基于python3编写
import sys, socket, getopt, threading, argparse, subprocess # globals options listen = False command = False upload = None execute = None target = None upload_destination = None port = None def main(): global target global command global execute global listen global upload_destination global port # set up argument parsing parser = argparse.ArgumentParser(description="netcat clone") parser.add_argument("-p","--port", type=int, help="target port") parser.add_argument("-t", "--target_host", type=str, help="target host", default="0.0.0.0") parser.add_argument("-l", "--listen", help="listen on [host]:[port} for incomming connections", action="store_true",default=False) # action 有参数为true,没有参数default false parser.add_argument("-e", "--execute", help="execute file-to-run execute the given file upn receiving a connection") parser.add_argument("-c", "--command", help="initialize a command shell", action="store_true", default=False) parser.add_argument("-u", "--upload",help="--upload=destination upon receing connection upload and write to destination") args = parser.parse_args() # parse arguments target = args.target_host port = args.port listen = args.listen execute = args.execute command = args.command upload_destination = args.upload # if listen is false and send send data from stdin if not listen and target is not None and port > 0: print("DBG:read data from stdin") # read buffer from stdin , this will block so send CTRL-D if not # sending to stdin 从stdin发送 buff = sys.stdin.read() print("Sending {0} to client".format(buff)) # send data client_sender(buff) # we are going to listen and potentially upload things ,excute # commands and drop a shell back ,depending on the command line options if listen: server_loop() def client_sender(buff): print("DBG:sending data to client on port" + str(port)) # create a sockets client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: # connect to target host client.connect((target, port)) if len(buff): client.send(buff.encode()) while True: # now let's wait for data response recv_len = 1 response = "" while recv_len: print("DBG:waiting for response from client") data = client.recv(4096) recv_len = len(data) response += data.decode(errors="ignore") if recv_len < 4096: break # end="" statement does not end print(response, end="") # wait for more input buff = input("") buff += " " # send it off client.send(buff.encode()) except: print("[*] Exception! Exiting.") finally: client.close() def server_loop(): global target print("DBG:entering server loop") server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.bind((target, port)) server.listen(5) while True: client_socket, addr = server.accept() # spin a thread to handle the new client client_thread = threading.Thread(target=client_handler, args=(client_socket,)) client_thread.start() def run_command(command): # trim the newline rstrip trim the end of newline command = command.rstrip() print("DGB:executing command:" + command) try: # this will launch a new process ,note:cd commands are useless output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True) except: output = "Failed to execute to command. " # send the output back to the client return output # 服务端监听,获取从客户端发来的数据执行命令 def client_handler(client_socket): global upload global execute global command print("DBG:handling client socket") # check for upload if upload_destination is not None: print("DEBG:entering file upload") # read all of the bytes and write them to the destination file_buff = "" # keep reading data until none is available while True: data = client_socket.recv(1024) if not data: break else: file_buff += data.decode() # write bytes to file try: f = open(upload_destination, "wb") f.write(file_buff) f.close() # ACK file writing client_socket.send("Successfully saved file to {0} ".format(upload_destination).encode()) except: client_socket.send("Failed to save file to {0} ".format(upload_destination).encode()) if execute is not None: print("DBG: going to execute command") # run the command output = run_command(execute) client_socket.send(output.encode()) # go into loop if a command shell was resquested if command: print("DBG:shell requested") # show a prompt client_socket.send("<BHP:#>".encode()) while True: # now recieve until linefeed cmd_buff = "" while " " not in cmd_buff: cmd_buff += client_socket.recv(1024).decode() # send back the command output response = run_command(cmd_buff) # 判断一个response是否为str类型 if isinstance(response, str): response = response.encode() # send back the response client_socket.send(response + "<BHP:#>".encode()) if __name__ == '__main__': main()
使用实列:
服务端执行:
python necat_1.py -l -p 9999 -c
客户端执行:
python nccat_1.py -t localhost -p 9999
客户端执行需要EOF读取结束,linux(ctrl-d),windows(ctrl-z)