5 minutes, use intranet penetration to quickly realize remote desktop


The following article is from airpython by Xing Ango

1. Preface

Today, I’d like to share how to use FRP to achieve intranet penetration and control computers.

When it comes to remote desktop, you may think of third-party software such as TeamViewer and sunflower

However, most of them are commercial software, which is expensive; Even if the free version is provided, there are various restrictions, and the stability and security cannot be guaranteed

This article will introduce how to use intranet penetration to realize remote desktop management

2. Intranet penetration FRP

Common solutions for intranet penetration include FRP, ngrok and natapp

Among them, FRP is an open source, simple and easy-to-use, high-performance reverse agent software

It supports TCP, UDP, HTTP, HTTPS and other protocol types

Official address:https://github.com/fatedier/frp

3. Operation steps

Take FRP intranet penetration as an example to realize remote desktop access

3-1 deploy FRP server to ECS

According to the system platform, download the FRP source code from the following link and upload it to the ECS


Of course, it can also be downloaded directly through the WGet command

#Use the WGet command to download 0.37 Version 1
wget https://github.com/fatedier/frp/releases/download/v0.37.1/frp_0.37.1_linux_amd64.tar.gz

Next, unzip the file package

#Unzip file
tar -zxvf frp_0.37.1_linux_amd64.tar.gz

Then, use VI / VIM to edit the FRP server configuration file “FRPs. Ini”


  • bind_ Port specifies the port number of the FRP server
  • dashboard_ user、dashboard_ pwd、dashboard_ Port is used to configure the account information and access port number of FRP background management respectively
# frps.ini

bind_addr =
bind_port = 7777
Token = 12345678 # authorization code

#Configure FRP background management account
dashboard_user = admin
dashboard_pwd = admin
dashboard_port = 8888 
enable_prometheus = true

#Configure log configuration folder
log_file = /var/log/frps.log
log_level = info
log_max_days = 3

Finally, open the ECS firewall port, configure security group rules, and run the FRP service

#Open firewall port number, configure security group rules
#7777 and 8888 port numbers are configured here

#Configure services
mkdir -p /etc/frp
cp frps.ini /etc/frp
cp frps /usr/bin
cp systemd/frps.service /usr/lib/a

#Start FRPs service
systemctl enable frps
systemctl start frps

3-2 accessing FRP background management

Open the browser, access the IP address of ECS + the port number “8888” specified above, and enter the user name and password above to enter the FRP background management interface

5 minutes, use intranet penetration to quickly realize remote desktop

The management interface can view the running status and agent statistics of FRP in real time

3-3 deploy FRP client to target computer

PS: since the target computer is windows, you need to download the FRP source code of the Windows version first

First, modify the client configuration file “FRPC. Ini”

#Configure FRP client information
# frpc.ini

server_ Addr = FRP public IP address #frp service public IP address
server_ port = 7777  # frps. Ini
Token = 12345678 # and FRPs The tokens in ini are consistent

Type = TCP # communication mode
local_ip =
local_ Port = 3389 # remote access service default port is 3389
remote_ Port = 6000 # defines that the remote port points to the local 3389 port through 6000

Then, run the FRP client using the following command in CMD

#Running the FRP client
frpc -c frpc.ini

Finally, refresh the FRP dashboard management page to observe the connection information of the FRP client

5 minutes, use intranet penetration to quickly realize remote desktop

3-4 target computer startup – winsw

In order to ensure that the target computer is permanently online, you can use “winsw” to configure the client connection as a service and configure it to start automatically

Project download address:https://github.com/winsw/wins…

The configuration steps are as follows:

  • Download the corresponding source code according to the system version, unzip it and place it in the same level directory of FRP
  • Change the executable name to winsw exe
  • Create a new configuration file winsw XML, add the command to run the FRP client

The configuration information is as follows:

# winsw.xml<service>
    < description > FRP remote control client service < / description >
    <arguments>-c frpc.ini</arguments>

Finally, open the CMD terminal as an administrator and run the following command, so that the FRP client can become a system service and run in the background

#Run as Administrator
winsw install
winsw start

3-5 remote desktop access

Remote desktop control can be performed on the target computer through the ECS IP + the remote access port number specified by the client

Assume that the ECS IP is “...“, the remote port number specified in the FRP client configuration file is 6000

Just use the command “mstsc” to enter the remote desktop window, and the computer enters “...: 6000 “, enter the user name and password of the target computer to remotely control the target computer

Of course, you can also control the remote desktop through mobile app, such as “Rd client”

4. Finally

The remote desktop control is realized through FRP intranet penetration. The actual use experience is really not too good

In fact, the purpose of Intranet penetration is far more than that. You can consult the data to expand it by yourself

Open source outpostShare popular, interesting and practical open source projects on a daily basis. Participate in maintaining the open source technology resource library of 100000 + star, including python, Java, C / C + +, go, JS, CSS and node js、PHP、. Net, etc.