search
LinkedInGitHubYouTube

ngrok

Ngrok overview and setting up reverse shells

hashtag
Overview

  • ngrokarrow-up-right is a pretty sweet solution for a secure ingress gateway for your apps, services, and APIs. Check the docsarrow-up-right to see its use cases

  • With it, we can expose local networked services (like a TCP listener, SSH, or web server) to the public internet through a unique ngrok-generated URL

  • There are methods to build authentication or allowlisting around this but they're not part of the free tier

hashtag
Registration

hashtag
Example - Reverse Shell

hashtag
Ngrok and local listener setup

  • On your machine run a command to capture TCP traffic 

ngrok tcp 1337

  • This will provide you with a free forwarding address (you can also set up a custom domain)

ngrok                                                                                                                
                                                                                                                                     
Policy Management Examples http://ngrok.com/apigwexamples                                                                            
                                                                                                                                     
Session Status                online                                                                                                 
Account                       cal (Plan: Free)                                                                                       
Version                       3.18.2                                                                                                 
Region                        United States (California) (us-cal-1)                                                                  
Web Interface                 http://127.0.0.1:4040                                                                                  
Forwarding                    tcp://2.tcp.us-cal-1.ngrok.io:11412 -> localhost:1337                                                  
                                                                                                                                     
Connections                   ttl     opn     rt1     rt5     p50     p90                                                            
                              0       0       0.00    0.00    0.00    0.00

  • You will need a way to catch incoming connections, we can use nc for this like so:

hashtag
Reverse shell setup and execution

  • Tip - If you're running a bash reverse shell, ensure the current shell is bash, or you'll get an error like the one below. Otherwise, you can specifically call on bash using the command above from any shell so long as bash is installed

  • Another option is to use reverse-shell.sharrow-up-right which acts as a reverse shell as a service

  • You can go to this URL directly in your browser and see the script that would execute

  • Once the shell has successfully executed, you should see it in your listener e.g., nc

PreviousjqNextssh

Last updated