当前位置:网站首页>A complete detailed tutorial on building intranet penetration ngrok (with pictures and truth)

A complete detailed tutorial on building intranet penetration ngrok (with pictures and truth)

2022-08-03 17:09:00 InfoQ

如上 Everything found online is unstable Might as well build one yourself.Go ask the lady,发现了一堆.好吧,Then get started.

准备工作(In fact, it is also a hard condition):

1.服务器一台

2.备案域名一个.(A lot of people say it's okay not to file,我也不知道真假,I'm ready)

工具:

1.远程连接工具:xshell 或者 putty .(Don't care what it is It's fine to be able to connect Choose according to personal habits)

2.下载工具:winscp(This is my favorite ha) Of course, it is also possible to use commands.

安装:

1.git安装

# 安装git
yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++ 


This command was told to me by Du Niang 那啥 要是不好使 Just find an installationgittutorial or something I'm done with thisok了

由于ngrok是在goIt is developed on the basis of so install it firstgo(go语言完全不同 这不重要 Just install it)

2.安装go

I think the server downloadsgo太慢了 So I decided to download locally uploading to the server

下载地址:
Go下载 - Go语言中文网 - Golang中文社区
(我觉得这个挺好的)

下载linux版的 Numbers are looking good,These details must be paid attention to.

下载后 用winscp uploaded to the server /usr/local/下

null



解压

tar -zxvf go1.12.4.linux-amd64.tar.gz /usr/local/ 



available in the directory go 的目录

At this time, a soft connection needs to be made(为什么做 我也不知道啊 Which god can guide me)

# goThe command needs to do a soft link to/usr/bin 
ln -s /usr/local/go/bin/* /usr/bin/ 



做完这些 Finally, set the global environment variables

export GOROOT=/usr/local/go 
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin



使环境生效

source /etc/profile 



好了 到这 我们的go安装完了 Check if the installation is successful

go version



null



go env



null



执行其中一个 The corresponding can appear 代表安装成功

3.安装ngrok

为了查找方便 also installedlocal目录下

cd /usr/local/ 

//ngrok下载地址
git clone https://github.com/inconshreveable/ngrok.git



这个地址可以git下载 再传上去 也可以fockinto your project

You can see one after the download is complete ngrok的文件夹

null



配置 ngrok的环境变量

export GOPATH=/usr/local/ngrok/ 

#Write your own domain name here,不要前缀,比如www.abc.club 填写abc.club (域名已备案)
export NGROK_DOMAIN="abc.club" 


4.生成ngrokcertificate and overwrite the original certificate

cd /usr/local/ngrok
openssl genrsa -out rootCA.key 2048 
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem 
openssl genrsa -out server.key 2048 
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr 
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000 



The above command is copied 不必介意 is to generate the certificate

Override certificate The following commands are split Finish each one will make you sure 按 y 就可以

cp rootCA.pem assets/client/tls/ngrokroot.crt 
cp server.crt assets/server/tls/snakeoil.crt 
cp server.key assets/server/tls/snakeoil.key



到此 安装配置结束

生成服务端

进入ngrok的目录

cd /usr/local/ngrok/ 



Execute the build server 其中amd64代表64位的linux系统 如果是32位的 改为:GOARCH=386

GOOS=linux GOARCH=amd64 make release-server



生成成功后 会在ngrok的bin下有一个ngrokd文件夹 即代表成功

null


生成客户端

和服务端一样

cd /usr/local/ngrok/ 



GOOS=windows GOARCH=amd64 make release-client



会在ngrok的bin下有一个windows_amd64文件夹 即代表成功

null



Below are versions of different systems that generate different clients 替换GOODS 和GOARCH的值即可

#Linux 平台 32 位系统:GOOS=linux GOARCH=386
#Linux 平台 64 位系统:GOOS=linux GOARCH=amd64
#Windows 平台 32 位系统:GOOS=windows GOARCH=386
#Windows 平台 64 位系统:GOOS=windows GOARCH=amd64
#MAC 平台 32 位系统:GOOS=darwin GOARCH=386
#MAC 平台 64 位系统:GOOS=darwin GOARCH=amd64
#ARM 平台:GOOS=linux GOARCH=arm


服务端的启动

在ngrock下执行

./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443"

参数说明:
#-domain 访问ngrokIt is the set service address when generating the certificate
#-httpAddr http协议端口 默认为80
#-httpsAddr https协议端口 默认为443 
#-tunnelAddr 通道端口 默认4443



一定要注意 domain 代表 域名 Then this domain name is the domain name of the environment variable you defined earlier 千万不要错.

启动成功显示:

null



可以看出 监听80端口 443 端口 4443端口 并且30Execute a monitor every second 启动成功

Mapping settings for second-level domain names

这个 跟简单 But it is important as follows

null



Use general analysis Resolve first-level domain names 3level has not been studied  Just follow the above analysis

客户端的启动

用winscp将生成的windows_amd64拉倒本地

里面只有一个ngrok.exe程序

同目录下新建ngrok.cfg文件 File types are customizable But be careful when doing it

ngrok.cfg内容

server_addr: "abc.club:4443" 
trust_host_root_certs: false 



server_addr: "abc.club:4443" 其中 abc.clubOr the domain name you set up yourself 4443Is the listening port when the server area starts 保持一致 (Change it all If you don't change, don't move)

The client has two startup methods:

1.cmd到windows_amd64根目录下

直接执行以下命令

ngrok -config=./ngrok.cfg -subdomain=test 8080

#参数说明
ngrok.cfg 刚才新建的文件 
-subdomain=test test:The penetrated domain name prefix 
8080 :Passthrough domain name mapping port



启动

null



代表成功 Access the assigned domain name

2.写一个.bat的脚本

null



boom.bat的内容

@echo OFF
color 0a
Title boom Ngrok启动工具
Mode con cols=109 lines=30
:START
set /p clientid= 请输入前缀:
echo.
set /p port= 请输入端口:
echo.
ngrok -config=ngrok.cfg -subdomain %clientid% %port%
PAUSE
goto TUNNEL



简单些 You can also get some patterns or something 根据个人喜好

Access the assigned domain name

图形界面

项目启动后 访问127.0.0.1:4040或者localhost:4040

null


将ngrok设置为系统服务 并且开机自启

编辑

vim /etc/rc.d/init.d/ngrok



ngrok内容

#!/bin/bash

#chkconfig: - 99 01

#description:ngrok 


case "$1" in
 start)
 echo "start ngrok service.."
 cd /usr/local/ngrok/
 setsid ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" 
 ;;
 *)
 exit 1
 ;;
esac

###参数说明:
### cd /usr/local/ngrok/:进入ngrok目录
### setsid:Start without this The result closes the window Found that the service stopped Plus it's easy to use now
### setsid ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" :启动ngrok服务端命令



给该配置文件权限

chmod 755 ngrok



注册为系统服务

chkconfig --add ngrok



然后查看是否添加成功

chkconfig



null



启动

service ngrok start



If it can appear and directly hit the command to appear before the monitor30s界面 则添加成功

设置为开机自启

After adding it as a system service ngrok状态都是off So it needs to be set to start automatically

systemctl enable ngrok.service //加入开机启动
systemctl daemon-reload //重新加载配置文件



重启服务器 Directly enable client detection

注意事项

服务端 启动成功 客户端连不上:

是因为 防火墙 端口没有开放443 4443 8080 等 All open

After opening, the firewall can be closed 没什么大用

开了之后 还是连不上 This requires you to go to the cloud server to set the inbound rules of the security group:

null



Just set it up  It's okay to build 没有太多的问题 一路很顺

Code word code map is not easy 且看且珍惜

如有问题 Guidance is welcome 谢谢

原网站

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/215/202208031658170645.html

边栏推荐

猜你喜欢

随机推荐