Part 9 - Port Forwarding
Video Activity
This lesson covers port forwarding. In port forwarding, the victim's machine is used as a pivot point to connect to other systems when the attacking machine cannot accomplish this directly.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson covers port forwarding. In port forwarding, the victim's machine is used as a pivot point to connect to other systems when the attacking machine cannot accomplish this directly.
Video Transcription
00:03
>> Another useful technique is to use port forwarding.
00:03
This way you can use
00:03
the victim machine as
00:03
a pivot point to connect to other systems.
00:03
One way we can demonstrate this,
00:03
one way to think about this would be if
00:03
the victim's machine is
00:03
able to get to other machines on the network,
00:03
but the attacking machine cannot get there directly.
00:03
You can forward ports through
00:03
the victim's machine in order
00:03
>> to make other connections.
00:03
>> I can simulate this by setting up a port
00:03
on my attacker machine to
00:03
connect to which will forward
00:03
automatically to the victim machine.
00:03
It's the same thing, I'm just doing
00:03
it in a slightly different context.
00:03
Port forward [NOISE] to run the dash h for help.
00:03
We can see we can specify
00:03
our local host Alyson on we can add and delete ports,
00:03
flush the listening ports,
00:03
local ports, remote ports, and remote hosts.
00:03
Now we want to specify,
00:03
it's pretty easy syntax to use.
00:03
What I'm going to do is set up
00:03
a port forwarding so that I can
00:03
connect up to a Netcat on port 445.
00:03
I demonstrate that in a previous section,
00:03
so we should be well aware of how that works.
00:03
I'll run port forward,
00:03
add my local portal before 445,
00:03
I could choose any pot locally that I wish,
00:03
as long as it's not in use.
00:03
My port for the remote system
00:03
on the remote host will also be 445.
00:03
Then I need to run [NOISE] dash r,
00:03
sorry about the delay there.
00:03
For the remote system and that should be 192,
00:03
168, 26, 131.
00:03
You can see it created a local relay
00:03
Locally if I connect a 445,
00:03
I get redirected to the victim
00:03
>> system on that same port,
00:03
>> port forward command,
00:03
I do have some other options.
00:03
Let's look at that real quick,
00:03
it's not show me what I want,
00:03
but I know that I can do other things, for instance,
00:03
I can run the there it is,
00:03
the list command, and
00:03
list command shows me that I've got
00:03
one port forward set up.
00:03
I can also flush
00:03
this port forwarding when
00:03
I'm finished so that it doesn't remain.
00:03
If I kill them or triple recession,
00:03
the forwarding will also be removed.
00:03
But you may want to add or remove foreign ports
00:03
because you're changing circumstances
00:03
as you're doing your pen testing.
00:03
I can prove that this works,
00:03
if I go to another command shell,
00:03
I can run next add dash AN,
00:03
and I can just grep for 445,
00:03
>> we see that it's listening.
00:03
>> Listening on my local host IP address.
00:03
This probe is not listening
00:03
earlier I publisher has shown that,
00:03
but hopefully you get the idea.
00:03
Now if I tell that to local host on port 445,
00:03
I actually get redirected to the victim system,
00:03
which is the 26, 131.
00:03
Very useful, and I've pivoting helps you.
00:03
Also, if you think about the victim system,
00:03
having a trust relationship with
00:03
other systems on that network,
00:03
it might seem less suspicious
00:03
to have certain connections going on,
00:03
and that helps to cover your tracks a little
00:03
bit more with more thoroughly.
00:03
What I want to do now is
00:03
flush that port forward out because I don't
00:03
need it any longer. It stopped the forwarding.
00:03
The connection is still there, it still worked,
00:03
it still live, but it won't.
00:03
I tried to do a forwarding again.
00:03
That won't work because it's looking for a port
00:03
locally to be listening to 445 and as we see,
00:03
it's no longer listening, it's in time-out right now.
00:03
It's pretty useful, all right,
00:03
so in the next section, Thank you.
Up Next
Similar Content
