1.shellinabox介绍

Shellinabox 是一个利用 Ajax 技术构建的基于 Web 浏览器的远程终端模拟器，安装该软件后，服务器端不需要开启 ssh服务，通过 Web 浏览器就可以对远程主机进行操作。使用来登录到系统http://IP:4200，在启用了SSL/TLS证书，需要用http://IP:4200来登录。默认情况下shellinabox使用的是4200端口。

2.shellinabox安装

使用的是系统是Kali Linux 2019，在终端输入

1	apt install shellinabox

如果提示无法找到包，请添加国内更新源

gedit /etc/apt/sources.list
//添加下列更新源
#清华大学 [更新源]
deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free 
deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free 

#浙江大学[更新源]
deb http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free 
deb-src http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free

3.shellinabox参数

List of command line options:
  -b, --background[=PIDFILE]  run in background
  -c, --cert=CERTDIR          set certificate dir (default: $PWD)
      --cert-fd=FD            set certificate file from fd
      --css=FILE              attach contents to CSS style sheet
      --cgi[=PORTMIN-PORTMAX] run as CGI
  -d, --debug                 enable debug mode
  -f, --static-file=URL:FILE  serve static file from URL path
  -g, --group=GID             switch to this group (default: nogroup)
  -h, --help                  print this message
      --linkify=[none|normal|aggressive] default is "normal"
      --localhost-only        only listen on 127.0.0.1
      --no-beep               suppress all audio output
  -n, --numeric               do not resolve hostnames
  -m, --messages-origin=ORIGIN allow iframe message passing from origin
      --pidfile=PIDFILE       publish pid of daemon process
  -p, --port=PORT             select a port (default: 4200)
  -s, --service=SERVICE       define one or more services
  -t, --disable-ssl           disable transparent SSL support
      --disable-ssl-menu      disallow changing transport mode
      --disable-utmp-logging  disable logging to utmp and wtmp
  -q, --quiet                 turn off all messages
      --unixdomain-only=PATH:USER:GROUP:CHMOD listen on unix socket
  -u, --user=UID              switch to this user (default: nobody)
      --user-css=STYLES       defines user-selectable CSS options
  -v, --verbose               enable logging messages
      --version               prints version information
      --disable-peer-check    disable peer check on a session

Debug, quiet, and verbose are mutually exclusive.

One or more --service arguments define services that should be made available
through the web interface:
  SERVICE := <url-path> ':' APP
  APP     := 'LOGIN' | 'SSH' [ : <host> ] | USER ':' CWD ':' CMD
  USER    := 'AUTH' | <username> ':' <groupname>
  CWD     := 'HOME' | <dir>
  CMD     := 'SHELL' | <cmdline>

<cmdline> supports variable expansion:
  ${columns} - number of columns
  ${gid}     - gid id
  ${group}   - group name
  ${home}    - home directory
  ${lines}   - number of rows
  ${peer}    - name of remote peer
  ${realip}  - value of HTTP header field 'X-Real-IP'
  ${uid}     - user id
  ${url}     - the URL that serves the terminal session
  ${user}    - user name

One or more --user-css arguments define optional user-selectable CSS options.
These options show up in the right-click context menu:
  STYLES  := GROUP { ';' GROUP }*
  GROUP   := OPTION { ',' OPTION }*
  OPTION  := <label> ':' [ '-' | '+' ] <css-file>

OPTIONs that make up a GROUP are mutually exclusive. But individual GROUPs are
independent of each other.

-b,--background[=PIDFILE]   后台运行
-c, --cert=CERTDIR          指定证书目录（默认当前工作路径）
-p, --port=PORT             更改端口 (默认: 4200)
-t, --disable-ssl           关闭SSL传输
-q, --quiet                 安静模式，禁用所有信息
-u, --user=UID              设置登录用户 (默认: nobody)
-v, --verbose               开启登录信息提示
--version                   显示版本信息

4.shellinabox启动

1	shellinaboxd -b -t

启动服务之后，在浏览器访问http://IP:4200
默认4200端口，可以自己修改
shellinabox默认禁止root登陆，所以Kali系统需要新建一个用户登录

5.使用Ngrok将服务映射到外网

5.1建立隧道

在Ngrok建立隧道，注意本地端口填写启动shellinabox的端口

5.2开启映射

1
2
3

unzip linux_amd64.zip
cd /Desktop/linux_amd64
./sunny clientid 隧道id

5.3通过外网登陆

直接输入URL即可登录