Article directory
Preface
frp is an open source intranet penetration software. The working process is as follows: the
server runs on a server with a public IP and listens to a certain port, waiting for the client to connect;
the client runs on the intranet machine that needs to be penetrated. After connecting to the server, the server starts to listen to the designated port that the client needs to penetrate;
external network users connect to the designated port that the server listens to, and then the server forwards the user data to the intranet client to achieve intranet penetration.
To put it simply, frp acts as a proxy to forward the traffic of internal and external network communications so that internal and external networks can communicate.
1. Experiment introduction
Simple topology diagram
The target of this experiment is pc3, that is, the host I use kali can access the shared directory of pc2. Kali serves as the frp server and pc1 serves as the client to forward traffic from the external network to the internal network pc2.
PC1 has two network cards, 192.168.20.196 can communicate with kali, but 10.40.1.10 cannot; both pc1 and pc2 have the smb service enabled, and the username and password are both administrator and P@ssw0rd
Note: In fact, the most common way to use it is to use frp on the public network, which is routes 2 and 3 in the topology diagram above, because it itself belongs to the intranet.
Just because the experimental environment is built locally, there is no need to use the public network's frp. Instead, kali is used as the frp server and uses line 1 routing.
2. Mount the shared directory
Since pc1 has the smb service enabled, we can mount it locally to facilitate us to upload files.
mount -t cifs -o 'username=administrator,password=P@ssw0rd' //192.168.20.192/123 /mnt
3. Configure frp
Server configuration
Enable frp service
Configure the client file. Because the target system is Windows, the Windows configuration file must be used.
Send the client's configuration files, frpc.exe and frpc.ini to the mounting directory, and upload them to pc1
The next step is to open the client. A wmiexec.py script is used here, which can directly execute the pc1 file locally. The premise is also due to knowing the user name and password.
Check the file
Run the client again
Run successfully
4. Use proxy software to connect to frp
Use SSTap software on pc3 host
test connection
Because we have not configured UDP in the first place, it is normal for the test to fail. TCP can work without any impact.
Then add the route to the target host
Then test the smb connection.
Enter the username and password on the local machine and the connection is successful. You can view the shared directory.
Summarize
The article briefly introduces the use of frp, but when it is practical, public network frp is used. The core principles are the same. I hope it will be helpful to everyone's use and understanding of frp.