Pablo Guides

# Chisel Common Binaries: A Practical Guide for Pentesters

## Installation and Configuration on Kali Linux

### Introduction to Chisel

Chisel is an exciting tool that allows for tunneling through NATs and firewalls. It can be especially useful for penetration testers who need to establish reverse or bind TCP tunnels over HTTP/HTTPS. Chisel is lightweight and written in Go, making it easy to compile and deploy in various environments, including Kali Linux.

### Installing Chisel on Kali Linux

To get started with Chisel, you need to install it on your Kali Linux system. Follow the steps below:

1. **Open the Terminal**: You can do this by either searching for 'Terminal' in the applications menu or using the shortcut `Ctrl + Alt + T`.

2. **Install Go**: Chisel is written in Go, so it's essential to install Go if it’s not already installed on your system. You can install Go by running:

    sudo apt update

    sudo apt install golang

  

3. **Download Chisel**: You can download the latest version of Chisel from its GitHub repository. Use the following command:

    git clone https://github.com/jpillora/chisel.git

  

4. **Build Chisel**: Navigate to the Chisel directory and build the binary:

    cd chisel

    go build

  

5. **Move the Binary**: Once built, move the `chisel` binary into a directory that is included in your system’s PATH for easy access:

    sudo mv chisel /usr/local/bin/

  

6. **Verify Installation**: Ensure that Chisel is correctly installed by checking its version:

    chisel version

  

### Configuration

Chisel utilizes a client-server architecture. In typical usage scenarios, you will run a Chisel server on an external system that you are testing and use the client from your local machine.

**Server Configuration**: To run a Chisel server, you can execute the following command on the target machine:

"`bash
chisel server -p 8080 –reverse
"`

This command sets up the Chisel server to listen on port 8080 and accept reverse connections.

**Client Configuration**: On your local machine, you would initiate the client as follows:

"`bash
chisel client :8080
"`

### Step-By-Step Usage and Real-World Use Cases

#### Use Case 1: Bypassing Firewall Restrictions

In many penetration testing scenarios, you may encounter firewalls that block specific protocols or ports. Chisel can help bypass these restrictions.

**Scenario**: You are attempting to access a web application hosted on a server behind a restrictive firewall. By using Chisel, you can create a tunnel that allows you to access the web application securely.

1. **Start the Chisel Server**: On the target (internal) server:

    chisel server -p 8080 –reverse

  

2. **Establish a Reverse Tunnel**: From your local Kali machine:

    chisel client :8080 R:8888:http://localhost:80

  

This command forwards requests sent to the local port 8888 to the server's port 80.

3. **Access the Web Application**: Open your web browser and navigate to `http://localhost:8888`, where you should see the web application even if it was behind a restrictive firewall.

#### Use Case 2: Securely Transferring Files

Chisel can also facilitate secure file transfer between your local machine and a compromised system.

1. **Set Up the Chisel Server**: On the target machine:

    chisel server -p 8080 –reverse

  

2. **Set up a Reverse Tunnel for File Transfer**: On your local machine:

    chisel client :8080 R:9999:localhost:9999

  

3. **Transfer Files**: You can then use tools like `scp` or `rsync` through the secure tunnel. For example:

    scp -P 9999 /path/to/local/file user@localhost:/path/to/destination/

  

### Detailed Technical Explanations

#### How Tunneling Works

Tunneling, in the context of Chisel, refers to encapsulating one type of traffic inside another. Chisel achieves this through an HTTP or HTTPS connection, allowing other protocols to be tunneled across it.

– **Reverse Tunneling**: This involves creating a tunnel where the remote server establishes a connection to the local machine, enabling access to services running on the local network.

– **Bind Tunneling**: This allows you to expose services from the local machine to the remote server, enabling services on your local machine to be accessed remotely.

#### Technical Advantages of Chisel

– **Lightweight**: Chisel is compact in size and easy to deploy without significant overhead.

– **Fast**: Built on top of Go, Chisel offers efficient performance compared to other tunneling tools.

– **Versatile**: Chisel can work over any TCP connection, making it adaptable for various situations, from bypassing firewalls to accessing internal services securely.

### External Reference Links

– [Chisel GitHub Repository](https://github.com/jpillora/chisel)
– [Go Programming Language](https://golang.org/)
– [Understanding TCP/IP](https://www.cloudflare.com/learning/protocols/what-is-tcp/)
– [Introduction to Firewalls](https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html)

### Code Examples in Markdown

#### Example of Running Chisel Server

"`bash
chisel server -p 8080 –reverse
"`

#### Example of Running Chisel Client

"`bash
chisel client :8080
"`

#### Example of Creating a Reverse Tunnel

"`bash
chisel client :8080 R:8888:http://localhost:80
"`

#### Example of File Transfer via Reverse Tunnel

"`bash
scp -P 9999 /path/to/local/file user@localhost:/path/to/destination/
"`

—

By following the steps outlined in this guide and understanding the mechanics behind Chisel, you can effectively utilize it in your penetration testing toolkit. Remember to always test ethically and ensure permission is obtained before engaging in any penetration testing activities.

Made by pablo rotem / פבלו רותם