Johnermac
  • About me
  • Active Directory
    • PowerShell
      • Customize
      • Notes
      • ETW
      • AMSI Bypass
      • Obfuscation
    • Enumeration
      • Domain
      • GPO
      • ACL
      • Domain Trusts
      • Forest
      • Extra
      • BloodHound
      • BloodHound CE
  • Tunneling
    • Tools
      • Udp2Raw
      • Fraud Bridge
      • Chisel
      • SSF
      • Egress-Assess
      • Ligolo-ng
      • Sshutle
      • Rpivot
      • Tunna
      • reGeorg
      • Neo-reGeorg
      • PivotSuite
  • Post-Exploitation
    • Data Exfiltration
      • HTTP
        • Cancel
        • wget
        • bash
        • busybox
        • IRB
        • PHP
        • Ruby
      • ICMP
        • XXD
        • Ruby
        • Python
      • UDP
        • Netcat
      • TCP
        • Netcat
        • KSH
        • whois
        • Finger
      • HTTPS
        • Python
        • OpenSSL
  • BLOG
    • Articles
      • Pivoting for Red Teaming
Powered by GitBook
On this page
  • Prerequisites
  • Usage
  1. Tunneling
  2. Tools

reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

PreviousTunnaNextNeo-reGeorg

Last updated 1 year ago

Source: https://github.com/sensepost/reGeorg

  1. like Tunna, we need to upload a file in a web server

  2. We'll use socks proxy, so make sure the proxychains in configured

  3. The web shells are not reliable

Prerequisites

  • Python 2.7

  • Be able to upload a file in a web server

Usage

reGeorgSocksProxy.py -p 8080 -u http://webserver:8080/tunnel.nosocket.php

Here we're:

  • Showing all the tunnels available in reGeorg

  • Opening a web server with PHP

In the same way, we can extract files through the proxy

Others web shells like PHP, JSP, ASPx didn't work out for me

php server
on Kali - /etc/proxychains.conf
Connect to the reGeorg web shell
Nmap with Proxychains
trying PHP web shell
error function dl() PHP