Current location - Quotes Website - Collection of slogans - Intranet penetration-proxy
Intranet penetration-proxy
Recently, I have participated in more intranet penetration and realized that I rely too much on web services for session maintenance. Once the web service was shut down, I lost my only entry point.

This time, remote desktop connection is used to explain and introduce several common connection methods.

The ip of this target host is:172.16.86.153.

Conditions of use: the server is connected to the external network and has its own public network ip.

Msf is the tool I use most in intranet penetration. It has many powerful functions built in and is very convenient to use.

Msf's meterpreter has built-in port forwarding function, which can forward the port of the intranet to the local area.

Forward the 3389 Remote Desktop Services port of the target host to the local 8888, and connect the local 8888 port with rdesktop in linux.

Msf has built-in socks module, which can be used after routing is configured on the basis of session, but its speed and stability are poor, so it is not introduced in detail.

Conditions of use: the server is connected to the external network and has its own public network ip.

Lcx is a classic port forwarding tool, which directly forwards 3389 to vps of public network.

Upload lcx.exe through Malaysia, and execute the system command, where1.1.1.1is the public ip of vps.

Because my public network vps uses linux system, the tool of lcx corresponding to linux is portmap.

P 1 is the listening port, and p2 is the forwarding port.

Successfully listened to forwarding port 3389.

Direct connection to remote desktop service1.1.1.1:33889.

The advantage of socks5 tunnel based on web service is that it can be used normally even if the internal network server is not connected to the external network.

Commonly used tools are: reGeorg, reDuh, Tunna and Proxifier.

This time, I will only introduce the specific usage of reGeorg.

Select the tunnel corresponding to the script and upload it to the server.

Access to the uploaded file, the following display indicates success.

Open Proxifier and change the port specified for the script.

The local computer successfully brought into the intranet of the target host through socks5. (If it fails, it may be that some protections have detected abnormal traffic, so reDuh can be used. )

The local computer connects directly and remotely to the intranet ip of the target host.

Conditions of use: the target host is connected to the external network and has its own public network ip.

Select the executable file corresponding to the host operating system.

The target host is a windows system, and you choose to upload the ew_for_Win.exe file.

The public network vps uses ew_for_linux64 file.

First, it executes on the public network vps:

-l is the port for proxy connection, and -e is the communication port between the target host and vps.

Then execute on the target host:

Socks5 tunnel was successfully established, and its host was successfully brought into the target intranet.

Use proxy to configure ip and connection port.

Successfully connected to the remote desktop.

Entrance?

Conditions of use: the target host is connected to the external network and has its own public network ip.

First, you need to build a server in the public server. Please refer to the portal for the construction method.

It should be noted that the version numbers of the client and the server should be consistent, otherwise they will not work normally.

Configure frpc.ini and add the account password for verification to ensure that the tunnel is not used maliciously by others.

Upload frpc.exe and frpc.ini to the target server and run frpc.exe directly (in actual combat, you may be prompted that the configuration file cannot be found, so you need to specify the path of the configuration file with the -c parameter, and the path of the frpc.exe-c file).

Public network vps host runs FRP.

Successfully established the tunnel to connect to the remote desktop.

Similar tools are: Sok, termites, etc. You don't need to master every kind, just have your own handy ones.

In general, when the web service of the website service is closed and the server is restarted, most back doors will be invalid, so the system service encapsulation tool is needed.

Taking NSSM as an example, the frpc is encapsulated to serve the system and a lasting socks5 tunnel is established.

Start the nssm graphical interface.

Select the exe application to group services.

Set the name of the service. Click Install Service directly, as shown in the following figure, indicating that the registration service is successful.

The status is set to Start, and the computer is restarted for testing. After restarting, frpc.exe will automatically run and successfully connect FRP.

This time, some commonly used tools are listed, and many tools are not listed.

The function and principle are all the same, it is good to have a few useful ones.

Related articles
  • Kindergarten autumn sports meeting class slogan
  • Is the sports lottery public welfare fund used for social welfare undertakings?
  • Who knows who is MM in the Shenzhou computer advertisement "I like my elegance" broadcast by CCTV?
  • Behind the rise of "digital collection": how to ensure the credibility and security of digital assets?
  • Xizang Autonomous Region slogan
  • Slogan about sprinting for the senior high school entrance examination
  • How to say these words in English? The written kind!
  • The slogan of the sports meeting in Class 4, Grade 7 should have the word "momentum" and be shorter.
  • What are the short wolves slogans? Selected slogans of the short wolves.
  • Please divide the cultural value of Ruan Ji's birthday behavior according to history.

    • copyright 2024 Quotes Website All rights reserved