How To Pivot Through a Network with Chisel
Вставка
- Опубліковано 19 чер 2024
- jh.live/7a-john40 || 7ASecurity offers training and penetration tests with a free fix verification -- get 40% off training with JOHN40, $1000 off a pentest, or a enter their contest to win a completely FREE pentest! jh.live/7a-freepentest
00:00 - Chisel
00:23 - Setup
01:30 - Recon
05:55 - On static binaries
12:44 - Using chisel
14:35 - Put it in reverse
19:22 - Socks Proxy
20:49 - Proxychains
23:12 - HTTP service
27:40 - Forward Shell
32:54 - Final Thoughts
🔥UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Best pivoting explanation I've come across.
John, you have no idea how much that helps in my OSCP preparation :) Huge thanks for this vid!
I am on the same road. helps big-time! Thanks a lot John!
recently I joined the journey. good luck bois
You are the only UA-cam channel that I actually watch the adds for because they are on topic and actually useful. Please keep up the good work!
Pretty much everything you described is already available natively using SSH chains, including socks support and dynamic port forwarding to access remote ports as if they are local once the connection to the last endpoint has been established.
Using the SSH client config file you can easily create a chain where you start from your local box, reach the jumphost and SSH through one or more hosts transparently and without the need to deploy additional software.
Chisel is basically SSH over HTTP.
Edit: in the scenario depicted in this video, with SSH available on the various hosts, Chisel seems redundant.
yes but if you don't have ssh access or the password on the compromised machine 😅
@@corpse307 in a real world scenario you would compromise a web application and get a shell running as the web user. From there you'd try to escalate privileges to root or at least get access to a local account. Then you'd establish persistent access via SSH keys.
Chisel is more useful in a scenario where you need to evade a firewall since SSH access is blocked.
@@bufordmaddogtannen I agree but I was thinking in a scenario where the compromised machine has no ssh and no internet access to install it
@@corpse307 you still need some form of access.
I get that SSH is powerful and can do a lot of what Chisel does, but it's not always an option. Not every target system has SSH enabled, and some networks even block or monitor SSH traffic. Chisel can be a lifesaver in those scenarios. Even if the only external-facing machine isn't a web app or doesn't have SSH enabled, having alternative tools like Chisel becomes invaluable. A pentester should always have multiple tools and/or commands that can achieve the same outcome. This is essential in case one method is blocked, doesn't work, or lacks viability in a particular situation. SSH, Chisel, and Ligolo are all tools that fulfill this role, each with its own unique advantages. They all have their places in real-world scenarios.
Nice video John ! Love the way how you simplify complex stuff for us to understand.. Thanks a lot ❤
Absolutely fantastic John you just make it sound so easy thanks for the vid buddy🤙🏼
I using Chisel already 2 years but here John explain main functionality in rly easy way. Listen, forward ...
Thank you very much John for this walkthrough. This is a very important part.
Wow, this is fascinating. Your skill set is incredible. 🤩
quality episode! worthwhile takeaways here for any linux up and comers; ping sweeping and static binaries. nice one, john. thank you!
Awesome. Super excited to work this in.
Thank you, thank you, thank you! Amazing video.
That looks like a really useful tool for internal pentesting. Thank you for your awesome videos❤️
Nice video, well explained. Thank you.
Thanks John, this is really helpful and more understandable than adding routes through metasploit ect, keep it up!
Great stuff John .Great tutoriall for OSCP chalange .Thanks
Thanks to your explanations, I understood the concept well, thank you very much
Thanks for this video, I'll watch it for sure.
Hope you'll do another for ligolo. It seems to be simpler, but right now youtube is the only resource for learning about it... Well, if I don't ask too much, you could add a tools comparison at the end of your ligolo tutorial 😜
excellent demo of lateral movement...
definitely will save this for future works. thanks
Thanks for doing a pivoting video!! Gonna use chisel for eCPPT!
This video is incredibly helpful. Thank you for all the help you provide. Also for the work you do with the dinosaurs ❤
Hey Thanks for this video. I was really strugling in the lateral movemet.
Thank you for sharing this superb content!
This awesome 🌟 Thank John H. for my Pentesting path/
was waiting for this😄📈
Great video ! Thanks for the hard work :)
Great video John!!
Thanks John!
Awesome demonstration.
Ok what a super cours thanks very much master 😊 keep teaching us
Thanks for providing me this session i want to use this one in my oscp exam .
Really good explanation !
That was awsome! excelent explanation, thank you!
Very interesting demo, thanks ^^
This was like infinitely better than the Offsec Teachings.... Thank you so much!
Edit: I say like because I don't think Offsec really tried to teach it... so yeah THANK YOU!
Nice John well done bro 👍👍
amazing video john
John is on FIRE
Excellent!
Awesome video. Other great tools for pivoting are sshuttle and ligolo
Thanks john
very helpful, not just chisel but hoaxshell should be quite useful too. thanks!
Nice work 👍
Much information❤
❤CyberForce T-shirt! I was core-RedTeam that year😊
Off topic: your webcam's white circle was so high contrast, I only looked at it for 2 seconds and then the wall and blinked twice and I could see it crystal clear :D
John makes me beast day by day ❤
Awesome 👍👍👍
GOOD TECHNIQ
that music during the sponsor clip was 🔥
Nice
Dude, yesterday i started playing with a HackTheBox machine called PC 2 hours after i saw your video, i am glad i did because i bet i could not solve that box without chisel. Thank you so much, that video saved me time! + a new tool on my utility belt xd ! Thank you so much John. Nice content as always!
Can't help but feel this video was inspired by your recent work with the Scam baiters / Anydesk :).
Great Video John .. On your next pivoting video.. try showcase metasploit pivoting
Great video. John does mostly red team work. Is there a John Hammond equivalent for the Blue Team? Your stuff is fantastic.
Has anyone ever told you that you are like the Bill Nye of Cybersecurity. I definitely got that feel at 15:18 to 15:43. It is pretty entertaining.
John 🎉 I understand all
As always John is disciple preaching the gospel of hacker.
this is such a hassle, why would you not use normal ssh dynamic port forwarding, or ssh reverse port forwarding? genuine question
ssh is not always available
Thanks a lot John but i wanted to ask that can i use psexec to get reverse shell without using the method of paste the url to the rdp session?
Nice and good explanation but I have query what if we double pivoting ? Is we need pivot third network to second and then to first or any good way to do it.
Super video!! I have some questions. I understand that you can load the binaries to the PIVOTING machine due to the fact that this one has open the port 22, but how can you do something similar for a machine that has open another port such as 5000 with an HTTP service? (tcp if I'm not wrong). Many thanks in advance!! :)
As additional info, I see that the victim machine on the LAB has no WGET or CURL option to upload files from Kali machine.
Excellenttttttttttttttttttttttttttttttttt
great
Is there a link for this as a cloud lab or a download for installing it locally?
Network Interface Card... but network identification card sounds cool too.
Love the hair :-)
can chisel be used in reverse where the server is on the box which is dual nic'd and the client is on the attacking machine?
Hair looking glorious today
Hi dude Can you please tell me any best malware analysis course or pls upload more video malware analysis
sorry i didnt get the part about the reverse proxy , why do we need the connection to be reversed , client to server? whats wrong with the server to client connection?
Would WGETing nmap from the pivot box not work?
Is it possible to don't trigger the trap from Canary trap/device?
good job can you do a video on ligolo-ng please
Really good explanation, I read the htb and was lost, but you explain everything really well, can you make a tutorial for ptunnel-ng and dnscat2
Man! Every htb module i do, i have to go somewhere else for explanations to understand the material.
@@swagmuffin9000 exactly! i just hate how slow videos can be sometimes. yesterday I just found out microsoft edge has built in chat gpt and text to voice which i will try on htb to learn better maybe it will help
@@KpFriendly haven't tried that yet, hope it works out for you 👍🏻
TOP 🔝🎩
doesnt openssh do socks5 natively ?
where did you buy that dope ass shirt man, I'd love such an item in my wardrobe.
And this friends, is why you also want host based detection on your Linux machines. Wouldn’t be the first time an organization goes all out on EDR on Windows but neglects other OS’s.
MGM should watch your vids
Hi John! Great video! Just wondering how would this work if the pivotbox was a windows machine?
Same, there's chisel.exe for Windows as well.
use chisel for windows version
and another question u are creating alot of terminals in ONE window !😅 how can i do the same
I feel like you would love "sshuttle" if you liked Chisel. Even easier to understand and you dont need to install anything on the pivot box
Damn, makes tunneling nice and easy.
Please I need a video on how to create computer warm and how it works
At 18:02 I got confused. Chisel on Kali is listening on 8080, so why (on the pivot box) did you set the R:8000 ? I would have thought the R: should point to 8080 on Kali cuz that's what chisel is running on (is it because 8080 is what is 'serving' chisel and not the 'listening' port?) Hoping anybody can help me understand. Thanks.
He is not bringing up chisel in the local browser. He wants port 80 from the remote browser brought local. That's the 80 reversed to 8000. So he uses 8000 in the local browser to get the remote 80. Hope that makes sense.
Wouldn't Croc work as well?
❤❤❤❤❤❤
❤❤
The greatest good you can do for another is not just to share your riches but to reveal to him his own.
My chisel client fails to connect with the server. Not sure if it is a VPN issue. Anyone had this issue?
What is the 'drawing board' app, you used in this video?
Paint?
23:50 But you can not use foxy proxy, with chisel proxy on, and burp proxy at the same time
Search "chisel burp" on google and you'll get it
How you can navigate if you dont own those machines that is illogical for me
He waited for the stop sign to turn to a go sign.
By the way, the links in the description aren't actual URLs
Good catch -- fixed, thank you!
Why don't we download nmap on the pivot machine instead of dropping it any one care to explain pls
It probably doesn’t have internet access since it’s a lab machine
bro wwhere the chapters at?!
edit: the timestamps are in the desc but still. There used to be chapters for this vid...
for chisel my nizzl