Giter Club home page Giter Club logo

neo-regeorg's Issues

换了一个没有负载均衡的php环境,还是报错

PHP版本5.3.8;浏览器可以正常访问,
curl http://114.114.114.114/watermark/201808/tunnel.php
返回
本机执行命令后显示连接正常,设置好proxifier后尝试连接114.114.114.114对应的192.168.8.51就报错
+------------------------------------------------------------------------+
Log Level set to [ERROR]
Starting socks server [127.0.0.1:8888], tunnel at [http://114.114.114.114/watermark/201808/tunnel.php]
+------------------------------------------------------------------------+
[�[1m�[1;33mCRITICAL�[0m�[0m] Bad KEY or non-neoreg server
[�[1m�[1;31mERROR�[0m �[0m] [RUN] [192.168.8.55:81] Remote failed
Exception in thread Thread-1:
Traceback (most recent call last):
File "C:\Python3.7.7\lib\threading.py", line 926, in _bootstrap_inner
self.run()
File "D:\Neo-reGeorg\neoreg.py", line 415, in run
if self.handleSocks(self.pSocket):
File "D:\Neo-reGeorg\neoreg.py", line 261, in handleSocks
return self.parseSocks5(sock)
File "D:\Neo-reGeorg\neoreg.py", line 225, in parseSocks5
raise RemoteConnectionFailed("[%s:%d] Remote failed" % (target, targetPortNum))
RemoteConnectionFailed: [192.168.8.55:81] Remote failed

不知是不是使用方法不对还是什么问题?确定连接key没有错,请指教。

bug?

python neoreg.py generate -k password -f 404.html --httpcode 404

[ Github ] https://github.com/L-codes/neoreg

+------------------------------------------------------------------------+
Log Level set to [INFO]
Starting socks server [127.0.0.1:1080]
Tunnel at:
http://192.168.122.1:8080/tunnel.jsp
+------------------------------------------------------------------------+
[INFO ] Checking if Georg is ready
Traceback (most recent call last):
File "neoreg.py", line 673, in
askGeorg(conn, urls, redirect_urls)
File "neoreg.py", line 461, in askGeorg
log.error('Expect Response: ' + BASICCHECKSTRING[0:100])
TypeError: can only concatenate str (not "bytes") to str

404.html content:
page is not found!

提个小问题

看了一下源码,其实一些关键head头还是比较明显的

how to use -r ?

How to use the parameter -r ? Support Exchange aspx?
Example:
Load balancing
Server 1 is 19.16.1.120 with neo-regeorg test.aspx, intranet ip is 172.10.10.120
Server 2 is 19.16.1.121 without new-regeorg, intranet ip is 172.10.10.121

pthon3 neoreg.py -u https://19.16.1.120/test.aspx -k passssss-r https://172.10.10.120/test.aspx

If it accessed 19.16.1.121, got 404:
[INFO] Checking if Georg is ready
[WARNING] Using redirection will affect performance when the response code >= 400
[WARNING] Expect Response: b''
[WARNING] Real Response: b'\r\n\r\n \r\n <title>The resource cannot be found.</title>\r\n <'
[ERROR] Georg is not ready, please check URL and KEY. rep: [404] Not Found
[ERROR] You can set the --skip parameter to ignore errors

If it accessed 19.16.1.120, got 200, but Response is null:
[INFO] Checking if Georg is ready
[WARNING] Expect Response: b''
[WARNING ] Real Response: b''
[ERROR] Georg is not ready, please check URL and KEY. rep: [200] OK
[ERROR] You can set the --skip parameter to ignore errors

But if I do not use -r, and if it accessed 19.16.1.120, everything is right.

应对容器对数据返回前后追加内容的解决办法

遇到问题

  • 在使用Neo-reGeorg进行实战时遇到了一个bug,目标服务器在返回的http数据中,强行把原始的页面代码前后加入了一些html标签。导致neoreg.py在读取数据进行解码时出现错误,无法完成代理。
  • 返回数据类似于这样:
<html><p>原始base64数据Hr862cRcRES_9AFMojsEHA</p></html>
  • 错误信息:
    错误图片

解决思路

我阅读了neoreg.py源代码和对应的webshell源代码,尝试修改,通过在返回数据中加入标识,再使用正则匹配来解决这个问题。

  • 修改neoreg.py
# 在session类的reader函数中,加入数据处理函数
def mapping_body(self, data):
    re_pattern = self.session_mark() + r'(.*?)' + self.session_mark()  # 使用内置的mark关键值对响应数据进行处理
    re_metch_result = re.search(re_pattern, data)
    if re_metch_result:
        return re_metch_result.group(1)
    else:
        return ''

# 使用新加函数对requests返回数据的处理
if status == V["OK"]:
    data = self.mapping_body(response.content) # 添加mapping_body函数,正则处理返回数据
    if len(data) == 0:
        sleep(READINTERVAL)
        continue
    else:
        data = self.decode_body(data)
  • 修改templates/tunnel.php
// 直接修改echo
if ($running) {
    header('X-STATUS: OK');
    header("Connection: Keep-Alive");
    echo $mark . strtr(base64_encode($readBuffer), $en, $de) . $mark;  // 直接拼接mark
} else {
    header('X-STATUS: FAIL');
}
  • 修改templates/tunnel.aspx
while (c > 0) {
    byte[] newBuff = new byte[c];
    System.Buffer.BlockCopy(readBuff, 0, newBuff, 0, c);
    string b64 = Convert.ToBase64String(newBuff);
    Response.BinaryWrite(mark + Encoding.Default.GetBytes(StrTr(b64, en, de)) + mark); // 输出时拼接mark关键字 
    readLen += c;
    if (c < READBUF || readLen >= maxRead)
        break;
    c = s.Receive(readBuff);
}
  • 修改templates/tunnel.ashx
while (c > 0) {
    byte[] newBuff = new byte[c];
    System.Buffer.BlockCopy(readBuff, 0, newBuff, 0, c);
    string b64 = Convert.ToBase64String(newBuff);
    context.Response.BinaryWrite(mark + System.Text.Encoding.Default.GetBytes(StrTr(b64, en, de)) + mark ); // 输出时拼接mark关键字 
    readLen += c;
    if (c < READBUF || readLen >= maxRead)
        break;
    c = s.Receive(readBuff);
}
  • 修改templates/tunnel.jsp

  • 修改templates/tunnel.jspx

还需要解决

  • 在处理jsp和jspx脚本时,发现脚本使用ClassLoader的方式进行加载,无法直接修改
  • 能否提供jsp、jspx版本的中clazzBytes对用原始代码,或者提供修改后byteArray

建议对请求做更多的伪装

现在的包是这样的

GET /t.php HTTP/1.1
Host: myweibo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Ghqgvikywyowmvo: UiTmMveJTNWkkm8wRUn4VwHBfkng
Yuwjttakkvh: wmwm501dsNWz50F/Q9icFyI=
Cookie: PHPSESSID=7tpphjesf30a2rbudhodsl62ej;

请求头里这两项看起来就比较奇怪,移到Cookie里看上去要正常些

Ghqgvikywyowmvo: UiTmMveJTNWkkm8wRUn4VwHBfkng
Yuwjttakkvh: wmwm501dsNWz50F/Q9icFyI=

变成

GET /t.php HTTP/1.1
Host: myweibo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Cookie: PHPSESSID=7tpphjesf30a2rbudhodsl62ej; Ghqgvikywyowmvo=UiTmMveJTNWkkm8wRUn4VwHBfkng; Yuwjttakkvh= wmwm501dsNWz50F/Q9icFyI=

或者更进一步对这两行编码下,在Cookie里变成下面这样,Auth从一堆类似词里随机选取

GET /t.php HTTP/1.1
Host: myweibo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Cookie: PHPSESSID=7tpphjesf30a2rbudhodsl62ej; Auth=xxxxx

Readme translation

This improved version looks sick, can you just translate the README in english please? Or move the actual readme to README.XX.md where XX is the country code of the language it is written and make a README.md or README.en.md in english.

window+jboss+jdk1.6下500报错

OS 名称: Microsoft Windows Server 2012 R2 Datacenter
OS 版本: 6.3.9600 暂缺 Build 9600
java.runtime.version = 1.6.0_14-b08
jboss

使用冰蝎可以进行正向代理,neo会报错500

下载流量过大时,不能实时同步socket的IO内容

例如我们在Neo-reGeorg通道观看视频或者是下载较大的文件>20mb

我注意到服务端的在有数据的情况下总是在读取 这会导致堵塞 应当设置一个阀值 达到这个阀值之后停止读取

bug1

你应该改成这样

fix

i got error 403 for all websites

+------------------------------------------------------------------------+
Log Level set to [WARNING]
Starting socks server [127.0.0.1:1080]
Tunnel at:
https://www.example.de/files/iamges/tunnel.ashx
+------------------------------------------------------------------------+
[ERROR ] [FORWARD] [216.58.215.238:80] HTTP [403]: Shutting down
[ERROR ] [FORWARD] [52.143.255.96:80] HTTP [403]: Shutting down

本地连接一直报错

win10 ,python3.7环境
[�[1m�[1;31mERROR�[0m �[0m] Georg is not ready, please check url. rep: [404] Not Found

在docker wordpress容器下不成功,,

在docker wordpress容器下不成功,,
我用的 wordpress 镜像是 wordpress:php7.2-apache
举例:我通过代理 putty 去连 192.168.1.4 : 22
在 192.168.1.4 机器上能看 到 22已经 建立连接,但是没有数据包返回,一直卡在那,
该怎么破!!

-h帮助信息写错了 

      --local-dns           Local read buffer, max data to be sent per
                            POST.(default: 2048 max: 2600)
      --read-buff Bytes     Local read buffer, max data to be sent per
                            POST.(default: 2048 max: 2600)

这里面的--local-dns描述写错了

NOT Cookie Response错误

系统:Windows10
环境:phpstudy_pro 8.1.0.6
php版本:php5.6.9和php7.3.4

[CRITICAL]  Bad KEY or non-neoreg server
[ERROR   ]  [RUN] [127.0.0.1:3389] [NOT Cookie Response] Remote failed
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
    self.run()
  File "neoreg.py", line 415, in run
    if self.handleSocks(self.pSocket):
  File "neoreg.py", line 261, in handleSocks
    return self.parseSocks5(sock)
  File "neoreg.py", line 225, in parseSocks5
    raise RemoteConnectionFailed("[%s:%d] [NOT Cookie Response] Remote failed" % (target, targetPortNum))
RemoteConnectionFailed: [127.0.0.1:3389] [NOT Cookie Response] Remote failed

tunnel.php和tunnel.nosocket.php都是一样的错误,用kali的LAMP倒是没问题。

希望兼容原版reGeorg连接

希望兼容原版reGeorg连接,遇到了一个工具注入的原版regeorg内存马,给作者提lssues改成Neo-reGeorg无果。

https error

[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed

proxy 服务监听报错 Errno 10013

宝塔 php8.0 环境 套的CF. 不知道为什么。不套CF也一样的结果。

Log Level set to [INFO]
Starting SOCKS5 server [127.0.0.1:1080]
Tunnel at:
https://www.xxxx.com/nat.php
+------------------------------------------------------------------------+
[INFO ] Checking if Georg is ready
[WARNING ] Server Session expired
[WARNING ] Automatically append Cookies: __cfduid=dcafee59db222c06c30d13673c175910f1613723661;PHPSESSID=1rp16km3ko7aagtn3ib62mnv9g;
[INFO ] Georg says, 'All seems fine'
[CRITICAL ] [Errno 10013]

aspx报错

The name 'HTTPCODE' does not exist in the current context

jdk <= 1.5.0 版本环境下编译失败

报错如下:

HTTP Status 500 -
type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: Unable to compile class for JSP

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <NetworkInterface>

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <InetAddress>

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type List is not generic; it cannot be parameterized with arguments <String>

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Can only iterate over an array or an instance of java.lang.Iterable


	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
	org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause

org.apache.jasper.JasperException: Unable to compile class for JSP

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <NetworkInterface>

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <InetAddress>

An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type List is not generic; it cannot be parameterized with arguments <String>

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0

An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Can only iterate over an array or an instance of java.lang.Iterable


	org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:84)
	org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:328)
	org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:414)
	org.apache.jasper.compiler.Compiler.compile(Compiler.java:297)
	org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
	org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
	org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:305)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
	org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.

Apache Tomcat/5.5.20

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.