Johnermac
  • About me
  • Active Directory
    • PowerShell
      • Customize
      • Notes
      • ETW
      • AMSI Bypass
      • Obfuscation
    • Enumeration
      • Domain
      • GPO
      • ACL
      • Domain Trusts
      • Forest
      • Extra
      • BloodHound
      • BloodHound CE
  • Tunneling
    • Tools
      • Udp2Raw
      • Fraud Bridge
      • Chisel
      • SSF
      • Egress-Assess
      • Ligolo-ng
      • Sshutle
      • Rpivot
      • Tunna
      • reGeorg
      • Neo-reGeorg
      • PivotSuite
  • Post-Exploitation
    • Data Exfiltration
      • HTTP
        • Cancel
        • wget
        • bash
        • busybox
        • IRB
        • PHP
        • Ruby
      • ICMP
        • XXD
        • Ruby
        • Python
      • UDP
        • Netcat
      • TCP
        • Netcat
        • KSH
        • whois
        • Finger
      • HTTPS
        • Python
        • OpenSSL
  • BLOG
    • Articles
      • Pivoting for Red Teaming
Powered by GitBook
On this page
  • Prerequisites
  • Usage
  1. Tunneling
  2. Tools

reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

PreviousTunnaNextNeo-reGeorg

Last updated 2 years ago

Source:

  1. like Tunna, we need to upload a file in a web server

  2. We'll use socks proxy, so make sure the proxychains in configured

  3. The web shells are not reliable

Prerequisites

  • Python 2.7

  • Be able to upload a file in a web server

Usage

reGeorgSocksProxy.py -p 8080 -u http://webserver:8080/tunnel.nosocket.php

Here we're:

  • Showing all the tunnels available in reGeorg

  • Opening a web server with PHP

In the same way, we can extract files through the proxy

Others web shells like PHP, JSP, ASPx didn't work out for me

https://github.com/sensepost/reGeorg
php server
on Kali - /etc/proxychains.conf
Connect to the reGeorg web shell
Nmap with Proxychains
trying PHP web shell
error function dl() PHP