{"id":69,"date":"2018-09-17T16:40:41","date_gmt":"2018-09-17T20:40:41","guid":{"rendered":"http:\/\/www.wispwisp.com\/?p=69"},"modified":"2020-11-09T03:05:00","modified_gmt":"2020-11-09T03:05:00","slug":"ssh-tunnelgogoinflightwifi","status":"publish","type":"post","link":"https:\/\/www.wispwisp.com\/index.php\/2018\/09\/17\/ssh-tunnelgogoinflightwifi\/","title":{"rendered":"\u5229\u7528SSH Tunnel\u514d\u8d39\u7528gogoinflight\u7a7a\u4e2dWiFi"},"content":{"rendered":"\n<p><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u521b\u4f5c\u4e8e\u98de\u5f80Vegas, \u53c2\u52a0DEF CON\u7684\u98de\u673a\u2708\ufe0f\u4e0a. \u5229\u7528SSH Tunnel \u514d\u8d39\u4f7f\u7528\u7a7a\u4e2d Wifi<\/span><\/p>\n\n\n\n<p><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">gogoinflight \u662f\u7f8e\u56fd\u90e8\u5206\u98de\u673a\u4e0a\u63d0\u4f9b\u7684\u6536\u8d39Wifi \u670d\u52a1\uff1a<\/span><\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-80d53d3b7384a1da54d929722a2f95ab_r-300x210.jpg\" alt=\"\" class=\"wp-image-217\" width=\"590\" height=\"413\"\/><\/figure>\n\n\n\n<p><br>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u5148\u8bf4\u65b9\u6cd5\uff0c\u539f\u7406\u653e\u540e\u9762\uff0c\u6709\u5174\u8da3\u7684\u53ef\u4ee5\u53bb\u8bfb<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">1. \u9996\u5148\uff0c\u4f60\u9700\u8981\u6709\u4e00\u4e2aVPS(Virtual Private Server)<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u6211\u7528hostwinds\u7684\uff0c\u6700\u4fbf\u5b9c\u53ea\u89814$\u4e00\u4e2a\u6708\uff0c\u5e73\u65f6\u53ef\u4ee5\u62ff\u6765\u5f39\u5f39reverse shell xDD<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\"><img decoding=\"async\" loading=\"lazy\" width=\"516\" height=\"435\" class=\"wp-image-219 alignnone\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-d170d96bf8a1ac0e915f06fca6adce39_hd-300x253.jpg\" alt=\"\"><\/span><br>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">2. \u5728\u767b\u673a\u524d\uff0c\u4fee\u6539VPS\u91cc\u7684 \/etc\/sshd_config, \u628assh\u53e3\u5f00\u57283128(\u540e\u9762\u89e3\u91ca\u4e3a\u4ec0\u4e48)<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\"><img decoding=\"async\" loading=\"lazy\" width=\"431\" height=\"178\" class=\"alignnone wp-image-220\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-ce918a13ace835a74071713e3e10cfa9_hd-300x124.jpg\" alt=\"\"><\/span><br>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">3. \u8d77\u98de\u540e\u7b49gogoinflight\u80fd\u8fde\u4e0a\u540e\uff0c\u5728\u672c\u5730\u521b\u5efassh tunnel:<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u628aip\u5730\u5740\u4fee\u6539\u6210\u4f60VPS\u7684\u5730\u5740.<\/span><br>[code]ssh -D 3128 -f -C -q -N root@ip -p 3128[\/code]<br>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">4. (\u98de\u673a\u8d77\u98de\u524d)\u4e0b\u8f7d\u795e\u5668proxifier:&nbsp;<a href=\"https:\/\/www.proxifier.com\/\">https:\/\/www.proxifier.com\/<\/a><\/span><br><span style=\"font-size: 14pt;\"><span style=\"font-family: helvetica, arial, sans-serif;\">\u8bbe\u7f6e\u4f7f\u7528SOCKS Version 5, \u5730\u5740127.0.0.1, Port 3128<\/span><\/span><br><img decoding=\"async\" loading=\"lazy\" width=\"660\" height=\"185\" class=\"alignnone wp-image-221\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-2ddaca599371eb9bd432404105ce90ac_hd-300x84.jpg\" alt=\"\"><br>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">5. \u7edd\u5927\u90e8\u5206app\uff0c\u6d4f\u89c8\u5668\u90fd\u53ef\u4ee5\u8fde\u7f51\u4e86<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u4eab\u53d7\u514d\u8d39\u7684\u7a7a\u4e2dWiFi \ud83d\ude42<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">BlueStacks \u4e0a\u5fae\u4fe1\uff1a<\/span><br><img decoding=\"async\" loading=\"lazy\" width=\"682\" height=\"257\" class=\"alignnone wp-image-222\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-de1c1f1e5bd6e93b60a9bb860fb8696b_r-300x113.jpg\" alt=\"\"><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u624b\u673a\u8981\u4e0a\u7f51\u7684\u8bdd\uff0c\u8981\u8ba9mac\u5206\u4eab\u7f51\u7edc\uff0c\u7136\u540e\u542f\u7528mac\u4e0a\u7684\u6d41\u91cf\u8f6c\u53d1, \u628a\u4ece\u624b\u673a\u6765\u7684\u6d41\u91cf\uff0c\u8f6c\u53d1\u5230127.0.0.1:3128. \uff08\u5728mac\u4e0a\u5f00\u6d41\u91cf\u8f6c\u53d1\u64cd\u4f5c\u8d77\u6765\u53ef\u4ee5\u8bf4\u975e\u5e38\u9ebb\u70e6 -\u3002-\uff0c \u5c31\u61d2\u7684\u641e\u4e86\uff09 \u4e0b\u6b21\u6709\u673a\u4f1a\u8bd5\u8bd5socat<\/span><br>&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u539f\u7406\uff1a<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u4e0a\u4e00\u6b21(\u597d\u4e45\u4e4b\u524d\u4e86lol)\u5750\u98de\u673a\u5c31\u53d1\u73b03128\u53e3\u7684\u6545\u4e8b\uff0c\u90a3\u65f6\u5019\u6ca1\u6709\u81ea\u5df1\u7684VPS\uff0c\u8fd9\u4ef6\u4e8b\u4e00\u76f4\u6302\u5728\u5fc3\u4e0a\uff0c\u4eca\u5929\u7ec8\u4e8e\u6709\u673a\u4f1a\u518d\u6b21\u5c1d\u8bd5\u3002<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u8fde\u4e0a\u7a7a\u4e2dgogoinflight Wifi\uff1a<\/span><br><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-223\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-4cfddaebb8776332c5281c136c6d5aca_r-300x173.jpg\" alt=\"\" width=\"387\" height=\"223\"><br>&nbsp;<br><span style=\"font-size: 14pt;\"><span style=\"font-family: helvetica, arial, sans-serif;\">\u5f00Wireshark\uff0c\u968f\u4fbf\u6d4f\u89c8\u4e00\u4e2a\u7f51\u9875,&nbsp;<\/span><span style=\"font-family: helvetica, arial, sans-serif;\">\u53ef\u4ee5\u770b\u5230\u7edd\u5927\u90e8\u5206\u7684ip\u662f\u4e0d\u80fd\u8fde\u63a5\u7684\uff1a<\/span><\/span><br><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-224\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-6d5b2b159c7fc79973b5f24f11c41f3d_r-300x40.jpg\" alt=\"\" width=\"691\" height=\"92\"><br><span style=\"font-size: 14pt;\"><span style=\"font-family: helvetica, arial, sans-serif;\">\u4f46\u662f\u6709\u90a3\u4e48\u51e0\u4e2aip \u662f\u53ef\u4ee5\u8fde\u4e0a\u7684,&nbsp;<\/span><span style=\"font-family: helvetica, arial, sans-serif;\">\u6bd4\u598296.17.10.19\u548c 10.241.151.31<\/span><\/span><br><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-225\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-df16693c40459f442a0d23b05d60e638_hd-300x58.jpg\" alt=\"\" width=\"683\" height=\"132\"><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">nmap\u626b\u8fd9\u4e24\u4e2aip\uff1a<\/span><br><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-226\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-e032feb662aaac30d5299886ec038b2f_hd-300x172.jpg\" alt=\"\" width=\"290\" height=\"166\"><br>&nbsp;<br><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-227\" src=\"https:\/\/www.wispwisp.com\/wp-content\/uploads\/2018\/09\/v2-1033ae080128b6ccc2bbc99b8187aca9_r-300x138.jpg\" alt=\"\" width=\"291\" height=\"134\"><br>&nbsp;<br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u53d1\u73b0\u9664\u4e8680\u548c443\uff0c\u8fd8\u5f00\u7740\u4e00\u4e2a3128\uff0c\u8fd9\u4e2a\u53e3\u4e00\u822c\u662f\u7ed9squid\u7528\u7684\u3002 squid\u662fHTTP\/HTTPS proxy\uff0c\u5b83\u53ef\u4ee5\u5904\u7406http\uff0fhttps \u6d41\u91cf\uff0c\u5728\u4f60\u6ca1\u7ed9\u94b1\u7684\u65f6\u5019\uff0c\u8fd9\u4e2aproxy\u4f1a\u622a\u62e6\u4f60\u7684HTTP\/HTTPS\u8bf7\u6c42\uff0c\u7136\u540eredirect\u4f60\u53bb\u4ed8\u8d39\u7f51\u7ad9\u3002<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u5f53\u65f6\u7684\u731c\u60f3\u662f\u901a\u8fc7\u8fd9\u4e2a\u53e3\u522b\u7684\u79cd\u7c7b\u6d41\u91cf\u662f\u4e0d\u662f\u4e0d\u4f1a\u88ab\u6321\u4f4f\uff0c\u80fd\u88ab\u8f6c\u53d1\u5230\u5916\u7f51\u5462\uff0c\u9a8c\u8bc1\u540e\u53d1\u73b0\u662f\u7684\uff0c \u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5c31\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a3128\u53e3\uff0c\u521b\u9020\u4e00\u4e2aSSH tunnel\u5230\u4f60\u7684VPS, \u7136\u540e\u518d\u628a\u6240\u6709app\u7684\u6d41\u91cf\u5bfc\u5165\u90a3\u4e2atunnel\u91cc\u9762\u3002<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\u56e0\u4e3assh Tunnel \u91cc\u6240\u6709\u7684\u5305\u90fd\u662f\u52a0\u5bc6\u7684\uff0c\u6240\u4ee5squid proxy\u6ca1\u529e\u6cd5\u8bc6\u522b\u4f60\u53d1\u51fa\u53bb\u7684\u8bf7\u6c42\u662f\u4ec0\u4e48\u8bf7\u6c42\u3002\u8fd9\u662f\u4e3a\u4ec0\u4e48\u6211\u4eec\u4e0d\u80fd\u76f4\u63a5\u5728VPS \u8bbe\u7f6e proxy server\u7136\u540e\u8fde\u63a5\uff0c \u800c\u9700\u8981\u5229\u7528SSH tunnel\u7684\u539f\u56e0\u3002<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">\uff08\u63cf\u8ff0\u7684\u4e0d\u662f\u5f88\u597d\u3002\u3002\u81ea\u5df1\u4f53\u4f1a\u5427xD\uff09<\/span><br><span style=\"font-size: 14pt; font-family: helvetica, arial, sans-serif;\">proxifier \u7684\u4f5c\u7528\u5c31\u662f\u5e2e\u4f60\u628a\u6240\u6709app\u6d41\u91cf\uff0c\u5bfc\u5411127.0.0.1:3128<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u521b\u4f5c\u4e8e\u98de\u5f80Vegas, \u53c2\u52a0DEF CON\u7684\u98de\u673a\u2708\ufe0f\u4e0a. \u5229\u7528SSH Tunnel \u514d\u8d39\u4f7f\u7528\u7a7a\u4e2d Wifi gogoinflight \u662f\u7f8e\u56fd\u90e8\u5206\u98de\u673a\u4e0a\u63d0\u4f9b\u7684\u6536\u8d39Wifi \u670d\u52a1\uff1a &nbsp;\u5148\u8bf4\u65b9\u6cd5\uff0c\u539f\u7406\u653e\u540e\u9762\uff0c\u6709\u5174\u8da3\u7684\u53ef\u4ee5\u53bb\u8bfb1. \u9996\u5148\uff0c\u4f60\u9700\u8981\u6709\u4e00\u4e2aVPS(Virtual Private Server)\u6211\u7528hostwinds\u7684\uff0c\u6700\u4fbf\u5b9c\u53ea\u89814$\u4e00\u4e2a\u6708\uff0c\u5e73\u65f6\u53ef\u4ee5\u62ff\u6765\u5f39\u5f39reverse shell xDD&nbsp;2. \u5728\u767b\u673a\u524d\uff0c\u4fee\u6539VPS\u91cc\u7684 \/etc\/sshd_config, \u628assh\u53e3\u5f00\u57283128(\u540e\u9762\u89e3\u91ca\u4e3a\u4ec0\u4e48)&nbsp;3. \u8d77\u98de\u540e\u7b49gogoinflight\u80fd\u8fde\u4e0a\u540e\uff0c\u5728\u672c\u5730\u521b\u5efassh tunnel:\u628aip\u5730\u5740\u4fee\u6539\u6210\u4f60VPS\u7684\u5730\u5740.[code]ssh -D 3128 -f -C -q -N root@ip -p 3128[\/code]&nbsp;4. (\u98de\u673a\u8d77\u98de\u524d)\u4e0b\u8f7d\u795e\u5668proxifier:&nbsp;https:\/\/www.proxifier.com\/\u8bbe\u7f6e\u4f7f\u7528SOCKS Version 5, \u5730\u5740127.0.0.1, Port 3128&nbsp;5. \u7edd\u5927\u90e8\u5206app\uff0c\u6d4f\u89c8\u5668\u90fd\u53ef\u4ee5\u8fde\u7f51\u4e86\u4eab\u53d7\u514d\u8d39\u7684\u7a7a\u4e2dWiFi \ud83d\ude42BlueStacks \u4e0a\u5fae\u4fe1\uff1a\u624b\u673a\u8981\u4e0a\u7f51\u7684\u8bdd\uff0c\u8981\u8ba9mac\u5206\u4eab\u7f51\u7edc\uff0c\u7136\u540e\u542f\u7528mac\u4e0a\u7684\u6d41\u91cf\u8f6c\u53d1, \u628a\u4ece\u624b\u673a\u6765\u7684\u6d41\u91cf\uff0c\u8f6c\u53d1\u5230127.0.0.1:3128. \uff08\u5728mac\u4e0a\u5f00\u6d41\u91cf\u8f6c\u53d1\u64cd\u4f5c\u8d77\u6765\u53ef\u4ee5\u8bf4\u975e\u5e38\u9ebb\u70e6 -\u3002-\uff0c \u5c31\u61d2\u7684\u641e\u4e86\uff09 \u4e0b\u6b21\u6709\u673a\u4f1a\u8bd5\u8bd5socat&nbsp; &nbsp;\u539f\u7406\uff1a\u4e0a\u4e00\u6b21(\u597d\u4e45\u4e4b\u524d\u4e86lol)\u5750\u98de\u673a\u5c31\u53d1\u73b03128\u53e3\u7684\u6545\u4e8b\uff0c\u90a3\u65f6\u5019\u6ca1\u6709\u81ea\u5df1\u7684VPS\uff0c\u8fd9\u4ef6\u4e8b\u4e00\u76f4\u6302\u5728\u5fc3\u4e0a\uff0c\u4eca\u5929\u7ec8\u4e8e\u6709\u673a\u4f1a\u518d\u6b21\u5c1d\u8bd5\u3002\u8fde\u4e0a\u7a7a\u4e2dgogoinflight Wifi\uff1a&nbsp;\u5f00Wireshark\uff0c\u968f\u4fbf\u6d4f\u89c8\u4e00\u4e2a\u7f51\u9875,&nbsp;\u53ef\u4ee5\u770b\u5230\u7edd\u5927\u90e8\u5206\u7684ip\u662f\u4e0d\u80fd\u8fde\u63a5\u7684\uff1a\u4f46\u662f\u6709\u90a3\u4e48\u51e0\u4e2aip \u662f\u53ef\u4ee5\u8fde\u4e0a\u7684,&nbsp;\u6bd4\u598296.17.10.19\u548c 10.241.151.31nmap\u626b\u8fd9\u4e24\u4e2aip\uff1a&nbsp;&nbsp;\u53d1\u73b0\u9664\u4e8680\u548c443\uff0c\u8fd8\u5f00\u7740\u4e00\u4e2a3128\uff0c\u8fd9\u4e2a\u53e3\u4e00\u822c\u662f\u7ed9squid\u7528\u7684\u3002 squid\u662fHTTP\/HTTPS proxy\uff0c\u5b83\u53ef\u4ee5\u5904\u7406http\uff0fhttps \u6d41\u91cf\uff0c\u5728\u4f60\u6ca1\u7ed9\u94b1\u7684\u65f6\u5019\uff0c\u8fd9\u4e2aproxy\u4f1a\u622a\u62e6\u4f60\u7684HTTP\/HTTPS\u8bf7\u6c42\uff0c\u7136\u540eredirect\u4f60\u53bb\u4ed8\u8d39\u7f51\u7ad9\u3002\u5f53\u65f6\u7684\u731c\u60f3\u662f\u901a\u8fc7\u8fd9\u4e2a\u53e3\u522b\u7684\u79cd\u7c7b\u6d41\u91cf\u662f\u4e0d\u662f\u4e0d\u4f1a\u88ab\u6321\u4f4f\uff0c\u80fd\u88ab\u8f6c\u53d1\u5230\u5916\u7f51\u5462\uff0c\u9a8c\u8bc1\u540e\u53d1\u73b0\u662f\u7684\uff0c \u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5c31\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a3128\u53e3\uff0c\u521b\u9020\u4e00\u4e2aSSH tunnel\u5230\u4f60\u7684VPS, \u7136\u540e\u518d\u628a\u6240\u6709app\u7684\u6d41\u91cf\u5bfc\u5165\u90a3\u4e2atunnel\u91cc\u9762\u3002\u56e0\u4e3assh Tunnel [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/posts\/69"}],"collection":[{"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/comments?post=69"}],"version-history":[{"count":8,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":710,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/posts\/69\/revisions\/710"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/media\/700"}],"wp:attachment":[{"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/media?parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/categories?post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wispwisp.com\/index.php\/wp-json\/wp\/v2\/tags?post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}