Hello r/hacking!

I’m really stumped on this networking issue, so I’m outsourcing help to internet strangers!

I’m doing a pentest, and I need help with tunneling traffic into a subnet using a windows machine that I only (initially) had RDP access to.

I have a box that I’m hosting an SSH server on, the attacking machine linux, and the target machine, windows 10, running RDP.

All incoming traffic to the Windows server is blocked my a firewall with the exception of RDP.

I downloaded [this](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse) OpenSSH for Windows, and started the service. I then ran:

C:\>ssh -i key.pem -R 4545:localhost:22 [[email protected]](mailto:[email protected])

On the kali machine, I can now access the SSH server running on the Windows machine.

I tried to do dynamic port forwarding like this:

ssh -D 4547 -N -f [[email protected]](mailto:[email protected]) -p 4545 -v

To no avail. I can’t route traffic to that subnet using this method when I kick off nmap scans with the –proxy option, and I can’t do local nmap scans or connect to ports running on the windows machine. What am I doing wrong?

and also tried using [https://github.com/sshuttle/sshuttle](https://github.com/sshuttle/sshuttle), but sshuttle encountered errors with Windows 10 servers as hop servers, not sure if its made for Windows.

Any tips? Thank you so much!