Get a reverse shell with ngrok and netcat - Gemini Pentest v2 Ep5
HTML-код
- Опубликовано: 22 авг 2024
- #pentesting #ctf #hacking #metasploit #kalilinux #ssrf
Part 1: • H.A.C.K.E.R ALWAYS fin...
Part 2: • How to Hunt for Bugs -...
Part 3: • Trust your Gut Instinc...
Part 4: • Will RCE in cookie giv...
Part 5: • Get a reverse shell wi...
Part 6: • Redis privilege escala...
Part 7: • Redis privilege escala...
Hey what’s up? In this video series, I will h4ck the Gemini Pentest v2 CTF challenge. This episode will be dedicated to performing port scanning with nmap, then performing a directory bruteforce to find a registration feature. then creating a new user account that has to be activated. Then, I will bypass the activation feature, login, and explore the application features to hunt for bugs. We will then follow our gut instinct to turn a potential vulnerability into a promising lead. Then we will try to access the server using SSH by uploading our public key to the authorized_keys file. Since we can't achieve that, we will get a revere shell using ngrok and netcat.
🚀 🔥 Become a pentester
academy.thehac...
📙 Learn the technical skills:
thehackerish.c...
📙 Become a successful bug bounty hunter: thehackerish.c...
🆓 Download your FREE Web hacking LAB and starting hacking NOW: thehackerish.c...
🌐 Read more on the blog: thehackerish.com
💪🏻 Support this work: thehackerish.c...
- Facebook Page: / thehackerish
- Follow us on Twitter: / thehackerish
- Listen on Anchor: anchor.fm/theh...
- Listen on Spotify: open.spotify.c...
- Listen on Google Podcasts: podcasts.googl...
you use powershell(windows) and Linux terminal ist not block by firewall? Thankyou for video looking for this so long..
I am using WSL in windows, so I have no issues.
Hello appreciate the video. How/What are you using for encoding ?
Burp has a shortcut ctrl+u to encode as url, and ctrl+shift+u to decode
For some unknown reason ngrok doesn’t work on my pc.
But when I start VPN the. Run ngrok, it gives me a "ngrok"-link to work with.
hmmm...what OS? version of ngrok? how did you install it? Better use the version from the official website. The one that came with my ubuntu did not work
@@thehackerish
Well, I tried many versions (recent) on kali 2022.1 but same sh!t.
On wifi, it needs vpn.
But then I used my Android hotspot and it was perfectly fine.
is posible to use burp colab as alternative ngrok?
I am not sure that's possible. My understanding is that collaborator is more for callbacks
@@thehackerish Is it nessesary to define a listener while using ngrok in case you're exploiting some vulnerability (instead of posting your payload on a webserver or sending it somewhere)?