From 5126da55a50974d99916fc3efe871e65a70a4ca0 Mon Sep 17 00:00:00 2001 From: CPol Date: Mon, 2 Dec 2024 02:35:38 +0000 Subject: [PATCH] GITBOOK-4435: No subject --- SUMMARY.md | 65 +++++----- .../expose-local-to-the-internet.md | 114 ++++++++++++++++++ 2 files changed, 147 insertions(+), 32 deletions(-) create mode 100644 generic-methodologies-and-resources/reverse-shells/expose-local-to-the-internet.md diff --git a/SUMMARY.md b/SUMMARY.md index 0103b2fa990..7c6a57f4cd5 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -62,7 +62,7 @@ * [Brute Force - CheatSheet](generic-methodologies-and-resources/brute-force.md) * [Python Sandbox Escape & Pyscript](generic-methodologies-and-resources/python/README.md) * [Bypass Python sandboxes](generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md) - * [LOAD\_NAME / LOAD\_CONST opcode OOB Read](generic-methodologies-and-resources/python/bypass-python-sandboxes/load\_name-load\_const-opcode-oob-read.md) + * [LOAD\_NAME / LOAD\_CONST opcode OOB Read](generic-methodologies-and-resources/python/bypass-python-sandboxes/load_name-load_const-opcode-oob-read.md) * [Class Pollution (Python's Prototype Pollution)](generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md) * [Python Internal Read Gadgets](generic-methodologies-and-resources/python/python-internal-read-gadgets.md) * [Pyscript](generic-methodologies-and-resources/python/pyscript.md) @@ -78,6 +78,7 @@ * [MSFVenom - CheatSheet](generic-methodologies-and-resources/reverse-shells/msfvenom.md) * [Reverse Shells - Windows](generic-methodologies-and-resources/reverse-shells/windows.md) * [Reverse Shells - Linux](generic-methodologies-and-resources/reverse-shells/linux.md) + * [Expose local to the internet](generic-methodologies-and-resources/reverse-shells/expose-local-to-the-internet.md) * [Full TTYs](generic-methodologies-and-resources/reverse-shells/full-ttys.md) ## 🐧 Linux Hardening @@ -95,8 +96,8 @@ * [CGroups](linux-hardening/privilege-escalation/docker-security/cgroups.md) * [Docker --privileged](linux-hardening/privilege-escalation/docker-security/docker-privileged.md) * [Docker Breakout / Privilege Escalation](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md) - * [release\_agent exploit - Relative Paths to PIDs](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release\_agent-exploit-relative-paths-to-pids.md) - * [Docker release\_agent cgroups escape](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release\_agent-cgroups-escape.md) + * [release\_agent exploit - Relative Paths to PIDs](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release_agent-exploit-relative-paths-to-pids.md) + * [Docker release\_agent cgroups escape](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md) * [Sensitive Mounts](linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md) * [Namespaces](linux-hardening/privilege-escalation/docker-security/namespaces/README.md) * [CGroup Namespace](linux-hardening/privilege-escalation/docker-security/namespaces/cgroup-namespace.md) @@ -117,7 +118,7 @@ * [ld.so privesc exploit example](linux-hardening/privilege-escalation/ld.so.conf-example.md) * [Linux Active Directory](linux-hardening/privilege-escalation/linux-active-directory.md) * [Linux Capabilities](linux-hardening/privilege-escalation/linux-capabilities.md) - * [NFS no\_root\_squash/no\_all\_squash misconfiguration PE](linux-hardening/privilege-escalation/nfs-no\_root\_squash-misconfiguration-pe.md) + * [NFS no\_root\_squash/no\_all\_squash misconfiguration PE](linux-hardening/privilege-escalation/nfs-no_root_squash-misconfiguration-pe.md) * [Node inspector/CEF debug abuse](linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md) * [Payloads to execute](linux-hardening/privilege-escalation/payloads-to-execute.md) * [RunC Privilege Escalation](linux-hardening/privilege-escalation/runc-privilege-escalation.md) @@ -172,11 +173,11 @@ * [macOS XPC Authorization](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md) * [macOS XPC Connecting Process Check](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md) * [macOS PID Reuse](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md) - * [macOS xpc\_connection\_get\_audit\_token Attack](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc\_connection\_get\_audit\_token-attack.md) + * [macOS xpc\_connection\_get\_audit\_token Attack](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md) * [macOS Thread Injection via Task port](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-thread-injection-via-task-port.md) * [macOS Java Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md) * [macOS Library Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md) - * [macOS Dyld Hijacking & DYLD\_INSERT\_LIBRARIES](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld\_insert\_libraries.md) + * [macOS Dyld Hijacking & DYLD\_INSERT\_LIBRARIES](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md) * [macOS Dyld Process](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md) * [macOS Perl Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md) * [macOS Python Applications Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-python-applications-injection.md) @@ -348,7 +349,7 @@ ## 👽 Network Services Pentesting * [Pentesting JDWP - Java Debug Wire Protocol](network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md) -* [Pentesting Printers](http://hacking-printers.net/wiki/index.php/Main\_Page) +* [Pentesting Printers](http://hacking-printers.net/wiki/index.php/Main_Page) * [Pentesting SAP](network-services-pentesting/pentesting-sap.md) * [Pentesting VoIP](network-services-pentesting/pentesting-voip/README.md) * [Basic VoIP Protocols](network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md) @@ -404,23 +405,23 @@ * [Nginx](network-services-pentesting/pentesting-web/nginx.md) * [NextJS](network-services-pentesting/pentesting-web/nextjs.md) * [PHP Tricks](network-services-pentesting/pentesting-web/php-tricks-esp/README.md) - * [PHP - Useful Functions & disable\_functions/open\_basedir bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/README.md) - * [disable\_functions bypass - php-fpm/FastCGI](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-fpm-fastcgi.md) - * [disable\_functions bypass - dl function](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-dl-function.md) - * [disable\_functions bypass - PHP 7.0-7.4 (\*nix only)](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-7.0-7.4-nix-only.md) - * [disable\_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md) - * [disable\_functions - PHP 5.x Shellshock Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-php-5.x-shellshock-exploit.md) - * [disable\_functions - PHP 5.2.4 ionCube extension Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-php-5.2.4-ioncube-extension-exploit.md) - * [disable\_functions bypass - PHP <= 5.2.9 on windows](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-less-than-5.2.9-on-windows.md) - * [disable\_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md) - * [disable\_functions bypass - PHP safe\_mode bypass via proc\_open() and custom environment Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-safe\_mode-bypass-via-proc\_open-and-custom-environment-exploit.md) - * [disable\_functions bypass - PHP Perl Extension Safe\_mode Bypass Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-perl-extension-safe\_mode-bypass-exploit.md) - * [disable\_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md) - * [disable\_functions bypass - PHP 5.2 - FOpen Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2-fopen-exploit.md) - * [disable\_functions bypass - via mem](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-via-mem.md) - * [disable\_functions bypass - mod\_cgi](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-mod\_cgi.md) - * [disable\_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl\_exec](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl\_exec.md) - * [PHP - RCE abusing object creation: new $\_GET\["a"\]($\_GET\["b"\])](network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd\_get-a-usd\_get-b.md) + * [PHP - Useful Functions & disable\_functions/open\_basedir bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md) + * [disable\_functions bypass - php-fpm/FastCGI](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md) + * [disable\_functions bypass - dl function](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md) + * [disable\_functions bypass - PHP 7.0-7.4 (\*nix only)](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md) + * [disable\_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md) + * [disable\_functions - PHP 5.x Shellshock Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md) + * [disable\_functions - PHP 5.2.4 ionCube extension Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md) + * [disable\_functions bypass - PHP <= 5.2.9 on windows](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md) + * [disable\_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md) + * [disable\_functions bypass - PHP safe\_mode bypass via proc\_open() and custom environment Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md) + * [disable\_functions bypass - PHP Perl Extension Safe\_mode Bypass Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md) + * [disable\_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md) + * [disable\_functions bypass - PHP 5.2 - FOpen Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md) + * [disable\_functions bypass - via mem](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md) + * [disable\_functions bypass - mod\_cgi](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md) + * [disable\_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl\_exec](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md) + * [PHP - RCE abusing object creation: new $\_GET\["a"\]($\_GET\["b"\])](network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md) * [PHP SSRF](network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md) * [PrestaShop](network-services-pentesting/pentesting-web/prestashop.md) * [Python](network-services-pentesting/pentesting-web/python.md) @@ -532,7 +533,7 @@ * [Account Takeover](pentesting-web/account-takeover.md) * [Browser Extension Pentesting Methodology](pentesting-web/browser-extension-pentesting-methodology/README.md) * [BrowExt - ClickJacking](pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md) - * [BrowExt - permissions & host\_permissions](pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host\_permissions.md) + * [BrowExt - permissions & host\_permissions](pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md) * [BrowExt - XSS Example](pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md) * [Bypass Payment Process](pentesting-web/bypass-payment-process.md) * [Captcha Bypass](pentesting-web/captcha-bypass.md) @@ -566,8 +567,8 @@ * [PHP - Deserialization + Autoload Classes](pentesting-web/deserialization/php-deserialization-+-autoload-classes.md) * [CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep](pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md) * [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)](pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md) - * [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-knowing-the-secret.md) - * [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-parameter.md) + * [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md) + * [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-__viewstate-parameter.md) * [Python Yaml Deserialization](pentesting-web/deserialization/python-yaml-deserialization.md) * [JNDI - Java Naming and Directory Interface & Log4Shell](pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md) * [Ruby Class Pollution](pentesting-web/deserialization/ruby-class-pollution.md) @@ -577,12 +578,12 @@ * [phar:// deserialization](pentesting-web/file-inclusion/phar-deserialization.md) * [LFI2RCE via PHP Filters](pentesting-web/file-inclusion/lfi2rce-via-php-filters.md) * [LFI2RCE via Nginx temp files](pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md) - * [LFI2RCE via PHP\_SESSION\_UPLOAD\_PROGRESS](pentesting-web/file-inclusion/via-php\_session\_upload\_progress.md) + * [LFI2RCE via PHP\_SESSION\_UPLOAD\_PROGRESS](pentesting-web/file-inclusion/via-php_session_upload_progress.md) * [LFI2RCE via Segmentation Fault](pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md) * [LFI2RCE via phpinfo()](pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md) * [LFI2RCE Via temp file uploads](pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md) * [LFI2RCE via Eternal waiting](pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md) - * [LFI2RCE Via compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Path Disclosure](pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md) + * [LFI2RCE Via compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Path Disclosure](pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php_stream_prefer_studio-+-path-disclosure.md) * [File Upload](pentesting-web/file-upload/README.md) * [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md) * [Formula/CSV/Doc/LaTeX/GhostScript Injection](pentesting-web/formula-csv-doc-latex-ghostscript-injection.md) @@ -629,7 +630,7 @@ * [Oracle injection](pentesting-web/sql-injection/oracle-injection.md) * [Cypher Injection (neo4j)](pentesting-web/sql-injection/cypher-injection-neo4j.md) * [PostgreSQL injection](pentesting-web/sql-injection/postgresql-injection/README.md) - * [dblink/lo\_import data exfiltration](pentesting-web/sql-injection/postgresql-injection/dblink-lo\_import-data-exfiltration.md) + * [dblink/lo\_import data exfiltration](pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md) * [PL/pgSQL Password Bruteforce](pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md) * [Network - Privesc, Port Scanner and NTLM chanllenge response disclosure](pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md) * [Big Binary Files Upload (PostgreSQL)](pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md) @@ -774,9 +775,9 @@ * [Print Stack Canary](binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md) * [Write What Where 2 Exec](binary-exploitation/arbitrary-write-2-exec/README.md) * [WWW2Exec - atexit()](binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md) - * [WWW2Exec - .dtors & .fini\_array](binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini\_array.md) + * [WWW2Exec - .dtors & .fini\_array](binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md) * [WWW2Exec - GOT/PLT](binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md) - * [WWW2Exec - \_\_malloc\_hook & \_\_free\_hook](binary-exploitation/arbitrary-write-2-exec/aw2exec-\_\_malloc\_hook.md) + * [WWW2Exec - \_\_malloc\_hook & \_\_free\_hook](binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md) * [Common Exploiting Problems](binary-exploitation/common-exploiting-problems.md) * [Windows Exploiting (Basic Guide - OSCP lvl)](binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md) * [iOS Exploiting](binary-exploitation/ios-exploiting.md) diff --git a/generic-methodologies-and-resources/reverse-shells/expose-local-to-the-internet.md b/generic-methodologies-and-resources/reverse-shells/expose-local-to-the-internet.md new file mode 100644 index 00000000000..1d1904ab248 --- /dev/null +++ b/generic-methodologies-and-resources/reverse-shells/expose-local-to-the-internet.md @@ -0,0 +1,114 @@ +# Expose local to the internet + +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) + +
+ +Support HackTricks + +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.** +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. + +
+{% endhint %} + +**The goal of this page is to propose alternatives that allow AT LEAST to expose local raw TCP ports and local webs (HTTP) to the internet WITHOUT needing to install anything in the other server (only in local if needed).** + +## **Serveo** + +From [https://serveo.net/](https://serveo.net/), it allows several http and port forwarding features **for free**. + +```bash +# Get a random port from serveo.net to expose a local port +ssh -R 0:localhost:4444 serveo.net + +# Expose a web listening in localhost:300 in a random https URL +ssh -R 80:localhost:3000 serveo.net +``` + +## SocketXP + +From [https://www.socketxp.com/download](https://www.socketxp.com/download), it allows to expose tcp and http: + +```bash +# Expose tcp port 22 +socketxp connect tcp://localhost:22 + +# Expose http port 8080 +socketxp connect http://localhost:8080 +``` + +## Ngrok + +From [https://ngrok.com/](https://ngrok.com/), it allows to expose http and tcp ports: + +```bash +# Expose web in 3000 +ngrok http 8000 + +# Expose port in 9000 (it requires a credit card, but you won't be charged) +ngrok tcp 9000 +``` + +## Telebit + +From [https://telebit.cloud/](https://telebit.cloud/) it allows to expose http and tcp ports: + +```bash +# Expose web in 3000 +/Users/username/Applications/telebit/bin/telebit http 3000 + +# Expose port in 9000 +/Users/username/Applications/telebit/bin/telebit tcp 9000 +``` + +## LocalXpose + +From [https://localxpose.io/](https://localxpose.io/), it allows several http and port forwarding features **for free**. + +```bash +# Expose web in port 8989 +loclx tunnel http -t 8989 + +# Expose tcp port in 4545 (requires pro) +loclx tunnel tcp --port 4545 +``` + +## Expose + +From [https://expose.dev/](https://expose.dev/) it allows to expose http and tcp ports: + +```bash +# Expose web in 3000 +./expose share http://localhost:3000 + +# Expose tcp port in port 4444 (REQUIRES PREMIUM) +./expose share-port 4444 +``` + +## Localtunnel + +From [https://github.com/localtunnel/localtunnel](https://github.com/localtunnel/localtunnel) it allows to expose http for free: + +```bash +# Expose web in port 8000 +npx localtunnel --port 8000 +``` + +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) + +
+ +Support HackTricks + +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.** +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. + +
+{% endhint %}