zoukankan      html  css  js  c++  java
  • PYTHON 黑帽子第二章总结

      基于python3编写

    import sys, socket, getopt, threading, argparse, subprocess
    
    # globals options
    listen = False
    command = False
    upload = None
    execute = None
    target = None
    upload_destination = None
    port = None
    
    
    def main():
        global target
        global command
        global execute
        global listen
        global upload_destination
        global port
    
        # set up argument parsing
        parser = argparse.ArgumentParser(description="netcat clone")
        parser.add_argument("-p","--port", type=int, help="target port")
        parser.add_argument("-t", "--target_host", type=str, help="target host", default="0.0.0.0")
        parser.add_argument("-l", "--listen", help="listen on [host]:[port} for incomming connections", action="store_true",default=False)  # action 有参数为true,没有参数default false
        parser.add_argument("-e", "--execute", help="execute file-to-run execute the given file upn receiving a connection")
        parser.add_argument("-c", "--command", help="initialize a command shell", action="store_true", default=False)
        parser.add_argument("-u", "--upload",help="--upload=destination upon receing connection upload and write to destination")
        args = parser.parse_args()
    
        # parse arguments
        target = args.target_host
        port = args.port
        listen = args.listen
        execute = args.execute
        command = args.command
        upload_destination = args.upload
    
        # if listen is false and send send data from stdin
        if not listen and target is not None and port > 0:
            print("DBG:read data from stdin")
            # read buffer from stdin , this will block so send CTRL-D if not
            # sending to stdin 从stdin发送
            buff = sys.stdin.read()
    
    
            print("Sending {0} to client".format(buff))
            # send data
            client_sender(buff)
    
        # we are going to listen and potentially upload things ,excute
        # commands and drop a shell back ,depending on the command line options
        if listen:
            server_loop()
    
    
    def client_sender(buff):
        print("DBG:sending data to client on port" + str(port))
    
        # create a sockets
        client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    
        try:
            # connect to target host
            client.connect((target, port))
    
            if len(buff):
                client.send(buff.encode())
            while True:
                # now let's wait for data response
                recv_len = 1
                response = ""
    
                while recv_len:
                    print("DBG:waiting for response from client")
                    data = client.recv(4096)
                    recv_len = len(data)
                    response += data.decode(errors="ignore")
    
                    if recv_len < 4096:
                        break
                # end=""  statement does not end
                print(response, end="")
    
                # wait for more input
                buff = input("")
                buff += "
    "
                # send it off
                client.send(buff.encode())
        except:
            print("[*] Exception! Exiting.")
        finally:
            client.close()
    
    
    def server_loop():
        global target
        print("DBG:entering server loop")
    
        server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        server.bind((target, port))
    
        server.listen(5)
    
        while True:
            client_socket, addr = server.accept()
    
            # spin a thread to handle the new client
            client_thread = threading.Thread(target=client_handler, args=(client_socket,))
            client_thread.start()
    
    
    def run_command(command):
        # trim the newline rstrip trim the end of newline
        command = command.rstrip()
        print("DGB:executing command:" + command)
    
        try:
            # this will launch a new process ,note:cd commands are useless
            output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True)
        except:
            output = "Failed to execute to command.
    "
    
        # send the output back to the client
        return output
    
    
    # 服务端监听,获取从客户端发来的数据执行命令
    def client_handler(client_socket):
        global upload
        global execute
        global command
        print("DBG:handling client socket")
    
        # check for upload
        if upload_destination is not None:
            print("DEBG:entering file upload")
    
            # read all of the bytes and write them to the destination
            file_buff = ""
    
            # keep reading data until none is available
            while True:
                data = client_socket.recv(1024)
                if not data:
                    break
                else:
                    file_buff += data.decode()
    
            # write bytes to file
            try:
                f = open(upload_destination, "wb")
                f.write(file_buff)
                f.close()
    
                # ACK file writing
                client_socket.send("Successfully saved file to {0}
    ".format(upload_destination).encode())
            except:
                client_socket.send("Failed to save file to {0}
    ".format(upload_destination).encode())
    
        if execute is not None:
            print("DBG: going to execute command")
    
            # run the command
            output = run_command(execute)
            client_socket.send(output.encode())
    
        # go into loop if a command shell was resquested
        if command:
            print("DBG:shell requested")
    
            # show a prompt
            client_socket.send("<BHP:#>".encode())
            while True:
    
                # now recieve until linefeed
                cmd_buff = ""
                while "
    " not in cmd_buff:
                    cmd_buff += client_socket.recv(1024).decode()
    
                # send back the command output
                response = run_command(cmd_buff)
    
                # 判断一个response是否为str类型
                if isinstance(response, str):
                    response = response.encode()
    
                # send back the response
                client_socket.send(response + "<BHP:#>".encode())
    
    
    if __name__ == '__main__':
        main()
    

      使用实列:

    服务端执行:

    python necat_1.py -l -p 9999 -c

    客户端执行:

    python nccat_1.py -t localhost -p 9999

    客户端执行需要EOF读取结束,linux(ctrl-d),windows(ctrl-z)

  • 相关阅读:
    正则表达式记录
    XMLHttpRequest(Ajax)不能设置自定义的Referer
    删除右键菜单上的Adobe Drive CS4,Win7上也没有问题
    A HOWTO on Optimizing PHP(如何优化PHP的一篇文章)
    PHP XML To Array,将XML转换为数组
    让图片在高度确定的块元素中垂直居中
    (转)2011年,還是微軟IE的天下~網頁設計師哭泣吧!
    产生类似GUID的唯一ID
    转:编写跨浏览器兼容的 CSS 代码的金科玉律
    array_intersect 比 array_diff 快
  • 原文地址:https://www.cnblogs.com/junsec/p/10828255.html
Copyright © 2011-2022 走看看