2: Use Plink for Local Port Forwarding

Local port forwarding allows you to forward a port on your local machine to a port on a remote machine through an SSH tunnel. Here’s how to configure it using Plink:

plink.exe -ssh [USER]@[REMOTE_IP] -L [LOCAL_PORT]:[REMOTE_IP]:[REMOTE_PORT] -N

  • -ssh: Specifies to use SSH for the connection.

  • [USER]: Your username on the remote machine.

  • [REMOTE_IP]: The IP address of the remote server.

  • [LOCAL_PORT]: The local port to forward.

  • [REMOTE_PORT]: The target port on the remote machine.

  • -N: Tells Plink to not execute any commands once connected (only the tunnel is created).

Example 1: Forward Local Port 8080 to Remote Port 80

plink.exe -ssh user@192.168.1.100 -L 8080:127.0.0.1:80 -N

This command forwards local port 8080 to port 80 on the remote machine at 192.168.1.100. Any traffic sent to localhost:8080 will be forwarded over the SSH tunnel to port 80 on the remote machine.

Step 3: Use Plink for Remote Port Forwarding

Remote port forwarding works similarly to local port forwarding, but instead of forwarding local ports, it forwards remote ports to local systems. This is useful if you want to expose a service on your local machine to a remote server.

plink.exe -ssh [USER]@[REMOTE_IP] -R [REMOTE_PORT]:[LOCAL_IP]:[LOCAL_PORT] -N

  • -R: Specifies remote port forwarding.

  • [REMOTE_PORT]: The port on the remote server to forward traffic from.

  • [LOCAL_IP]: The local machine's IP address or 127.0.0.1 for localhost.

  • [LOCAL_PORT]: The local port on which to forward traffic.

Example 2: Forward Remote Port 8080 to Local Port 80

plink.exe -ssh user@192.168.1.100 -R 8080:127.0.0.1:80 -N

This command will make the local web server (running on port 80 of 127.0.0.1) available to the remote machine at 192.168.1.100 on port 8080.

Using PuTTY for Port Forwarding

PuTTY provides a graphical interface for setting up SSH port forwarding. If you prefer not to use the command line, you can achieve the same results with the PuTTY GUI:

  1. Open PuTTY and configure your SSH session as usual.

  2. In the Session settings, go to the Tunnels category under Connection > SSH.

  3. For Local Port Forwarding:

    • In the Source Port field, enter the local port you want to forward.

    • In the Destination field, enter [REMOTE_IP]:[REMOTE_PORT].

  4. For Remote Port Forwarding:

    • In the Source Port field, enter the port on the remote machine you want to forward.

    • In the Destination field, enter [LOCAL_IP]:[LOCAL_PORT].

  5. Click Add, then Open to start the SSH connection and establish the tunnel.

Why Use Plink and PuTTY for Port Forwarding?

These tools are already commonly installed on systems (especially Windows), meaning attackers can exploit them without needing to download or install any external software, which can often trigger security defenses like antivirus or endpoint detection systems.

By leveraging Plink and PuTTY for port forwarding, attackers can tunnel traffic over secure SSH channels, bypassing firewalls or network segmentation, and pivoting deeper into a network. Since these tools are so widely used, they are often less likely to raise suspicion, making them useful for maintaining persistence or conducting covert operations within a target network.

PreviousNetSH for Port ForwardingNextSoCat

Last updated 18 days ago