7

Im trying to build RAT to test on my computer. I use ngrok for hacking on WAN. But ngrok has a problem of changing its subdomain once the connection is reset. So, I cant use ngrok for hacking over WAN. I tried using ngrok sub-domain, but now it has become a premium plan. Please suggest me some alternatives for ngrok which will provide me constant subdomain even if the connection is reset. Also, suggest if there are any other methods for hacking over WAN other than SSH Tunneling, Using VPN and port forwarding.

Adithyan AK
  • 79
  • 1
  • 1
  • 2
  • 2
    ngrok provides essentially a public relay to an internal service with the common use case to let developers use internal web servers from outside. You are asking for an alternative to ngrok because you need features only available in the paid version but you are not willing to pay. Thus your are essentially asking for a product recommendation which is off-topic and also for a product which is not really security related. Also, why did you add tags like `ssh`, `openssh`, `mod-security` which seem to have nothing to do with your question? – Steffen Ullrich Apr 29 '18 at 06:14
  • 2
    To be a bit more helpful: If you have your own public server outside you might use things like [autossh](https://raymii.org/s/tutorials/Autossh_persistent_tunnels.html) to create a permanent tunnel to the inside. But again, this is not really a security question. – Steffen Ullrich Apr 29 '18 at 06:22
  • Was using ngrok to access my local home computer, but wasn't reliable enough. Instead I installed lokinet and that solved the problem with accessing computers behind a firewall / router. https://docs.loki.network/Lokinet/Guides/ReverseSSHGuide/ – Patoshi パトシ Jul 31 '20 at 13:35

2 Answers2

10

I run https://serveo.net/. It provides a stable subdomain as you require, and as an added benefit, it uses SSH port forwarding, so you probably don't even need to install anything—just use your SSH client.

Use it like this (where localhost:9000 is the address you want to forward to):

ssh -R 80:localhost:9000 serveo.net

Or, to make sure you get a particular subdomain:

ssh -R magis:80:localhost:9000 serveo.net

(Where magis is a subdomain you were previously assigned.)

Trevor Dixon
  • 201
  • 1
  • 4
  • Tnx for the answer trevor. Say for example, I have created a payload using lhost as magis.serveo.net and lport as 9000 and I got meterpreter by listening on 127.0.0.1:80. What if i reboot and make same ssh connection and try the exploit? Would i still get meterpreter? What if the sub domain has been taken by some else in the mean time while I reboot? TIA – Adithyan AK May 03 '18 at 16:12
  • Assuming your IP address doesn't change, and you use the same SSH user name, it will attempt to give you the same subdomain. If somebody else has taken it when you try to connect, you'll get a different subdomain. – Trevor Dixon May 03 '18 at 21:16
  • 2
    Serveo doesn't work anymore – ᴡʜᴀᴄᴋᴀᴍᴀᴅᴏᴏᴅʟᴇ3000 Aug 30 '19 at 02:48
0

The Teleport "modern SSH" system has a feature whereby you can make your internal instance dial out to a cloud-hosted bastion and then come back inbound through that constantly re-established external connection. The feature is called 'Trusted Clusters' and it is part of its open source core. Teleport is a pure golang implementation of the SSH standard based on Google's crypto libraries. It supports all routine SSH things like port forwarding, rsync, etc. I've heard of ISPs who use Teleport on remotely deployed Raspberry Pis to diagnose issues on customers networks. There is no subscription side like ngrok and the tech may be overkill.

Abraham Ingersoll
  • 66
  • 3