Port Forwarding with Windows Netsh
Netsh is a Windows command-line tool that can help with the network configuration of a particular Windows system. Here are just some of the networking related tasks we can use Netsh for:
- Finding routes
- Viewing the firewall configuration
- Adding proxies
- Creating port forwarding rules
Let's take an example of the below scenario where our compromised host is a Windows 10-based IT admin's workstation (10.129.49.126, 172.16.5.150). Keep in mind that it is possible on an engagement that we may gain access to an employee's workstation through methods such as social engineering and phishing. This would allow us to pivot further from within the network the workstation is in.
We can use netsh.exe to forward all data received on a specific port (say 8080) to a remote host on a remote port. This can be performed using the below command.
Step 1 - connect to Pivot Host
Using Netsh.exe to Port Forward - on Pivot Host
Verifying Port Forward - on Pivot Host
After configuring the
portproxy on our Windows-based pivot host, we will try to connect to the 8080 port of this host from our attack host using xfreerdp. Once a request is sent from our attack host, the Windows host will route our traffic according to the proxy settings configured by netsh.exe.