HackTool.Win64.Chisel.A

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.

It does not have any propagation routine.

It does not have any backdoor routine.

It does not have any information-stealing capability.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

Propagation

This Hacking Tool does not have any propagation routine.

Backdoor Routine

This Hacking Tool does not have any backdoor routine.

Information Theft

This Hacking Tool does not have any information-stealing capability.

Other Details

This Hacking Tool does the following:

• It accepts input in the following format:
  • For "server": chisel server {optional parameters}
  • For "client: chisel client {optional parameters} {server} {remote addresses}
• Accepts the following optional parameters if "server" is the command:
  • --host, Defines the HTTP listening host - the network interface (defaults the environment variable HOST and falls back to 0.0.0.0).
  • --port, -p, Defines the HTTP listening port (defaults to the environmentvariable PORT and fallsback to port 8080).
  • --key, An optional string to seed the generation of a ECDSA public and private key pair. All communications will be secured using this key pair. Share the subsequent fingerprint with clients to enable detection of man-in-the-middle attacks (defaults to the CHISEL_KEY environment variable, otherwise a new key is generate each run).
  • --authfile, An optional path to a users.json file.
  • --auth, An optional string representing a single user with full access, in the form of {user:pass}.
  • --proxy, Specifies another HTTP server to proxy requests to when chisel receives a normal HTTP request. Useful for hiding chisel in plain sight.
  • --socks5, Allow clients to access the internal SOCKS5 proxy. See chisel client --help for more information.
  • --reverse, Allow clients to specify reverse port forwarding remotes in addition to normal remotes.
  • --pid, Generate pid file in current working directory
  • -v, Enable verbose logging
  • --help, Display help text for the command
• Accepts the following optional parameters if "client" is the command:
  • {server} is the URL to the chisel server.
  • {remote}s are remote connections tunneled through the server
  • --fingerprint, A *strongly recommended* fingerprint string to perform host-key validation against the server's public key. You may provide just a prefix of the key or the entire string. Fingerprint mismatches will close the connection.
  • --auth, An optional username and password (client authentication) in the form: "{user:pass}". These credentials are compared to the credentials inside the server's --authfile. defaults to the AUTH environment variable.
  • --keepalive, An optional keepalive interval. Since the underlying transport is HTTP, in many instances we'll be traversing through proxies, often these proxies will close idle connections. You must specify a time with a unit, for example '30s' or '2m'. Defaults to '0s' (disabled).
  • --max-retry-count, Maximum number of times to retry before exiting. Defaults to unlimited.
  • --max-retry-interval, Maximum wait time before retrying after a disconnection. Defaults to 5 minutes.
  • --proxy, An optional HTTP CONNECT proxy which will be used reach the chisel server. Authentication can be specified inside the URL.
  • --hostname, Optionally set the 'Host' header (defaults to the host found in the server url).
  • --pid, Generate pid file in current working directory
  • -v, Enable verbose logging
  • --help, Display help text for the command

NOTES:

It accepts the following parameters:

• server - runs chisel in server mode
• client - runs chisel in client mode

It does not exploit any vulnerability.