Limour

Limour

临床医学在读。

[Explore] WebSocket-based Intranet Penetration Tool

I don't want any more domestic servers except for filing. Many internal network services need to be accessed from the external network, so intranet penetration is essential. However, if you use foreign servers, you need to go through an unknown layer, which is inevitably prone to misjudgment. It is also necessary to integrate into the vast ocean. Previously, I tried to disguise it by wrapping it with QUIC, but for some reason, it was always unstable. After searching, I found another intranet penetration tool with fewer features: ProxyNT. ProxyNT is a reverse proxy server based on WebSocket written in Python, which can expose local servers to the public network through NAT and firewalls. From the principle, it is also possible to protect the public network IP with a layer of CDN.

Server#

mkdir -p ~/app/proxynt && cd ~/app/proxynt && nano Dockerfile && nano docker-compose.yml
docker build -t limour/proxynt .
nano config.json
sudo docker-compose up -d
FROM python:3.9-alpine
RUN pip install -U proxynt
ENTRYPOINT ["nt_server", "-c", "/opt/config.json"]
version: '3.3'
services:
  proxynt:
    restart: unless-stopped
    volumes:
      - './config.json:/opt/config.json'
      - '/etc/localtime:/etc/localtime:ro'
    image: limour/proxynt
 
networks:
  default:
    external: true
    name: ngpm
{
    "port": 18888,
    "log_file": "/dev/null",
    "path": "/websocket_path",
    "password": "helloworld",
    "admin": {
        "enable": true,
        "admin_password": "new_password"
    }
}

msedge_BI9KRyGXTh

Client#

mkdir -p ~/app/proxynt && cd ~/app/proxynt
pip install -U proxynt -i https://pypi.tuna.tsinghua.edu.cn/simple
whereis nt_client
nano config.json
nt_client -c config.json # Test
nano proxynt.service
sudo mv proxynt.service /etc/systemd/system/proxynt.service
sudo systemctl enable proxynt
sudo systemctl start proxynt
sudo systemctl status proxynt
{
  "server": {
    "url": "wss://limour.top:443/websocket_path",
    "password": "helloworld"
  },
  "client_name": "home_pc",
  "log_file": "/home/limour/app/proxynt/nt.log"
}
[Unit]
Description=proxynt
After=network.target
[Service]
ExecStart=/home/limour/miniconda3/bin/nt_client -c /home/limour/app/proxynt/config.json
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
  • Visit https://limour.top:443/websocket_path/admin
  • After seeing the client online, create a new configuration

Additional WebSSH#

In conjunction with the above intranet penetration, when connecting, fill in proxynt for the host, which can ensure that the internal SSH is not exposed to the public network while being able to connect via the public network.

mkdir -p ~/app/webssh && cd ~/app/webssh && nano docker-compose.yml
sudo docker-compose up -d
version: '3.3'
services:
  webssh:
    restart: unless-stopped
    environment:
      - GIN_MODE=release
      - savePass=true
    volumes:
      - '/etc/localtime:/etc/localtime:ro'
    image: jrohy/webssh:latest
 
networks:
  default:
    external: true
    name: ngpm

msedge_aTYJd5mhvq

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.