HackTheCore
ResearchInternal OperationsPivoting & Portforwarding

Network // Internal Operations

Pivoting & Portforwarding

Pivoting & Portforwarding is presented here as a field note for offensive security work. The emphasis is on attack surface, validation logic, common failure patterns, operator choices and the public references worth keeping nearby during a live assessment.

field noteassessment referencepublic sources

Why it matters in practice

Pivoting & Portforwarding matters because it shapes how an operator scopes the work, chooses validation steps, prioritizes evidence and explains risk. The point is not to accumulate trivia; it is to understand which control boundary is in play and how that boundary can fail under realistic pressure.

This note keeps pivoting & portforwarding tied to offensive workflow: what to observe, what to prove, what usually goes wrong, and which references remain useful once an assessment moves from planning into active validation.

Primary coverage

The items below mark the main workflows, concepts, tools and validation themes that repeatedly matter when working through pivoting & portforwarding.

  • Pivoting
  • Pivoting via SSH and socks proxy
  • Building an SSH tunnel
  • Adjusting proxychains in kali
  • Sending commands through proxychains
  • Pivoting via metasploits meterpreter
  • Listing active meterpreter sessions
  • Pivoting via meterpreter
  • Pivoting via netcat
  • Ncat http proxy

Selected public references

ssh -D localhost:9000 -f -N daniel@10.1.2.3
socks5 127.0.0.1 9000
proxychains nmap -sV 10.2.3.4
msf6 auxiliary(scanner/ftp/anonymous) >  route add 10.1.2.0/24 1
[*] Route added
msf6 auxiliary(scanner/ftp/anonymous) > use auxiliary/server/socks4a
msf6 auxiliary(server/socks4a) > set SRVPORT 9050
SRVPORT => 9050
msf6 auxiliary(server/socks4a) > run -j
[*] Auxiliary module running as background job 2.

[*] Starting the socks4a proxy server
msf6 auxiliary(server/socks4a) >
ncat -vv --listen 1337 --proxy-type http
socat tcp-l:5050,fork,reuseaddr tcp:127.0.0.1:1337

# Port 5050 = Listenport
# Port 1337 = Port that receives the forwarded traffic.
./redir :1234 10.1.2.3:5678
beacon> socks 3333

Selected public references