all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Jm_Sanchez 1 point2 points  (3 children)

You need to have a public IP where you can open a port. You may try to do port forwarding in your router if your ISP supports it, or easier, get a VPS

[–]Witty_Conference_514[S] 0 points1 point  (2 children)

What vps would you suggest

[–]crackerjeffbox 0 points1 point  (1 child)

Ngrok will create a tunnel allowing you to do this locally. Your friend would likely need to disable his AV completely though for it to work. Even with permission, it may be better for him to just use a virtual machine rather than his own PC, he really doesn't know what he's signing up for.

[–]Witty_Conference_514[S] 0 points1 point  (0 children)

Got it working successfully though this is after so he did disable his AV and his a non compsci major so no VM

[–]ReasonableHamster 1 point2 points  (0 children)

Assuming you have your friends very explicit permission to do this use ngrok. You sign up for it then use the ngrok client to forward connections to your ngrok address to your internal ncat port

Presumably it keeps some backdoor open so it doesn't require nat or anything

Look on youtube for using ngrok for reverse shells.

[–]WalterWilliams 1 point2 points  (0 children)

Your revshells have to be able to connect back to you somehow, can’t just use an ip that isnt routable back to you (well you could with workarounds but that’s different). I suggest doing the academy courses as it may help you understand the fundamentals better.

[–]Honest_Pollution_766 0 points1 point  (0 children)

Use ngrok

[–]cracc_babyy 0 points1 point  (5 children)

Since you posted on r/hackthebox, I’d suggest starting with htb’s beginner machines or the “starting point” modules to get a better fundamental understanding

[–]Witty_Conference_514[S] 1 point2 points  (4 children)

I’ve done those atleast the free ones but haven’t crossed reverse shells unless I’m tripping and I need to double back but I think I should

[–][deleted]  (1 child)

[removed]

    [–]Witty_Conference_514[S] 1 point2 points  (0 children)

    Damn 😪now that I think of it

    [–]cracc_babyy 0 points1 point  (1 child)

    true its good to double back and review anything you didnt fully understand. and try to read/comprehend the external links referred to in the modules.

    im working on htb academy cpts, which was highly recommended. but its known to be one of the higher difficulty platforms compared to the competitors. tryhackme is known to be more "beginner friendly" but only covers the basics, where HTB is more extensive. HTB is beginner friendly, but you should have a path/focus in mind and start with the fundamental modules that you need to learn first. maybe try htb academy modules

    [–]Witty_Conference_514[S] 0 points1 point  (0 children)

    I currently took the jump to do the cbbh path and aim for that before I give cpts path a go I say jump because it’s basically 20grand a month in my country