okay. Another useful technique is to
use port forward. So this way you can use
the victim machine as a pivot point to connect other systems
when we can demonstrate this way to think about this would be if the victim's machine
is able to get to other machines on the network. But the attacking machine cannot get there directly
so you can forward ports
through the victim's machine in order to make other connections. I can simulate this
by setting up a a port on my attacker machine
to connect to which will forward automatically to the victim machine. It's the same thing. I'm just doing it,
uh, in a slightly different context.
Run the dash h for help.
We can see we can specify our local host. Listen on. We can add and delete ports, flush the listening ports, local ports, remote ports and remote hosts that we want to specify. It's pretty easy syntax to use,
and what I'm gonna do is send a report
fording so that I can connect to a Net cat on court 445
I demonstrated that in a previous section, so we should be well aware of how that works,
So I'll run port Former
local port will be 445 I could choose any port locally that I wish,
as long as it's not in use.
And my room my port for the remote system
on the remote host will also be 445
and then I need to run.
sorry about the delay there
for the remote system, and that should be 100 to 1 68 26 1
All right, so you can see it create a local relate. So locally. If I connect 4 45 I get redirected to the victim's system on that same port
port. Forward command. I do have some other options.
Oh, let's look at that real quick.
Oh, it's not. Show me what I want, but I know that I can do other things. For instance,
I can run the er Bertus,
and what's command shows me that I've got one port forward set up.
I can also, uh, flush this port forwarding when I'm when I'm finished so that it doesn't remain
if I killed him. A trip recession. The 14 will also
but you may wanna add and remove foreign ports because you're you're changing circumstances as you're doing. You're fantastic.
So I can prove that this works
If I go to another command shell, I can run next, Dad Dash and that I could just grab for 445 We see that it's listening.
Listening on my local host i p address.
Uh, this port was not listening earlier. I probably should have shown that, Buddy,
Hopefully you get the idea. So now if I tell that
to local host 4445 I actually get redirected
to the victim's system, which is the 26 1 31
Very useful activity helps you also, if you think about that, the victim's system
having a trust relationship with other systems on that network, it might seem less suspicious just to have certain connections going on, and that helps to cover your tracks a little bit more, more thoroughly.
And what I want to do now is flush that port forward out because I don't need any longer.
So it stopped affording.
Ah, the connection's still there. It's still worked, are still live, but it it won't uh
I try to do a forwarding again.
That won't work because it's looking for a port locally
to be listening to 445 as we see it's no longer listening. It's and it's in time out right now,
so it's pretty useful.
All right, I'll see in the next action. Thank you.