Skip to content

Commit 1b18240

Browse files
author
zhaochengyu
committed
first commit
0 parents  commit 1b18240

9 files changed

+1013
-0
lines changed

config.ini

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
[NET-CONFIG]
2+
WEBSHELL = http://192.168.3.10:82/proxy.php
3+
SERVER_LISTEN = 127.0.0.1:8000
4+
TARGET_ADDR = 127.0.0.1:3389
5+
LOCAL_ADDR = 127.0.0.1:33899
6+
7+
[TOOL-CONFIG]
8+
LOG_LEVEL = INFO
9+
READ_BUFF_SIZE = 10240
10+
SLEEP_TIME = 0.1
11+
12+
[ADVANCED-CONFIG]
13+
SOCKS5 = False
14+
REMOTE_SERVER = http://192.168.3.1:8000
15+
NO_LOG = True

config.py

+89
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
# -*- coding: utf-8 -*-
2+
# @File : config.py
3+
# @Date : 2019/8/28
4+
# @Desc :
5+
# @license : Copyright(C), funnywolf
6+
# @Author: funnywolf
7+
# @Contact : github.com/FunnyWolf
8+
import base64
9+
import logging
10+
import logging.config
11+
12+
# 错误码
13+
DATA = "DATA"
14+
WRONG_DATA = b"WRONG DATA" # 错误格式的数据
15+
INVALID_CONN = b"REMOVE CONN" # 无效的连接
16+
SOCKET_TIMEOUT = 0.01
17+
18+
19+
# data = strings.Replace(strings.Replace(data, "\r\n", "", -1), "\n", "", -1)
20+
def get_logger(level="INFO", name="StreamLogger"):
21+
logconfig = {
22+
'version': 1,
23+
'formatters': {
24+
'simple': {
25+
'format': '%(asctime)s - %(levelname)s - %(lineno)s - %(message)s',
26+
},
27+
},
28+
'handlers': {
29+
'console': {
30+
'class': 'logging.StreamHandler',
31+
'level': 'DEBUG',
32+
'formatter': 'simple'
33+
},
34+
'file': {
35+
'class': 'logging.FileHandler',
36+
'filename': 'logging.log',
37+
'level': 'DEBUG',
38+
'formatter': 'simple'
39+
},
40+
},
41+
'loggers': {
42+
'StreamLogger': {
43+
'handlers': ['console'],
44+
'level': level,
45+
},
46+
'FileLogger': {
47+
'handlers': ['file'],
48+
'level': level,
49+
},
50+
}
51+
}
52+
53+
logging.config.dictConfig(logconfig)
54+
logger = logging.getLogger(name)
55+
56+
return logger
57+
58+
59+
def b64decodeX(data):
60+
if isinstance(data, str):
61+
new_data = data.replace("\r\n", "")
62+
new_data = new_data.replace("\n", "")
63+
new_data = new_data.replace("-A", "+")
64+
new_data = new_data.replace("-S", "/")
65+
return base64.b64decode(new_data)
66+
elif isinstance(data, bytes):
67+
new_data = data.replace(b"\r\n", b"")
68+
new_data = new_data.replace(b"\n", b"")
69+
new_data = new_data.replace(b"-A", b"+")
70+
new_data = new_data.replace(b"-S", b"/")
71+
return base64.b64decode(new_data)
72+
else:
73+
print(data)
74+
return base64.b64decode(data)
75+
76+
77+
def b64encodeX(data):
78+
new_data = base64.b64encode(data)
79+
if isinstance(new_data, str):
80+
new_data = new_data.replace("+", "-A")
81+
new_data = new_data.replace("/", "-S")
82+
return new_data
83+
elif isinstance(new_data, bytes):
84+
new_data = new_data.replace(b"+", b"-A")
85+
new_data = new_data.replace(b"/", b"-S")
86+
return new_data
87+
else:
88+
print(new_data)
89+
return new_data

readme.md

+103
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
# 毒刺(pystinger)
2+
毒刺(pystinger)是一个通过webshell实现**内网端口转发出网&内网SOCK5代理出网**.工具主体使用python开发,当前支持php,jsp(x),aspx三种代理脚本.
3+
# 使用方法
4+
## 端口转发
5+
* proxy.php上传到目标服务器,确保 [http://www.test.com/proxy.php](http://192.168.1.106:81/proxy.php)可以访问,页面返回 stinger XXX!
6+
* 修改config.ini,示例如下(确保服务器127.0.0.1:8000,127.0.0.1:1080可以正常绑定)
7+
```
8+
[NET-CONFIG]
9+
WEBSHELL = http://www.test.com/proxy.php
10+
SERVER_LISTEN = 127.0.0.1:8000
11+
TARGET_ADDR = 127.0.0.1:3389
12+
LOCAL_ADDR = 127.0.0.1:33899
13+
14+
[TOOL-CONFIG]
15+
LOG_LEVEL = INFO
16+
READ_BUFF_SIZE = 10240
17+
SLEEP_TIME = 0.0
18+
```
19+
* 将stinger_server.exe和config.ini上传到目标服务器同一目录,菜刀(蚁剑)执行mirror_server.exe启动服务端
20+
* stinger_client和config.ini拷贝到本地PC的同一目录,命令行执行stinger_client,生成如下输出表示成功
21+
```
22+
2019-09-29 12:57:11,493 - INFO - 215 - Use SERVER_LISTEN as REMOTE_SERVER
23+
2019-09-29 12:57:11,493 - INFO - 219 -  ------------Client Config------------
24+
2019-09-29 12:57:11,493 - INFO - 222 - 
25+
LOG_LEVEL: INFO
26+
SLEEP_TIME:0.1
27+
READ_BUFF_SIZE: 10240
28+
WEBSHELL: http://192.168.3.10:82/proxy.php
29+
REMOTE_SERVER: http://127.0.0.1:8000
30+
LOCAL_ADDR: 127.0.0.1:33899
31+
32+
33+
2019-09-29 12:57:11,500 - INFO - 63 -  ------------Server Config------------
34+
2019-09-29 12:57:11,500 - INFO - 69 - 
35+
LOG_LEVEL: INFO
36+
READ_BUFF_SIZE: 10240
37+
SERVER_LISTEN: 127.0.0.1:8000
38+
TARGET_ADDR: 127.0.0.1:3389
39+
client_address_list:[]
40+
SOCK5: False
41+
```
42+
* 此时已经将192.168.3.10的3389端口映射到了你本地pc的33899端口
43+
## SOCK5代理
44+
* proxy.php上传到目标服务器,确保 [http://www.test.com/pro](http://192.168.1.106:81/proxy.php)[xy.](http://192.168.1.106:81/proxy.php)[php](http://192.168.1.106:81/proxy.php)可以访问,页面返回 stinger XXX!
45+
* 修改config.ini,示例如下(确保服务器127.0.0.1:8000可以正常绑定)
46+
```
47+
[NET-CONFIG]
48+
WEBSHELL = http://www.test.com/proxy.php
49+
SERVER_LISTEN = 127.0.0.1:8000
50+
TARGET_ADDR = 127.0.0.1:1080
51+
LOCAL_ADDR = 127.0.0.1:10800
52+
53+
[TOOL-CONFIG]
54+
LOG_LEVEL = INFO
55+
READ_BUFF_SIZE = 10240
56+
SLEEP_TIME = 0.01
57+
[ADVANCED-CONFIG]
58+
SOCKS5 = True
59+
```
60+
* 将stinger_server.exe和config.ini上传到目标服务器同一目录,菜刀(蚁剑)执行mirror_server.exe启动服务端
61+
* stinger_client和config.ini拷贝到本地PC的同一目录,命令行执行stinger_client,生成如下输出表示成功
62+
```
63+
2019-09-29 13:03:41,164 - INFO - 215 - Use SERVER_LISTEN as REMOTE_SERVER
64+
2019-09-29 13:03:41,164 - INFO - 219 -  ------------Client Config------------
65+
2019-09-29 13:03:41,164 - INFO - 222 - 
66+
LOG_LEVEL: INFO
67+
SLEEP_TIME:0.1
68+
READ_BUFF_SIZE: 10240
69+
WEBSHELL: http://192.168.3.10:82/proxy.php
70+
REMOTE_SERVER: http://127.0.0.1:8000
71+
LOCAL_ADDR: 127.0.0.1:10800
72+
73+
74+
2019-09-29 13:03:41,171 - INFO - 63 -  ------------Server Config------------
75+
2019-09-29 13:03:41,171 - INFO - 69 - 
76+
LOG_LEVEL: INFO
77+
READ_BUFF_SIZE: 10240
78+
SERVER_LISTEN: 127.0.0.1:8000
79+
TARGET_ADDR: 127.0.0.1:1080
80+
client_address_list:[]
81+
SOCK5: True
82+
2019-09-29 13:03:41,171 - INFO - 72 - Connet to server success
83+
2019-09-29 13:03:41,173 - WARNING - 43 - LoopThread start
84+
2019-09-29 13:03:41,173 - WARNING - 234 - Tcpserver start
85+
```
86+
* 此时已经你本地10800启动了一个192.168.3.10所在内网的socks5代理
87+
# 相关工具
88+
[https://github.com/nccgroup/ABPTTS](https://github.com/nccgroup/ABPTTS)
89+
[https://github.com/sensepost/reGeorg](https://github.com/sensepost/reGeorg)
90+
[https://github.com/SECFORCE/Tunna](https://github.com/SECFORCE/Tunna)
91+
# 已测试
92+
## stinger_server\stinger_client
93+
* windows
94+
* linux
95+
## proxy.jsp(x)/php/aspx
96+
* php7.2
97+
* tomcat7.0
98+
* iis8.0
99+
# 更新日志
100+
**1.0**
101+
更新时间: 2019-09-29
102+
* 1.0正式版发布
103+

0 commit comments

Comments
 (0)