Herramienta de penetración de intranet gratuita y de código abierto: instalación y configuración de FRP
FRP es una herramienta de penetración de red interna. Primero, se requiere un servidor con una IP de red pública como servidor (Linux), y el servidor de red interno que se necesita penetrar se usa como la dirección de Github del cliente FRP.
1. Instalación y configuración del servidor FRPS
Descargar FRP:
version=`curl --silent "https://api.github.com/repos/fatedier/frp/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")'`
v=`echo $version|grep -Po 'v\K(.*)'`
curl -sSL https://github.com/fatedier/frp/releases/download/$version/frp_"$v"_linux_amd64.tar.gz
Instalación del servidor FRPS:
necesita una máquina o un servidor en la nube con una IP pública. Yo uso un servidor Alibaba Cloud y una máquina con una IP pública (servidor en la nube, etc.) instala el servidor frps
tar -vxzf frp_0.50.0_linux_amd64.tar.gz
ls frp_0.50.0_linux_amd64
frpc # 客户端二进制文件
frpc_full.ini # 客户端配置文件完整示例
frpc.ini # 客户端配置文件
frps # 服务端二进制文件
frps_full.ini # 服务端配置文件完整示例
frps.in1 # 服务端配置文件
cp frps /usr/bin/
mkdir /etc/frp
cp frp*.ini /etc/frp
Configure el archivo de inicio de frps:
vim /etc/systemd/system/frps.service
[Unit]
Description=frps service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
[Install]
WantedBy=multi-user.target
vim /etc/frp/frps.ini
[common]
bind_port = 7000 # 服务端端口号,和客户端的server_port一致
vhost_https_port = 8080 # 是否启用虚拟主机,端口可以和bind_port相同
dashboard_addr = 0.0.0.0 # frps仪表盘绑定的地址;
dashboard_port = 7500 # frp web管理页面端口
dashboard_user = admin # frp管理页面用户名
dashboard_pwd = admin@123 # frp管理页面用户密码
log_file = /var/log/frps.log
log_level = info # 日志等级,可用等级“trace, debug, info, warn, error”
log_max_days = 3 # 日志保存最大保存时间
authentication_timeout = 900 # 客户端连接超时时间(秒),默认为900s
token=1qaz@2wsx # 服务器和客户端协商的密码,不一致无法登陆
allow_ports = 2000-3000,22,4000-50000
max_pool_count = 50
max_ports_per_client = 0
systemctl enable frps
systemctl restart frps
systemctl status frps
● frps.service - frps service
Loaded: loaded (/etc/systemd/system/frps.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2023-06-30 17:26:08 CST; 5s ago
Main PID: 3222 (frps)
Tasks: 6 (limit: 4216)
Memory: 9.6M
CPU: 494ms
CGroup: /system.slice/frps.service
└─3222 /usr/bin/frps -c /etc/frp/frps.ini
Jun 30 17:26:08 iZbp15sv9ggpwppfq0uegsZ systemd[1]: Started frps service.
2. Instalación y configuración del cliente FRPC
2.1 Cliente del sistema Linux
Descargar FRP:
version=`curl --silent "https://api.github.com/repos/fatedier/frp/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")'`
v=`echo $version|grep -Po 'v\K(.*)'`
curl -sSL https://github.com/fatedier/frp/releases/download/$version/frp_"$v"_linux_amd64.tar.gz
Si el servidor de intranet que desea penetrar es un servidor de Windows, debe descargar el instalador de Windows correspondiente
Instalación del servidor FRPC:
tar -vxzf frp_0.50.0_linux_amd64.tar.gz
cd frp_0.50.0_linux_amd64
cp frpc /usr/bin/
mkdir /etc/frp
cp frp*.ini /etc/frp
Configure el archivo de inicio de frpc:
vim /etc/systemd/system/frpc.service
[Unit]
Description=frps service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
[Install]
WantedBy=multi-user.target
cat /etc/frp/frpc.ini
[common]
server_addr = 116.62.155.189 # 公网服务器ip
server_port = 7000 # 服务器端口号
authentication_method = token
token = 1qaz@2wsx # 服务器和客户端协商的密码,不一致无法登录
tls_enable = true # 使用tls加密
[ssh]
type = tcp
local_ip = 127.0.0.1 # 本地映射的应用的IP
local_port = 22 # 本地映射的应用的端口
remote_port = 2222 # 远端访问端口
use_compression = true # 启用数据压缩
systemctl enable frpc
systemctl restart frpc
systemctl status frpc
● frpc.service - frps service
Loaded: loaded (/etc/systemd/system/frpc.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2023-06-30 17:23:44 CST; 5s ago
Main PID: 3047 (frpc)
Tasks: 5 (limit: 4216)
Memory: 3.9M
CPU: 11ms
CGroup: /system.slice/frpc.service
└─3047 /usr/bin/frpc -c /etc/frp/frpc.ini
Jun 30 17:23:44 iZbp15sv9ggpwppfq0uegsZ systemd[1]: Started frps service.
Jun 30 17:23:44 iZbp15sv9ggpwppfq0uegsZ frpc[3047]: 2023/06/30 17:23:44 [I] [root.go:217] start frpc service for config file [/etc/frp/frpc.ini]
systemctl stop ufw.service
systemctl disable ufw.service
http://116.62.155.189:7500/:
2.2 Cliente del sistema Windows
Descargue frp_0.50.0_windows_amd64.zipel paquete de software
y configure el archivo de inicio de frpc:
[common]
server_addr = 121.43.34.197
server_port = 7000
authentication_method = token
token = 1qaz@2wsx
tls_enable = true
[windows10_rdp]
type = tcp
local_ip = 127.0.0.1 # 本地映射的应用的IP
local_port = 3389 # 本地映射的应用的端口
remote_port = 33890 # 远端访问端口
use_compression = true # 启用数据压缩
Configure el archivo de inicio de frpc:
C:\Users\Administrator>cd C:\Users\Administrator\Desktop\frp_0.50.0_windows_amd64
C:\Users\Administrator\Desktop\frp_0.50.0_windows_amd64>frpc.exe -c ./frpc.ini
2023/07/03 11:21:33 [I] [root.go:217] start frpc service for config file [./frpc.ini]
2023/07/03 11:21:34 [I] [service.go:295] [abea9e4679399b86] login to server success, get run id [abea9e4679399b86]
2023/07/03 11:21:34 [I] [proxy_manager.go:150] [abea9e4679399b86] proxy added: [windows10_rdp]
2023/07/03 11:21:35 [I] [control.go:172] [abea9e4679399b86] [windows10_rdp] start proxy success
3. Prueba de conexión
ssh root@公网IP:remote_port
ssh root@121.43.34.197:2222