使用Shellinabox在浏览器进行ssh登录

• Shellinabox介绍
• Shellinabox安装
• 使用Ngrok将服务映射到外网

---

一. Shellinabox介绍

Shellinabox 是一个利用 Ajax 技术构建的基于 Web 浏览器的远程终端模拟器，安装该软件后，服务器端不需要开启 ssh服务，通过 Web 浏览器就可以对远程主机进行操作。使用http://IP:4200来登录到系统，在启用了SSL/TLS证书，需要用https://IP:4200来登录。默认情况下Shellinabox使用的是4200端口。

二. Shellinabox安装

1. 更新软件源

使用的是系统是Kali Linux 2019，在终端输入

root@kali:~# install shellinabox

如果提示无法找到包，请添加国内更新源

root@kali:~# vi /etc/apt/sources.list

//添加下列更新源
#国科大
deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib

#阿里云
deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib

2. Shellinabox参数

List of command line options:
  -b, --background[=PIDFILE]  run in background
  -c, --cert=CERTDIR          set certificate dir (default: $PWD)
      --cert-fd=FD            set certificate file from fd
      --css=FILE              attach contents to CSS style sheet
      --cgi[=PORTMIN-PORTMAX] run as CGI
  -d, --debug                 enable debug mode
  -f, --static-file=URL:FILE  serve static file from URL path
  -g, --group=GID             switch to this group (default: nogroup)
  -h, --help                  print this message
      --linkify=[none|normal|aggressive] default is "normal"
      --localhost-only        only listen on 127.0.0.1
      --no-beep               suppress all audio output
  -n, --numeric               do not resolve hostnames
  -m, --messages-origin=ORIGIN allow iframe message passing from origin
      --pidfile=PIDFILE       publish pid of daemon process
  -p, --port=PORT             select a port (default: 4200)
  -s, --service=SERVICE       define one or more services
  -t, --disable-ssl           disable transparent SSL support
      --disable-ssl-menu      disallow changing transport mode
      --disable-utmp-logging  disable logging to utmp and wtmp
  -q, --quiet                 turn off all messages
      --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket
  -u, --user=UID              switch to this user (default: nobody)
      --user-css=STYLES       defines user-selectable CSS options
  -v, --verbose               enable logging messages
      --version               prints version information
      --disable-peer-check    disable peer check on a session

Debug, quiet, and verbose are mutually exclusive.

One or more --service arguments define services that should be made available
through the web interface:
  SERVICE := <url-path> ':' APP
  APP     := 'LOGIN' | 'SSH' [ : <host> ] | USER ':' CWD ':' CMD
  USER    := 'AUTH' | <username> ':' <groupname>
  CWD     := 'HOME' | <dir>
  CMD     := 'SHELL' | <cmdline>

<cmdline> supports variable expansion:
  ${columns} - number of columns
  ${gid}     - gid id
  ${group}   - group name
  ${home}    - home directory
  ${lines}   - number of rows
  ${peer}    - name of remote peer
  ${realip}  - value of HTTP header field 'X-Real-IP'
  ${uid}     - user id
  ${url}     - the URL that serves the terminal session
  ${user}    - user name

One or more --user-css arguments define optional user-selectable CSS options.
These options show up in the right-click context menu:
  STYLES  := GROUP { ';' GROUP }*
  GROUP   := OPTION { ',' OPTION }*
  OPTION  := <label> ':' [ '-' | '+' ] <css-file>

OPTIONs that make up a GROUP are mutually exclusive. But individual GROUPs are
independent of each other.

-b 后台运行
-c, --cert=CERTDIR          指定证书目录（默认当前工作路径）
-p, --port=PORT             更改端口 (默认: 4200)
-t, --disable-ssl           关闭SSL传输
-q, --quiet                 安静模式，禁用所有信息
-u, --user=UID              设置登录用户 (默认: nobody)
-v, --verbose               开启登录信息提示
--version                   显示版本信息

3. Shellinabox启动

root@kali:~# shellinaboxd -b -t

启动服务之后，在浏览器访问http://IP:4200，默认4200端口，可以自己修改

Shellinabox默认禁止root登陆，所以Kali系统需要新建一个用户登录

三. 使用Ngrok将服务映射到外网

1. 建立隧道

在Ngrok建立隧道，注意本地端口填写启动Shellinabox的端口

2.开启映射

开启映射之前需要先下载客户端

root@kali:~/linux_amd64# wget https://www.ngrok.cc/sunny/linux_amd64.zip

将下载完成后，解压并开启

root@kali:~# unzip linux_amd64.zip
root@kali:~# cd /Desktop/linux_amd64
root@kali:~# ./sunny clientid 隧道id

3. 通过外网登陆

直接输入URL即可登录