User Tools
Alot of people are confused about port forwarding and why it would be necessary, below is a bit of an explanation.
ok so to explain port forwarding you really need to know how your computer connects to the internet.
so there are 2 types of IP addresses that we care about for this subject, private and public. if you run ipconfig, or ifconfig in your command line you'll see your computers private address, it'll look similiar to every other address on the same network as you, typically on a home network, the first three numbers will be the same across all devices connected to your router, 192.168.1.1, 192.168.1.40 ect ect. These are private addresses, and they only matter for LANs, or a network for a single location. You'll also see the default gateway address, this is the local address of you router.
if you google “what's my ip” it'll tell you your public IP, this is an IP address that every device on your network shares, it's the IP address that's seen by the websites and internet services you use, and where all traffic from the internet is sent to get to you. But if every device on your network looks like its coming from this IP, how does the traffic know which device to go to? This is where a thing called NAT comes in, NAT stands for Network Address Translation, see what happens is when you connect to a website on port 443, the traffic you send is sent out on a different port, which doesn't really matter. So what your router does is it chooses a random high number port to send your device's traffic out of, but only that device's traffic so when the server replies to it using the same port your router know which device it should be sent to. But what if the traffic didn't originate from inside your network? what if instead of connecting out and waiting for a reply you want something to connect back to you first, like in a reverse shell situation?
That's where port forwarding comes in. Port forwarding is something you set up on your router that tells it, “Hey any connections originating from the internet coming back to use on this specific port, go a head and send it to this device” so any traffic looking to connect to the port you specify will be forwarded to a specific device on your network. For example if I wanted a reverse shell that connects back to me from the internet I would need to tell my shellcode to send the traffic back to my public ip, and then I'd have to tell my router that any traffic connecting to that port should be sent to my attacking pc.
Or you can avoid this entirely by using a VPS that's already in the cloud and has a public interface, or using NGROK to do some tunnel-y fun stuff, but I'll leave that for you to google and perhaps me to write about another time.