Chisel Port Forward

    From the description:  "Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server."

    What I like about this tool is that it's a single binary that supports both client and server while also being multi-platform.  What I don't like is that it seems to be very particular about the syntax ordering.  That being said, this is a tool in my toolbox for that very special need.  For example, we know there's a web server at the following address but when we perform an Nmap scan, we don't see it:

    On the server itself, when we browse to our local port 443, we find the following:

    This isn't too much different than using SSH to port forward but again, this a single binary we can move to our target.  We bring up the client and we point it to our attacking machine:

    We then setup a forward from our victim's local 443 to our attacking machine's port 443.

    On our server side, we're listening on port 9999 and we're going to setup a reverse port forward:

    When the connection is established, we browse from our attacking machine and we're connected to the web server on the victim machine:

    We can also add authentication into the mix with an auth flag and a username:password --

    On the server side, we setup the connection with the username:password --

    One final point worth noting -- we can setup the client prior to setting up the server.  The client will exponentially attempt to connect:

    When we get around to setting up our server, we get a successful connection:

    There's much more to it than that but for a basic port forward, it works quite well.

    © 2020