Free and open source intranet penetration tool - FRP installation and configuration
FRP is an internal network penetration tool. First, a server with a public network IP is required as the server (Linux), and the internal network server that needs to be penetrated is used as the Github address of the client FRP.
1. Server FRPS installation and configuration
Download FRP:
version=`curl --silent "https://api.github.com/repos/fatedier/frp/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")'`
v=`echo $version|grep -Po 'v\K(.*)'`
curl -sSL https://github.com/fatedier/frp/releases/download/$version/frp_"$v"_linux_amd64.tar.gz
FRPS server installation:
You need a machine or cloud server with a public IP. I use an Alibaba Cloud server, and a machine with a public IP (cloud server, etc.) installs the server frps
tar -vxzf frp_0.50.0_linux_amd64.tar.gz
ls frp_0.50.0_linux_amd64
frpc # 客户端二进制文件
frpc_full.ini # 客户端配置文件完整示例
frpc.ini # 客户端配置文件
frps # 服务端二进制文件
frps_full.ini # 服务端配置文件完整示例
frps.in1 # 服务端配置文件
cp frps /usr/bin/
mkdir /etc/frp
cp frp*.ini /etc/frp
Configure the startup file of frps:
vim /etc/systemd/system/frps.service
[Unit]
Description=frps service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
[Install]
WantedBy=multi-user.target
vim /etc/frp/frps.ini
[common]
bind_port = 7000 # 服务端端口号,和客户端的server_port一致
vhost_https_port = 8080 # 是否启用虚拟主机,端口可以和bind_port相同
dashboard_addr = 0.0.0.0 # frps仪表盘绑定的地址;
dashboard_port = 7500 # frp web管理页面端口
dashboard_user = admin # frp管理页面用户名
dashboard_pwd = admin@123 # frp管理页面用户密码
log_file = /var/log/frps.log
log_level = info # 日志等级,可用等级“trace, debug, info, warn, error”
log_max_days = 3 # 日志保存最大保存时间
authentication_timeout = 900 # 客户端连接超时时间(秒),默认为900s
token=1qaz@2wsx # 服务器和客户端协商的密码,不一致无法登陆
allow_ports = 2000-3000,22,4000-50000
max_pool_count = 50
max_ports_per_client = 0
systemctl enable frps
systemctl restart frps
systemctl status frps
● frps.service - frps service
Loaded: loaded (/etc/systemd/system/frps.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2023-06-30 17:26:08 CST; 5s ago
Main PID: 3222 (frps)
Tasks: 6 (limit: 4216)
Memory: 9.6M
CPU: 494ms
CGroup: /system.slice/frps.service
└─3222 /usr/bin/frps -c /etc/frp/frps.ini
Jun 30 17:26:08 iZbp15sv9ggpwppfq0uegsZ systemd[1]: Started frps service.
2. Client FRPC installation and configuration
2.1. Linux system client
Download FRP:
version=`curl --silent "https://api.github.com/repos/fatedier/frp/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")'`
v=`echo $version|grep -Po 'v\K(.*)'`
curl -sSL https://github.com/fatedier/frp/releases/download/$version/frp_"$v"_linux_amd64.tar.gz
If the intranet server you want to be penetrated is a Windows server, you need to download the corresponding Windows installer
Installation of FRPC server:
tar -vxzf frp_0.50.0_linux_amd64.tar.gz
cd frp_0.50.0_linux_amd64
cp frpc /usr/bin/
mkdir /etc/frp
cp frp*.ini /etc/frp
Configure the startup file of frpc:
vim /etc/systemd/system/frpc.service
[Unit]
Description=frps service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
[Install]
WantedBy=multi-user.target
cat /etc/frp/frpc.ini
[common]
server_addr = 116.62.155.189 # 公网服务器ip
server_port = 7000 # 服务器端口号
authentication_method = token
token = 1qaz@2wsx # 服务器和客户端协商的密码,不一致无法登录
tls_enable = true # 使用tls加密
[ssh]
type = tcp
local_ip = 127.0.0.1 # 本地映射的应用的IP
local_port = 22 # 本地映射的应用的端口
remote_port = 2222 # 远端访问端口
use_compression = true # 启用数据压缩
systemctl enable frpc
systemctl restart frpc
systemctl status frpc
● frpc.service - frps service
Loaded: loaded (/etc/systemd/system/frpc.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2023-06-30 17:23:44 CST; 5s ago
Main PID: 3047 (frpc)
Tasks: 5 (limit: 4216)
Memory: 3.9M
CPU: 11ms
CGroup: /system.slice/frpc.service
└─3047 /usr/bin/frpc -c /etc/frp/frpc.ini
Jun 30 17:23:44 iZbp15sv9ggpwppfq0uegsZ systemd[1]: Started frps service.
Jun 30 17:23:44 iZbp15sv9ggpwppfq0uegsZ frpc[3047]: 2023/06/30 17:23:44 [I] [root.go:217] start frpc service for config file [/etc/frp/frpc.ini]
systemctl stop ufw.service
systemctl disable ufw.service
http://116.62.155.189:7500/:
2.2. Windows system client
Download frp_0.50.0_windows_amd64.zipthe software package
and configure the startup file of frpc:
[common]
server_addr = 121.43.34.197
server_port = 7000
authentication_method = token
token = 1qaz@2wsx
tls_enable = true
[windows10_rdp]
type = tcp
local_ip = 127.0.0.1 # 本地映射的应用的IP
local_port = 3389 # 本地映射的应用的端口
remote_port = 33890 # 远端访问端口
use_compression = true # 启用数据压缩
Configure the startup file of frpc:
C:\Users\Administrator>cd C:\Users\Administrator\Desktop\frp_0.50.0_windows_amd64
C:\Users\Administrator\Desktop\frp_0.50.0_windows_amd64>frpc.exe -c ./frpc.ini
2023/07/03 11:21:33 [I] [root.go:217] start frpc service for config file [./frpc.ini]
2023/07/03 11:21:34 [I] [service.go:295] [abea9e4679399b86] login to server success, get run id [abea9e4679399b86]
2023/07/03 11:21:34 [I] [proxy_manager.go:150] [abea9e4679399b86] proxy added: [windows10_rdp]
2023/07/03 11:21:35 [I] [control.go:172] [abea9e4679399b86] [windows10_rdp] start proxy success
3. Connection test
ssh root@公网IP:remote_port
ssh root@121.43.34.197:2222