ssh port forwarding
Some command parameters
-C compressed data transmission -f background login username and password -N do not execute shell [combined with -g] -g allows open ports to be accessed by remote hosts
Edit the sshd configuration on a public network VPS, enable the ssh forwarding function, and restart the ssh service. This is all necessary operations before using ssh tunnel forwarding:
vim /etc/ssh/sshd_config
AllowTcpForwarding yes
GatewayPorts yes
TCPKeepAlive yes
PasswordAuthentication yes
#systemctl restart sshd.service
Local forwarding:
ssh -fCNg -L 5555:192.168.11.11:80 [email protected]
Local forwarding is to establish a connection with vps locally, and then vps will establish a connection with the port of the target host and forward the port of the target host to the local machine. On the designated port. The final effect is that the machine can access the target port by accessing a certain port of the machine. A bit like a forward proxy, the traffic trend is generally:
local traffic—"vps—" to the target host
Remote forwarding:
ssh -fCNg -R 5555:172.16.99.146:80 [email protected]
ssh -fCNg -R 5555:10.92.78.138:5678 [email protected] #Forwarding
the traffic of port 5555 accessing vps to this machine Then forwarded by the machine to 172.16.99.146:80
Traffic trend: outside traffic—
"vps designated port you—>this machine designated port
Dynamic forwarding: ssh -fCNg -D 5555 [email protected]
# forward all traffic accessing the local port 5555 through 192.168.11.12. It is equivalent to a socks proxy.
Configure routing on meterpreter
run get_local_subnets
run autoroute -s 172.17.0.0/24
add route ip/24 sessionid
https://www.anquanke.com/post/id/85580
配置socks5
background
use auxiliary/server/socks5
run
Configure proxychains
root@kali:~# vim /etc/proxychains.conf
dynamic_chain
socks5 192.168.124.135 8800
proxyresolv www.baidu.com #Check whether the proxy is successful
cp /usr/lib/proxychains3/proxyresolv /usr/bin/ #If it shows that there is no proxyresolv command Just execute this line of command
proxychains nmap -sS ip in the shell
that one
Frp realizes reverse socks proxy and http proxy and port forwarding
Download frp
First go to github to download the corresponding version of frp. Basically, the windows version and the linux version have the next one. Click here to go to the download page ;
after decompression, it looks like this:
There is a prerequisite for using frp, you have to have one The public network server of the public network ip, here assume you have a linux public network server.
Specific operation
Step 1: Upload the server frp of the corresponding format
These are the two files I selected.
Step 2: Configure frps.ini on the server side
The meanings of these three values are:
bind_port is the port that the client initially connects to the server. The client must connect to this port to establish communication with the server before subsequent operations such as http proxy.
dashboard_port This is the port of the dashboard. You can access the dashboard by directly accessing this port number on the server.
vhost_http_port http proxy port number.
After the configuration file is changed, it can be run directly on the server. The command isfrps -c frps.ini
Step 3: Upload the client frp in the corresponding format
Since the client is windows, you have to upload the corresponding client of winodws environment. The corresponding file is:
Configure frpc.ini on the client
The parameters in the first [common] block are:
server_addr server's public network address
server_port server's public network ip
The parameters in the second [Remote Window] block are:
type connection type
local_ip directly fill in 127.0.0.1,
local_port local port number that needs to be forwarded
remote_port forward the local port to the specified port on the vps
These parameters are mainly used for port forwarding
The parameters in the third [web] block are:
custom_domains Specify server ip
local_port
Randomly specify a local port remote_port proxy port on vps
These parameters are used for http proxy
The parameters in the fourth block [socks] are:
plugin = socks5 socks type set Socks5.
REMOTE_PORT socks proxy port is provided
using the configurationfrpc.exe -c frpc.ini
command.
Experimental results
If the server is configured correctly, this will appear:
At this time, use the client to connect to the server, and the client will appear:
Then set the proxy in the chrome browser.
socks5 proxy:
http proxy
There are three hosts ABC at this time.
A can access B, B can access C, and A cannot access C. After setting up the socks or http proxy, A can visit C's webpage:
A's ip is: 192.168.124.1
B's ip is: 192.168.124.135, 192.168.23.55
C's ip is: 192.168.23.99
You can access 3389 of the target host by accessing the 6000 port bytes of vps
You can access the dashboard by accessing port 7500, which stores the existing specific agents.