Description
Goal
To route traffic from a remote network (172.10.10.x) to my local Linux box.
The windows 10 mahcine has a vpn established that gains access to the 172 network.
Constraints
I can only access the Jump Server via rdp on port 3389
I only have user level access to the jump server.
Setup
Debian Linux ( Full Access) -> 192.168.1.122
Windows 10 (Full Access) -> 192.168.1.94 -> Jump Server 172.10.10.1 (user only access, no local admin) -> 172.10.10.x Network
Connecting using SOCKS5
Linux Box
./chisel_1.7.7_linux_amd64 server -p 8080 --reverse
./chisel_1.7.7_linux_amd64 client 127.0.0.1:8081 socks
(proxychains.conf) socks5 127.0.0.1 1080
Win10
chisel.exe client 192.168.1.122:8080 R:8081:127.0.0.1:9001
chisel.exe server -p 9001 --socks5
So currently If i test if i can see port 3389 open from the Linux box to the windows 10 machine this works, if i use a full TCP and no ping scan - which is a great start.
proxychains4 nmap 172.10.10.1 -sT -p 3389 -Pn
[proxychains] Strict chain ... 127.0.0.1:1080 ... 172.10.10.1:3389 ... OK
Host is up (0.017s latency).
PORT STATE SERVICE
3389/tcp open ms-wbt-server?
So my question is, can chisel let me see the network behind the Jump Server and if so what would i need to run on the jump server to chain or link the connection back?
Presumably i can do this over tcp as i have port 3389 open?
Im new so a spoon fed command would be appreciated if possible :-)