dliv3 / venom Goto Github PK
View Code? Open in Web Editor NEWVenom - A Multi-hop Proxy for Penetration Testers
License: MIT License
Venom - A Multi-hop Proxy for Penetration Testers
License: MIT License
aarch64 架构的linux
我尝试了
agent_arm_eabi5
agent_linux_x86
agent_linux_x64
都无法运行
版本1.1.0,released on 10 Jun
在运行一段时间后,报错:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x53e5e6]
goroutine 13303 [running]:
github.com/Dliv3/Venom/admin/dispather.localSocks5Server(0x5d0200, 0xc00000e010, 0xc00005e2c0, 0x40, 0xc000110000, 0xc000044000, 0x1, 0x1)
/Users/dlive/Code/Go/src/github.com/Dliv3/Venom/admin/dispather/sender.go:427 +0xb6
created by github.com/Dliv3/Venom/netio.InitTCP.func1
/Users/dlive/Code/Go/src/github.com/Dliv3/Venom/netio/init.go:56 +0x1e1
no help message for the admin node id ? and how can I goto admin node ? I tried goto 0 and goto admin node which failed.
环境:windows tomcat
webshell运行agent 端口复用模式 成功连接,停止tomcat后,agent CPU占用百分之百
转发的话如果流量里面有视频流量或者非ascii之类的字符就不支持了。
frp和lcx没有这个问题:)
agent连admin,admin有节点了,很好。
但是我用完之后就退出admin,等两天我还想继续用,我又打开admin,但是agent不会自动练上来,那我岂不是又要跑到agent机器去重启程序?
我的需求是,一堆机器,先互相通过agent连接,然后admin可以随时连上某台agent对整个agent网络进行管理。
所以我做实验:A机器(win10) admin B机器(win7) agent
agent -lport 8888
admin -rhost 172.0.0.231 -rport 8888
admin连上之后show,就只有一个A,没有任何节点
难道A不能管理B吗?那A连上B之后有什么用?
不知道是不是BUG,信息如下。希望有一个断线重连的机制。
node disconnect: read tcp 192.168.43.30:58929->118.195.145.245:9930: wsarecv: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
还有上一个兄弟反应的无法跳转回admin节点的情况,只能在子节点之间跳转
通过继承net.Conn实现aes加密
https://github.com/00theway/Venom-crypt
很棒的项目,点赞!
另外有一个关于建立了 SOCKS5 连接后 DNS 无法解析的问题。在目标内网起了 agent,端口映射至 VPS,然后外网攻击机 admin 连接 VPS 的端口,建立好连接,起 SOCKS5 服务,在攻击机本地监听了 7777 端口,至此一切正常。
接着浏览器设置代理,代理本地 7777 端口,使攻击机可以访问目标内网的 web 服务,但是以域名访问时无法解析(例 wiki.xxx.com),以目标内网 IP 请求时可以访问,说明 DNS 请求没有通过 SOCKS5 隧道转发至 agent 去请求目标内网的 DNS 服务器。
奇怪了,SOCKS5 不是默认会连带 DNS 请求一起走隧道吗?测试了其他的突破内网访问限制的方式,比如 goagent,ssr 等,都出现了这种问题,求一波解答,感谢!
另外,在以域名访问时,agent 报错如下图:
hey,感谢您的工具,很不错
我在使用时发现了一些小bug
ENV:
admin node: Windows
victim node: Windows
(admin node) >>>
[+]Remote connection: 127.0.0.1:6754
[+]A new node connect to admin node success
(admin node) >>> shell
you should select node first
(admin node) >>> goto 1
node 1
(node 1) >>> shell
You can execute commands in this shell :D, 'exit' to exit.
Microsoft Windows [Version 10.0.17134.765]
(c) 2018 Microsoft Corporation。保留所有权利。
E:\GoWorkplace\src\github.com\Dliv3\Venom\agent>ls
ls
agent.exe
agent.go
cli
dispather
init
E:\GoWorkplace\src\github.com\Dliv3\Venom\agent>node disconnect: read tcp 127.0.0.1:4444->127.0.0.1:6754: wsarecv: An existing connection was forcibly closed by the remote host.
Ctrl-C
Ctrl-C
Ctrl-C
Ctrl-C
当victim关闭tcp连接后,admin节点卡死。研究后发现是因为通信的channel阻塞:
if shellPacketRet.Success == 1 {
c := make(chan bool, 2)
go CopyStdin2Node(os.Stdin, peerNode, c)
go CopyNode2Stdout(peerNode, os.Stdout, c)
<-c
<-c
...
func CopyNode2Stdout(input *node.Node, output io.Writer, c chan bool) {
for {
var packetHeader protocol.PacketHeader
var shellPacketRet protocol.ShellPacketRet
err := node.CurrentNode.CommandBuffers[protocol.SHELL].ReadPacket(&packetHeader, &shellPacketRet)
...
func (buffer *Buffer) ReadLowLevelPacket() (protocol.Packet, error) {
packet := <-buffer.Chan
// blocking here
我试着修复了该bug,已提交pr #2
还添加了goto
命令的节点0,与admin节点绑定。场景:当某个victim节点退出时命令行会继续显示(node 1)
,可以通过goto 0
跳转回(node admin)
,不过建议未来能根据路由动态更新命令提示符
我的环境为 内网肉鸡 IP :192.168.79.130(安装agent端)
公网机器IP : 118.118.118.118(假设)(安装admin端)
本机IP : 192.168.1.1
肉鸡通过运行了venome的agent 连接到了 公网机器
公网机器 goto 1 进入内网肉鸡的管理页面,运行socks 7777 按理说已经设置了socks5的代理
但是我本机 无法通过设置socks5 118.118.118.118:7777 来连接肉鸡架设的web页面
同样的 无法通过在node1 运行 lforward 127.0.0.1 8888 3389 把肉鸡的3389映射到公网机器的8888端口
通过本机访问118.118.118.118:8888 来访问肉鸡的3389
通过查阅其他人的文章,他们都是直接在内网中实验,例如
内网肉鸡 IP :192.168.79.130
kali机器IP : 192.168.79.1(安装admin端)
然后直接在kali中访问映射的端口如127.0.0.1:8888 我也测试过确实可以访问。
是不是意味着映射的端口只可以在本地访问,其他机器无法访问到映射的端口,或者是不是映射的端口只是允许本地访问。
ps: 我的vps的防火墙,业务组全部都是关的,测试过frp 没有问题。我想进行的是内网穿透
希望各位老师傅解答一下我的疑惑
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.