Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

poc:reverse-client-new: 新反连客户端不可用 原因: invalid character 'p' after top-level value #50

Open
zkj123 opened this issue Nov 19, 2024 · 20 comments

Comments

@zkj123
Copy link

zkj123 commented Nov 19, 2024

❯ ./xpoc_darwin_amd64 --disable reverse-client-dnslog
__ /\ /_. . _____
| |/ / / __./ __./ |
| /XRAY™/
/ / / / / /
/ . | / .
/ /
/ / /
.
/ /|
| / / _/_/
/v0.1.0/ cloud plugins: [426]
go load fail: go-poc-weaver-e-cology-oa-sql_injection-CT-787974.go.bin: go-poc-weaver-e-cology-oa-sql_injection-
poc:reverse-registry: XRAYKIT 注册了新反连: reverse-client-gunkit [registry.go:48]
poc:reverse-client-new: 新反连客户端不可用 原因: invalid character 'p' after top-level value [client.go:18]

@zkj123
Copy link
Author

zkj123 commented Nov 19, 2024

如何解决?

@4ra1n
Copy link

4ra1n commented Nov 20, 2024

看下你的配置文件

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

reverse_server_url: "http://0.0.0.0:9999/p/9c7cb4/HIn5/"

这配置错了

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

应该怎么配置?是这样配置http://0.0.0.0:9999/?

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

目前反连需要单独在自己的服务器部署,参考:https://docs.xray.cool/tools/xray/advanced/reverse

这里需要填写你的公网ip地址,有一些配置是不必要的,必要的我已在下方列出

module:
  reverse-registry:
    dns_server_ip: ""
    domain: ""
    http_base_url: http://公网ip:公网端口
    is_domain_name_server: false
    ldap_server_addr: ""
    reverse_server_url: ""
    rmi_server_addr: ""
    token: 公网反连的token
    wait_timeout: 5s

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

好的,感谢大佬,我再研究研究

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

在自己的公网服务器部署好反连后,理论上只需要我提供的这两个配置即可使用基本功能(dnslog功能不可用,http/rmi反连可用)

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

不可以部署在本地嘛,假如内网使用的话

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

xpoc 当前似乎是不支持

但是你可以用老 xray reverse,在本地开一个,然后 xpoc 设置成老 xray 的配置即可

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

就是用的 xray reverse做的反连,然后按照您的给配置我重新配置一遍还是不行,还是报这种错误:
poc:reverse-client-new: 新反连客户端不可用 原因: invalid character 'p' after top-level value [client.go:18]
至于您所说的xpoc 设置成老 xray 的配置这个如何配置,可以发下配置文件嘛

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

就是配置那两项,base url和token,配置成本地xray reverse的

你这个报错,是错误配置了其他东西应该,删除配置,重写生成一个新的 xpoc 的默认的配置,然后只改里面的这两处,不要改其他地方

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

比如 xray 端口是 12345 那base url就是 http://内网ip:12345 然后一个 token

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

图片 图片 图片 图片 还是不行

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

0.0.0.0 是监听地址,反连不能访问

你需要给一个能访问的地址,比如远程你poc打过去,远程访问 0.0.0.0 嘛,给一个远程能访问到的内网地址

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

图片 图片 图片

如果不配置reverse-client-new就报错未开启反连,配置了还是一样的报错

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

你现在没有报错,只是新反连不可用,新反连是内部测试的,你已经注册了 reverse-client-gunkit 可用

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

验证网址是否存在漏洞感觉跑不起来
图片

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

难道是有漏洞就有提示?

@4ra1n
Copy link

4ra1n commented Nov 21, 2024

新反连不可用不影响,用户要关注的只是 reverse-client-gunkit 不报错

@zkj123
Copy link
Author

zkj123 commented Nov 21, 2024

图片 我看这些插件Rule都是显示false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants