Last updated
Last updated
is a pretty sweet solution for a secure ingress gateway for your apps, services, and APIs. Check to see its use cases
With it, we can expose local networked services (like a TCP listener, SSH, or web server) to the public internet through a unique ngrok-generated URL
There are methods to build authentication or allowlisting around this but they're not part of the free tier
After signing up for a free ngrok account, follow the to get ngrok set up on your machine
On your machine run a command to capture TCP traffic
This will provide you with a free forwarding address (you can also set up a custom domain)
You will need a way to catch incoming connections, we can use nc for this like so:
On a different machine, execute a reverse shell and the traffic should be sent to your machine
Tip - If you're running a bash reverse shell, ensure the current shell is bash, or you'll get an error like the one below. Otherwise, you can specifically call on bash using the command above from any shell so long as bash is installed
You can go to this URL directly in your browser and see the script that would execute
Once the shell has successfully executed, you should see it in your listener e.g., nc
Check out and for additional reverse shell options
Another option is to use which acts as a reverse shell as a service
Ngrok overview and setting up reverse shells