search

ehang-io / nps

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
https://ehang.io/nps/documents
GNU General Public License v3.0
29.71k stars 5.36k forks source link

有木马,千万别用 #1264

Open freeflyfree opened 6 months ago

freeflyfree commented 6 months ago

我才用了两天,我的电脑密码就被改了,我的密码有字母,有数字,有符号,以前从来没有发生过,用了这个就马上被别人入侵了。安装的时候,杀毒软件提示有木马,我就想应该是误报,谁知道!

linsan970809 commented 6 months ago

这个不是开源的吗?有木马的话自己看源代码自己编译啊

freeflyfree commented 6 months ago

这个不是开源的吗?有木马的话自己看源代码自己编译啊

可惜我不是直接用的源码编译, 用的是编译好的, 我想大部分人应该用的都是编译好的版本, 所以在前面有人说最好用源码自己编译,不要用编译好的版本.

akarikun commented 6 months ago

之前曝光过默认配置有漏洞,要改一下,可以google搜一下

GXJ6 commented 6 months ago

怎么更改呢

zhthy commented 5 months ago

这个好久没更新了,有漏洞的。你可以去用别人改的版本,也可以自己修复一下。https://blog.hgtrojan.com/index.php/archives/247/ 上面这篇博文的评论区有修复教程。 这个是别人推出漏洞修复版: https://github.com/yisier/nps

xrmhxj commented 4 months ago

漏洞挺严重的 https://github.com/weishen250/npscrack

qq45842257qq commented 4 months ago

腾讯云发提醒短信了。

atomsi commented 1 week ago

0.26.10版本有确定的SSH字典攻击,只要启动npc,在secure日志中就可以看到大量的ssh攻击,我也是花费了几天的时间查清楚的,幸好没有被攻破。 Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2 Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth] Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754 Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2 Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth] Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172 Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2 Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth] Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2 Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth]

xrmhxj commented 1 week ago

是的,这个是有鉴权漏洞,Github中搜索一下就能找到

------------------ 原始邮件 ------------------ 发件人: atomsi @.> 发送时间: 2024年6月21日 01:57 收件人: ehang-io/nps @.> 抄送: xrmhxj @.>, Comment @.> 主题: Re: [ehang-io/nps] 有木马,千万别用 (Issue #1264)

0.26.10版本有确定的SSH字典攻击,只要启动npc,在secure日志中就可以看到大量的ssh攻击,我也是花费了几天的时间查清楚的,幸好没有被攻破。 Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2 Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth] Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754 Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2 Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth] Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172 Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2 Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth] Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2 Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth]

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>