Skip to content

Port Redirection & Tunneling

Port Redirection


nano /etc/rinetd.conf

Add forword from kali linux port 80 to ip port 80.

# bindadress    bindport  connectaddress  connectport 80 80

Restart RINETD service

sudo service rinetd restart

Checking running service at port 80

ss -antp | grep 80

SSH Tunneling

Local Forwarding

ssh -N -L [bind_address:]port:host:hostport [username@address]
  • -N Don't need to execute code
  • -L Local forward
  • Bind port 80 at Kali Machine
  • Forward traffic to target IP
  • hades@ Compromised machine
sudo ssh -N -L hades@ -i ./.ssh/id_rsa

Remote Forwarding

ssh -N -R [bind_address:]port:host:hostport [username@address]
ssh -N -R kali@myip -i /home/hades/.ssh/kali-idrsa

Dynamic Forwarding

ssh -N -D <address to bind to>:<port to bind to> <username>@<SSH server address>
ssh -N -D hades@ -i .ssh/id_rsa


socks4 9001

Using proxychains to use the proxy

proxychains smbclient -L
sudo proxychains nmap --top-ports=5 -Pn -sT


plink.exe -ssh -l user -pw passwd -R myip

Answer command trick using echo

cmd.exe /c echo y | plink.exe -ssh -l user -pw passwd -R myip


netsh interface portproxy add v4tov4 listenport=9001 listenaddress= connectport=12345 connectaddress=
netstat -anp TCP | find "9001"

Adding a firewall rule to allow inbound connections on port 9001

netsh advfirewall firewall add rule name="forward_port_rule" protocol=TCP dir=in localip= localport=9001 action=allow


Redirect traffic of RDP at to local at port 8888

ssh -L hades@
ss -antp | grep "8888"

Redirect all traffic to http protocol.

hts --forward-port localhost:8888 1234
hts --forward-port 1234
ps aux | grep hts

At Kali machine, redirect RDP protocol to http protocol

htc --forward-port 8080