Why this topic matters
Pivoting & Portforwarding matters because it changes how an operator frames the problem, chooses validation steps and decides what evidence is strong enough to keep. In real work, weak handling of this topic leads to wasted time, noisy testing and softer findings.
This brief treats pivoting & portforwarding as a reusable field reference. The focus is on attack surface, decision points, practical workflow and the public material that is worth keeping nearby when you need to execute, verify or explain the subject under pressure.
Core coverage
The points below capture the main workflows, concepts, tools and operator decisions associated with pivoting & portforwarding.
- Pivoting
- Pivoting via SSH and socks proxy
- Building an SSH tunnel
- Adjusting proxychains in kali
- Sending commands through proxychains
- Pivoting via metasploits meterpreter
- Listing active meterpreter sessions
- Pivoting via meterpreter
- Pivoting via netcat
- Ncat http proxy
Commands and snippets
ssh -D localhost:9000 -f -N daniel@10.1.2.3
socks5 127.0.0.1 9000
proxychains nmap -sV 10.2.3.4
msf6 auxiliary(scanner/ftp/anonymous) > route add 10.1.2.0/24 1 [*] Route added msf6 auxiliary(scanner/ftp/anonymous) > use auxiliary/server/socks4a msf6 auxiliary(server/socks4a) > set SRVPORT 9050 SRVPORT => 9050 msf6 auxiliary(server/socks4a) > run -j [*] Auxiliary module running as background job 2. [*] Starting the socks4a proxy server msf6 auxiliary(server/socks4a) >
ncat -vv --listen 1337 --proxy-type http
socat tcp-l:5050,fork,reuseaddr tcp:127.0.0.1:1337 # Port 5050 = Listenport # Port 1337 = Port that receives the forwarded traffic.
./redir :1234 10.1.2.3:5678
beacon> socks 3333
Curated public references
- Nmap · Man.htmlnmap.org/book/man.html
- BloodHound Documentationbloodhound.specterops.io/
- GitHub · fortra / impacketgithub.com/fortra/impacket
- MITRE ATT&CKattack.mitre.org/
- MITRE ATT&CK for ICSattack.mitre.org/matrices/ics/
- cisa.gov · Nccic Icscisa.gov/resources-tools/resources/nccic-ics