├── README.md ├── lcx_mod ├── README.txt └── lcx.cpp └── socks5tran └── src ├── Makefile ├── README.txt ├── socks5tran.cpp └── socks5tran.h /README.md: -------------------------------------------------------------------------------- 1 | # s5relay 2 | 用于端口转发的多线程内网渗透工具,改进并整合网络著名开源程序HTran、lcx。 3 | -------------------------------------------------------------------------------- /lcx_mod/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trist725/s5relay/56959fc4416937f71c08cd659f41c26e51df96e3/lcx_mod/README.txt -------------------------------------------------------------------------------- /lcx_mod/lcx.cpp: -------------------------------------------------------------------------------- 1 | 2 | #define OUTPUT_DEBUG 1 3 | #if OUTPUT_DEBUG 4 | #define PRINT(fmt, ...) fprintf(stdout, fmt, ##__VA_ARGS__) 5 | #else 6 | #define PRINT(fmt, ...) 7 | #endif 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #pragma comment(lib, "ws2_32.lib") 17 | #define VERSION "2.00" 18 | #define TIMEOUT 300 19 | #define MAXSIZE 20480 20 | #define HOSTLEN 40 21 | #define CONNECTNUM 1024 22 | 23 | unsigned __stdcall transmitdata(LPVOID data); 24 | void getctrlc(int j); 25 | int create_socket(); 26 | int create_server(int sockfd, int port); 27 | 28 | // define GLOBAL variable here 29 | int maxfd = 0; 30 | struct arg_t 31 | { 32 | int fd; 33 | char **argv; 34 | }; 35 | 36 | void usage(const char* prog) 37 | { 38 | PRINT("lcx mod by Tristone,version :%s\r\n", VERSION); 39 | PRINT("usage:\r\n%s port1 port2\r\n", prog); 40 | } 41 | 42 | int main(int argc, char* argv[]) 43 | { 44 | if (argc < 3) 45 | { 46 | usage(argv[0]); 47 | return 1; 48 | } 49 | // Win Start Winsock. 50 | WSADATA wsadata; 51 | WSAStartup(MAKEWORD(1, 1), &wsadata); 52 | 53 | signal(SIGINT, &getctrlc); 54 | 55 | SOCKET sc = create_socket(); 56 | create_server(sc, atoi(argv[2])); 57 | sockaddr_in scAddr; 58 | 59 | fd_set fdrset, rsettmp; 60 | FD_ZERO(&fdrset); 61 | FD_ZERO(&rsettmp); 62 | FD_SET(sc, &rsettmp); 63 | while (1) 64 | { 65 | fdrset = rsettmp; 66 | int ret = select(0, &fdrset, NULL, NULL, NULL); 67 | if ((ret < 0) && (errno != EINTR)) 68 | { 69 | printf("[-] Select error on main():\r\n"); 70 | char buf[100] = { 0 }; 71 | strerror_s(buf, sizeof(buf), errno); 72 | printf("%s\r\n", buf); 73 | continue; 74 | } 75 | else if (ret == 0) 76 | { 77 | printf("[-] Socket time out.\r\n"); 78 | continue; 79 | } 80 | 81 | int addrlen = sizeof(scAddr); 82 | if (FD_ISSET(sc, &fdrset)) 83 | { 84 | PRINT("accept wait socks client\r\n"); 85 | int acSc = accept(sc, (sockaddr *)&scAddr, &addrlen); 86 | if (acSc <= 0) 87 | { 88 | PRINT("accept socks client error: %ld\r\n", WSAGetLastError()); 89 | continue; 90 | } 91 | arg_t* parg = new arg_t; 92 | parg->argv = argv; 93 | parg->fd = acSc; 94 | if (!_beginthreadex(NULL, 0, transmitdata, (LPVOID)parg, 0, NULL)) 95 | { 96 | delete parg; 97 | PRINT("CreateThread on main error \r\n"); 98 | break; 99 | } 100 | } 101 | } 102 | 103 | WSACleanup(); 104 | //system("pause"); 105 | return 0; 106 | } 107 | 108 | //************************************************************************************ 109 | // 110 | // Socket Transmit to Socket 111 | // 112 | //************************************************************************************ 113 | unsigned __stdcall transmitdata(LPVOID data) 114 | { 115 | printf("[+] CreateThread to transmitdata OK!\r\n\n"); 116 | 117 | arg_t *parg = (arg_t *)data; 118 | int fd1 = parg->fd; 119 | char **argv = parg->argv; 120 | delete parg; 121 | 122 | SOCKET slave = create_socket(); 123 | create_server(slave, atoi(argv[1])); 124 | 125 | sockaddr_in slAddr; 126 | int addrlen = sizeof(slAddr); 127 | PRINT("accept port = %d\r\n", atoi(argv[1])); 128 | int fd2 = accept(slave, (sockaddr *)&slAddr, &addrlen); 129 | if (fd2 <= 0) 130 | { 131 | PRINT("accept socks client error: %ld\r\n", WSAGetLastError()); 132 | closesocket(fd1); 133 | closesocket(slave); 134 | return 1; 135 | } 136 | PRINT("accept a fd = %d on transmitdata\r\n", fd2); 137 | closesocket(slave); 138 | fd_set readfd, writefd; 139 | int result, i = 0; 140 | char read_in1[MAXSIZE], send_out1[MAXSIZE]; 141 | char read_in2[MAXSIZE], send_out2[MAXSIZE]; 142 | int read1 = 0, totalread1 = 0, send1 = 0; 143 | int read2 = 0, totalread2 = 0, send2 = 0; 144 | int sendcount1, sendcount2; 145 | int maxfd; 146 | struct sockaddr_in client1, client2; 147 | int structsize1, structsize2; 148 | char host1[20], host2[20]; 149 | int port1 = 0, port2 = 0; 150 | char tmpbuf[100]; 151 | 152 | memset(host1, 0, 20); 153 | memset(host2, 0, 20); 154 | memset(tmpbuf, 0, 100); 155 | 156 | structsize1 = sizeof(struct sockaddr); 157 | structsize2 = sizeof(struct sockaddr); 158 | 159 | if (getpeername(fd1, (struct sockaddr *)&client1, &structsize1)<0) 160 | { 161 | //strcpy(host1, "fd1"); 162 | strcpy_s(host1, sizeof(host1), "fd1"); 163 | } 164 | else 165 | { 166 | // printf("[+]got, ip:%s, port:%d\r\n",inet_ntoa(client1.sin_addr),ntohs(client1.sin_port)); 167 | //strcpy(host1, inet_ntoa(client1.sin_addr)); 168 | strcpy_s(host1, sizeof(host1), inet_ntoa(client1.sin_addr)); 169 | port1 = ntohs(client1.sin_port); 170 | } 171 | 172 | if (getpeername(fd2, (struct sockaddr *)&client2, &structsize2)<0) 173 | { 174 | //strcpy(host2, "fd2"); 175 | strcpy_s(host2, sizeof(host2), "fd2"); 176 | } 177 | else 178 | { 179 | // printf("[+]got, ip:%s, port:%d\r\n",inet_ntoa(client2.sin_addr),ntohs(client2.sin_port)); 180 | // strcpy(host2, inet_ntoa(client2.sin_addr)); 181 | strcpy_s(host2, sizeof(host2), inet_ntoa(client2.sin_addr)); 182 | port2 = ntohs(client2.sin_port); 183 | } 184 | 185 | printf("[+] Start Transmit (%s:%d <-> %s:%d) ......\r\n\n", host1, port1, host2, port2); 186 | 187 | maxfd = max(fd1, fd2) + 1; 188 | memset(read_in1, 0, MAXSIZE); 189 | memset(read_in2, 0, MAXSIZE); 190 | memset(send_out1, 0, MAXSIZE); 191 | memset(send_out2, 0, MAXSIZE); 192 | 193 | while (1) 194 | { 195 | FD_ZERO(&readfd); 196 | FD_ZERO(&writefd); 197 | 198 | FD_SET((UINT)fd1, &readfd); 199 | //FD_SET((UINT)fd1, &writefd); 200 | //FD_SET((UINT)fd2, &writefd); 201 | FD_SET((UINT)fd2, &readfd); 202 | 203 | result = select(maxfd, &readfd, &writefd, NULL, NULL); 204 | if ((result<0) && (errno != EINTR)) 205 | { 206 | printf("[-] Select error.\r\n"); 207 | break; 208 | } 209 | else if (result == 0) 210 | { 211 | printf("[-] Socket time out.\r\n"); 212 | continue; 213 | //break; 214 | } 215 | 216 | if (FD_ISSET(fd1, &readfd)) 217 | { 218 | printf("FD_ISSET(fd1, &readfd)\r\n"); 219 | /* must < MAXSIZE-totalread1, otherwise send_out1 will flow */ 220 | if (totalread10) 249 | { 250 | send1 = send(fd2, send_out1 + sendcount1, totalread1, 0); 251 | if (send1 == 0)break; 252 | if ((send1<0) && (errno != EINTR)) 253 | { 254 | printf("[-] Send to fd2 unknow error.\r\n"); 255 | err = 1; 256 | break; 257 | } 258 | 259 | if ((send1<0) && (errno == ENOSPC)) break; 260 | sendcount1 += send1; 261 | totalread1 -= send1; 262 | 263 | printf(" Send %5d bytes %16s:%d\r\n", send1, host2, port2); 264 | } 265 | 266 | if (err == 1) break; 267 | if ((totalread1>0) && (sendcount1>0)) 268 | { 269 | /* move not sended data to start addr */ 270 | memcpy(send_out1, send_out1 + sendcount1, totalread1); 271 | memset(send_out1 + totalread1, 0, MAXSIZE - totalread1); 272 | } 273 | else 274 | { 275 | memset(send_out1, 0, MAXSIZE); 276 | } 277 | FD_CLR((UINT)fd2, &writefd); 278 | } 279 | 280 | if (FD_ISSET(fd2, &readfd)) 281 | { 282 | printf("FD_ISSET(fd2, &readfd)\r\n"); 283 | if (totalread20) 308 | { 309 | send2 = send(fd1, send_out2 + sendcount2, totalread2, 0); 310 | if (send2 == 0) 311 | { 312 | printf("connection maybe close, fd = %d \r\n", fd1); 313 | closesocket(fd1); 314 | } 315 | else if ((send2<0) && (errno != EINTR)) 316 | { 317 | printf("[-] Send to fd1 unknow error.\r\n"); 318 | err2 = 1; 319 | break; 320 | } 321 | if ((send2<0) && (errno == ENOSPC)) break; 322 | sendcount2 += send2; 323 | totalread2 -= send2; 324 | 325 | printf(" Send %5d bytes %16s:%d\r\n", send2, host1, port1); 326 | } 327 | if (err2 == 1) break; 328 | if ((totalread2>0) && (sendcount2 > 0)) 329 | { 330 | /* move not sended data to start addr */ 331 | memcpy(send_out2, send_out2 + sendcount2, totalread2); 332 | memset(send_out2 + totalread2, 0, MAXSIZE - totalread2); 333 | } 334 | else 335 | { 336 | memset(send_out2, 0, MAXSIZE); 337 | } 338 | FD_CLR((UINT)fd1, &writefd); 339 | } 340 | } 341 | 342 | closesocket(fd1); 343 | closesocket(fd2); 344 | printf("\r\n[+] OK! I Closed The Two Socket.\r\n"); 345 | return 0; 346 | } 347 | 348 | void getctrlc(int j) 349 | { 350 | printf("\r\n[-] Received Ctrl+C\r\n"); 351 | exit(0); 352 | } 353 | 354 | int create_socket() 355 | { 356 | int sockfd; 357 | 358 | sockfd = socket(AF_INET, SOCK_STREAM, 0); 359 | if (sockfd<0) 360 | { 361 | printf("[-] Create socket error.\r\n"); 362 | return(0); 363 | } 364 | maxfd = maxfd > sockfd ? maxfd : sockfd; 365 | return(sockfd); 366 | } 367 | 368 | int create_server(int sockfd, int port) 369 | { 370 | struct sockaddr_in srvaddr; 371 | int on = 1; 372 | 373 | memset(&srvaddr, 0, sizeof(struct sockaddr)); 374 | 375 | srvaddr.sin_port = htons(port); 376 | srvaddr.sin_family = AF_INET; 377 | srvaddr.sin_addr.s_addr = htonl(INADDR_ANY); 378 | 379 | setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char*)&on, sizeof(on)); //so I can rebind the port 380 | 381 | if (bind(sockfd, (struct sockaddr *)&srvaddr, sizeof(struct sockaddr))<0) 382 | { 383 | printf("[-] Socket bind error.\r\n"); 384 | return(0); 385 | } 386 | 387 | if (listen(sockfd, CONNECTNUM)<0) 388 | { 389 | printf("[-] Socket Listen error.\r\n"); 390 | return(0); 391 | } 392 | maxfd = maxfd > sockfd ? maxfd : sockfd; 393 | PRINT("create_server OK!\r\n"); 394 | return(1); 395 | } 396 | 397 | -------------------------------------------------------------------------------- /socks5tran/src/Makefile: -------------------------------------------------------------------------------- 1 | cCC = g++ 2 | 3 | DEBUG=1 4 | STATIC=1 5 | 6 | ELF = server 7 | ROOTSRC = $(wildcard *.cpp) 8 | ROOTOBJ = $(ROOTSRC:%.cpp = %.o) 9 | 10 | ifeq ($(DEBUG),1) 11 | PARAMETER1 = -g 12 | else 13 | PARAMETER1 = -O2 14 | endif 15 | 16 | ifeq ($(STATIC),1) 17 | PARAMETER2 = -static 18 | else 19 | PARAMETER2 = 20 | endif 21 | 22 | $ELF:$(ROOTOBJ) 23 | $(cCC) $(PARAMETER1) $(PARAMETER2) -o $(ELF) $(ROOTOBJ) -lpthread 24 | clean: 25 | rm -rf *.o $(ELF) 26 | -------------------------------------------------------------------------------- /socks5tran/src/README.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 更新说明: 4 | 5 | V0.2 6 | 1.使程序支持多客户端连接; 7 | 2.增加Makfile 8 | 9 | V0.1: 10 | 11 | 0.整合了socks5服务端和htran的slave功能,并改进了数据收发模型; 12 | 1.编译命令:g++ socks5tran.cpp -o st -lpthread , st为可执行文件名; 13 | 2.执行st会有使用说明; 14 | 3.示例: ./st ip1 port1 port2 ,其中ip1、port1为欲连接的lcx的IP和端口,port2为本机socks5服务端使用的端口,可设为任意未被占用的端口号; 15 | 4.运行若提示无权限,请以root权限执行命令; 16 | 5.socks用户名和密码暂时写死为user= 111111 ,psw= 222222 。 17 | 18 | 编译命令: 19 | make 20 | 清除命令: 21 | make clean 22 | 23 | 可根据需要修改Makefile文件头的变量实现不同级别编译 24 | Makefile修改参数说明: 25 | DEBUG=1 编译时加入调试参数 26 | DEBUG=0 编译时不加入调试参数且程序以O2级别优化 27 | STATIC=1 优先以静态方式编译 28 | STATIC=0 以默认动态方式编译 29 | 30 | 当以STATIC方式编译,会有警告,不推荐使用。 31 | 警告: 32 | warning: Using 'XXXXXX' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking 33 | 原因: 34 | 1.glibc这些动态库的存在本身的目的就是为了能让在一台机器上编译好的库能够比较方便的移到另外的机器上,静态编译了它反而不美,偏离初衷; 35 | 2.出现以上警告原因是由于网络编程的一些接口还是需要动态库的支持才可以运行,许多glibc的函数都存在这样的问题; 36 | 3.对一些第三方工具不友好,如valgrind内存泄露检测工具; 37 | 4.影响某些库的性能。 38 | 39 | 40 | 数据转发流程: 41 | 42 | real server <--> socks server <--> tran(slave) <--> tran(listen) <--> socks client 43 | 44 | 45 | -------------------------------------------------------------------------------- /socks5tran/src/socks5tran.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trist725/s5relay/56959fc4416937f71c08cd659f41c26e51df96e3/socks5tran/src/socks5tran.cpp -------------------------------------------------------------------------------- /socks5tran/src/socks5tran.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trist725/s5relay/56959fc4416937f71c08cd659f41c26e51df96e3/socks5tran/src/socks5tran.h --------------------------------------------------------------------------------