How to Tunelling without Metasploit?

Hi all. I wonder how to do tunelling when I have shell from compromised Windows machine. My target is Windows 10, attacker is Kali. Machines in different networks. Metasploit is useless with Windows 10 because blocked by any AV. I use Invoke-PowerShellTcp.ps1 to connect to netcat on Kali. Is it possible to use Kali tools against target machine in Metasploit with socks4 and proxychains?

Are you trying to exploit a service running only on the localhost of that windows target?

ssh -L or -R and also ncat

Here’s a couple writeups:

For ssh redirections, you can use plink, located in /usr/share/windows-binaries on kali.
Firewall can be bypass by installing the SSH server on your machine and make remote redirection.

Type your comment> @albertojoser said:

Are you trying to exploit a service running only on the localhost of that windows target?

At least. Ideally have access to the whole network

@peek said:
ssh -L or -R and also ncat

The problem here that Windows doesn’t have ssh client built-in

@0xdf said:
Here’s a couple writeups:
Redirecting…
PWK Notes: Tunneling and Pivoting [Updated] | 0xdf hacks stuff

Thanks! I have to try it. Good notes and resource

Type your comment> @neuronaddict said:

For ssh redirections, you can use plink, located in /usr/share/windows-binaries on kali.
Firewall can be bypass by installing the SSH server on your machine and make remote redirection.

Thanks. See that method in “Reverse SSH” section of 0xdf article. Will try it

I would send plink.exe from your kali machine to your victim. Start ssh server on your kali. Then tunnel the service that way.

Follow this link: