Socks5 over RDP Virtual Channels
- server: Windows software that connects and opens a VC (virtual channel) via the WTS Windows API.
- client: Linux client that connects to the VC via XFreeRDP.
- Connect to the remote server via RDP using XFreeRDP or Remmina:
xfreerdp /v:{IP} /u:'{USER}' /p:'{PASS}' /rdp2tcp:$(pwd)/clientFor remmina, go to the advanced configuration tab and look for TCP redirection.
- Start server software on the Windows target.
.\server.exeAlternatively, run the PowerShell server implementation:
powershell.exe -ExecutionPolicy Bypass -File .\server\server.ps1The PowerShell server supports the same rdp2tcp virtual channel handshake, yamux session handling, and SOCKS streams. It proxies SFTP streams to Windows OpenSSH sftp-server.exe, which the current Go client opens during startup; pass -SftpServerPath C:\path\to\sftp-server.exe if it is installed outside the default OpenSSH location. Reverse forwarding and Go-gob encoded local forwarding are not implemented in server.ps1.
- Use the fwctrl from forwardlib repository to operate the client.
pipx install git+https://github.com/Veids/forwardlib
fwdctrl -h