Hidden communication tunnel technology: intranet penetration tool NPS

1 nps Tool is introduced

NPS Tool is a kind of use go Lightweight language writing 、 Powerful intranet penetration tool . Support TCP、UDP Traffic forwarding , Support Intranet HTTP、SOCKS5 agent , Support at the same time snappy Compress ( Save bandwidth and traffic )、 Site protection 、 The encrypted 、 Multiplexing 、header Modify etc. . It also supports web Graphical management . This tool is easy to use , Compared with FRP,NPS It's a graphical interface , Therefore, the configuration is simpler .

nps Same as frp Similar working principle .

Official documents ：

https://ehang-io.github.io/nps/#/api

https://ehang-io.github.io/nps/#/nps_extend

1.1 nps Server and client

NPS Tools by NPS Server side and NPS Client composition , We usually NPS The server side is placed on the Internet IP Of VPS On , And will open a port to wait NPS Connect to your client ( Usually in NPS The configuration file of the server ), and NPS The client of is usually placed on the intranet host we have won , We will designate NPS The client of the server needs to be connected NPS Server's IP And port , such , We will succeed in NPS Server side and NPS The client of is connected .

1.2 nps Intranet through

Follow the above method , We've configured it NPS service , Now the server and client can be connected , however , How can we pass NPS Conduct intranet penetration ？ Actually ,NPS It is the login background that will set the graphical interface in the configuration file , We log in NPS The background of , Then log in with the account and password set in the configuration file , After logging into the background , First, add a client , This client will automatically generate a unique authentication key , We need to enter this unique authentication key in the configuration file , In this way, we can NPS The client and server are connected , Then we can add tunnels according to our needs , Such as HTTP Tunnel 、SOCKS Tunnels and other tunnels , We access through the port set in the tunnel , You can access the intranet host .

2 Download and install

2.1 download

Download address ：

https://github.com/ehang-io/nps/releases/tag/v0.26.9

Experimental environment ：

The server ： Kun Peng arm 64 framework

virtual machine centos：amd 64 framework

win10：amd64 framework

View the server version ：

#  The server 
[[email protected] frp]# arch
aarch64

#  virtual machine  centos
[[email protected] tools]# arch
x86_64

2.2 Server installation and configuration

linux

tar -zxvf linux_arm64_server.tar.gz
./nps install

windows

nps.exe install

The configuration file

[[email protected] socks]# cd conf/
[[email protected] conf]# ll
total 12
-rw-r--r-- 1 1001 116    0 Oct  6  2020 clients.json
-rw-r--r-- 1 1001 116    0 Oct  6  2020 hosts.json
-rwxr-xr-x 1 1001 116 1926 Oct  6  2020 nps.conf
-rw-r--r-- 1 1001 116 1679 Oct  6  2020 server.key
-rw-r--r-- 1 1001 116 1346 Oct  6  2020 server.pem
-rw-r--r-- 1 1001 116    0 Oct  6  2020 tasks.json

[[email protected] conf]# vim nps.conf

appname = nps
#Boot mode(dev|pro)
runmode = dev

http_proxy_ip=0.0.0.0  ( There is no such item in the official download )
http_proxy_port=80		#  Domain name agent http Agent listening port 
https_proxy_port=443	#  Domain name agent https Agent listening port ( These two ports are usually modified , Avoid port conflicts )
https_just_proxy=true
#default https certificate setting
https_default_cert_file=conf/server.pem
https_default_key_file=conf/server.key

##bridge
bridge_type=tcp		#  The connection between the client and the server kcp or tcp
bridge_port=8024	#  Server client communication port , In other words, the client can connect by accessing the port of the server 
bridge_ip=0.0.0.0

# Public password, which clients can use to connect to the server
public_vkey=123		#  The key when the client starts in profile mode , If it is set to null, the client profile connection mode will be closed 

#Traffic data persistence interval(minute)
#Ignorance means no persistence
#flow_store_interval=1

log_level=7			#  Log output level 
#log_path=nps.log

#Whether to restrict IP access, true or false or ignore
#ip_limit=true

#p2p
#p2p_ip=127.0.0.1 #  Server side IP, Use p2p Mode required 
#p2p_port=6000 # p2p Mode on udp port 

#web
web_host=a.o.com
web_username=admin	# web Interface management account 
web_password=123	# web Interface management password 
web_port = 8080		# web Management port , By accessing this port, you can access NPS backstage 
web_ip=0.0.0.0
web_base_url=		# web Manage the main path , Is used to web Management is behind the agent subpath 
web_open_ssl=false
web_cert_file=conf/server.pem
web_key_file=conf/server.key
# if web under proxy use sub path. like http://host/nps need this.
#web_base_url=/nps

#Web API unauthenticated IP address(the len of auth_crypt_key must be 16)
#Remove comments if needed
#auth_key=test
auth_crypt_key =1234567812345678	#  Get the server authKey At the time of the aes Encryption key ,16 position 

#allow_ports=9001-9009,10001,11000-12000

#Web management multi-user login
allow_user_login=false
allow_user_register=false
allow_user_change_username=false


#extension
allow_flow_limit=false
allow_rate_limit=false
allow_tunnel_num_limit=false
allow_local_proxy=false
allow_connection_num_limit=false
allow_multi_ip=false
system_info_display=false

#cache
http_cache=false
http_cache_length=100

#get origin ip
http_add_origin_header=false

#pprof debug options
#pprof_ip=0.0.0.0 # debug pprof  Server side IP
#pprof_port=9999 # debug pprof  port 

#client disconnect timeout
disconnect_timeout=60	#  Client connection timeout , Company  5s, The default value is  60, namely  300s = 5mins

Be careful : In the configuration file above , We should mainly pay attention to the following aspects :

①: Generally, the port of the domain name proxy will be modified , Avoid port conflicts

②:NPS Of web The default port of the page is 8080, The default username password is admin/123

③:NPS The default port for connecting the server and the client is 8024, This port can be modified , After the modification , Pay attention to using the modified port when connecting

④:NPS The port opened by the server ( That's what we need to visit VPS The port of ) Not in the configuration file , We need to web Configure in the interface

2.3 client

tar -zxvf linux_amd64_client_nps.tar.gz

2.3 Client connection mode

2.3.1 Client connection mode

Method 1 ： Use vkey Connect

Windows：npc.exe -server=ip:port -vkey= Generated by the server key
Linux：./npc -server=ip:port -vkey= Generated by the server key

Method 2 ： Use the configuration file to connect

windows:   npc.exe -config=npc Profile path 
linux:     ./npc -config=npc Profile path 

2.3.2 The configuration file

cd conf
vim npc.conf

[common]
server_addr=127.0.0.1:8024
conn_type=tcp
vkey=123
auto_reconnection=true
max_conn=1000
flow_limit=1000
rate_limit=1000
basic_username=11
basic_password=3
web_username=user
web_password=1234
crypt=true
compress=true
#pprof_addr=0.0.0.0:9999
disconnect_timeout=60

[health_check_test1]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_http_url=/
health_check_type=http
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[health_check_test2]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_check_type=tcp
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[web]
host=c.o.com
target_addr=127.0.0.1:8083,127.0.0.1:8082

[tcp]
mode=tcp
target_addr=127.0.0.1:8080
server_port=10000

[socks5]
mode=socks5
server_port=19009
multi_account=multi_account.conf

[file]
mode=file
server_port=19008
local_path=/Users/liuhe/Downloads
strip_pre=/web/

[http]
mode=httpProxy
server_port=19004

[udp]
mode=udp
server_port=12253
target_addr=114.114.114.114:53

[ssh_secret]
mode=secret
password=ssh2
target_addr=123.206.77.88:22

[ssh_p2p]
mode=p2p
password=ssh3

[secret_ssh]
local_port=2001
password=ssh2

[p2p_ssh]
local_port=2002
password=ssh3

Be careful :NPS There are two ways to start the client of , One is that no configuration file is required , Directly enter the relevant command to start , The other is to use the configuration file to start NPS client . If you need to use a configuration file to start NPS client , Then you need to configure the following ( The rest can be ignored ).

server_addr   # Server side ip/ domain name :port
conn_type     # Communication mode with the server (tp or kcp)
vkey          # The key in the server configuration file 

First server_addr* Yes, it needs to be filled in NPS Server side IP And port ,*conn_type Choose the right type ( General choice TCP),vkey The value of is set as the key of the server configuration file . In this way, the server and client can connect .

3 Use

3.1 Server side

3.1.1 Modify the configuration

Avoid port conflicts

vim ./conf/nps.conf

http_proxy_port=8000
https_proxy_port=4430

Reload profile

./nps reload

3.1.2 start-up / close / Restart the server

./nps start

Stop and restart

./nps stop
./nps restart

3.1.3 visit

Server configuration file web Some customers check their user names and passwords , You can also assign a domain name through the configuration file

Default user name ：admin

Default password ：123

http://121.**.**.124:8080/

3.1.4 New client

This new client mainly uses the generated unique authentication key , Only through this unique verification key can NPS Connect the server to the client , Therefore, at least one client needs to be added .

3.1.5 add to SOCKS agent

3.2 client

3.2.1 No profile

Windows：npc.exe -server=ip:port -vkey= Generated by the server key
Linux：./npc -server=ip:port -vkey= Generated by the server key

linux test

./npc -server=121.**.**.124:8024 -vkey=o86e5rilpj9cre62

Client connection successful

And how to use

3.2.2 There are configuration files

This mode uses nps Public key or client private key verification , Various configurations are completed on the client , At the same time, the server web It can also be managed

Modify the configuration file （ client ： Intranet host ）

vim ./conf/npc.conf

[common]
server_addr=121.**.**.124:8024	# vps ip:port
conn_type=tcp	#  Connection type 
vkey=123		#  Set up key

Execute the following command

Format

windows:   npc.exe -config=npc Profile path 
linux:     ./npc -config=npc Profile path 

linux test

./npc -config=./conf/npc.conf

Successful connection , What proxy access is there later

4 nps agent ssh service

4.1 Server creation TCP Tunnel

4.3 Start the client to connect to the server

./npc -server=ip:port -vkey= Generated by the server key

./npc -server=121.**.**.124:8024 -vkey=o86e5rilpj9cre62

4.4 Any one linux Host access

ssh [email protected]**.**.124 -p 5566