Python黑帽子 黑客与渗透测试编程之道(三)取代netcat
netcat是个计算机网络公用程式,用来对网络连线TCP或者UDP进行读写。
透过端口3333(-l 监听状态listen)从机器foo复制到机器bar复制档案:
user@bar$ nc -l -p 3333 > backup.iso
user@foo$ nc bar 3333 < backup.iso
在端口25建立内容未加工过的连接(类似telnet):
nc mail.server.net 25
利用零模式I/O(参数 -z)检查192.168.0.1的UDP端口(参数 -u)80-90是否开启:
nc -vzu 192.168.0.1 80-90
贴下代码,我自己跟着书上写的过程遇到的问题,就是缩进没对齐,导致整个程序后面出错了。由于代码比较长,找起来比较花时间,于是就在网上用了别人敲好的,运行出书上的结果了。
#!/usr/bin/env python2.7import sys
import socket
import getopt
import threading
import subprocess# define some global variables
listen = False
command = False
upload = False
execute = ""
target = ""
upload_destination = ""
port = 0# this runs a command and returns the output
def run_command(command):# trim the newlinecommand = command.rstrip()# run the command and get the output backtry:output = subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True)except:output = "Failed to execute command.\r\n"# send the output back to the clientreturn output# this handles incoming client connections
def client_handler(client_socket):global uploadglobal executeglobal command# check for uploadif len(upload_destination):# read in all of the bytes and write to our destinationfile_buffer = ""# keep reading data until none is availablewhile True:data = client_socket.recv(1024)if not data:breakelse:file_buffer += data# now we take these bytes and try to write them outtry:file_descriptor = open(upload_destination,"wb")file_descriptor.write(file_buffer)file_descriptor.close()# acknowledge that we wrote the file outclient_socket.send("Successfully saved file to %s\r\n" % upload_destination)except:client_socket.send("Failed to save file to %s\r\n" % upload_destination)# check for command executionif len(execute):# run the commandoutput = run_command(execute)client_socket.send(output)# now we go into another loop if a command shell was requestedif command:while True:# show a simple promptclient_socket.send("<BHP:#> ")# now we receive until we see a linefeed (enter key)cmd_buffer = ""while "\n" not in cmd_buffer:cmd_buffer += client_socket.recv(1024)# we have a valid command so execute it and send back the resultsresponse = run_command(cmd_buffer)# send back the responseclient_socket.send(response)# this is for incoming connections
def server_loop():global targetglobal port# if no target is defined we listen on all interfacesif not len(target):target = "0.0.0.0"server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)server.bind((target,port))server.listen(5) while True:client_socket, addr = server.accept()# spin off a thread to handle our new clientclient_thread = threading.Thread(target=client_handler,args=(client_socket,))client_thread.start()# if we don't listen we are a client....make it so.
def client_sender(buffer):client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)try:# connect to our target hostclient.connect((target,port))# if we detect input from stdin send it # if not we are going to wait for the user to punch some inif len(buffer):client.send(buffer)while True:# now wait for data backrecv_len = 1response = ""while recv_len:data = client.recv(4096)recv_len = len(data)response+= dataif recv_len < 4096:breakprint response, # wait for more inputbuffer = raw_input("")buffer += "\n" # send it offclient.send(buffer)except:# just catch generic errors - you can do your homework to beef this upprint "[*] Exception! Exiting."# teardown the connection client.close() def usage():print "Netcat Replacement"printprint "Usage: bhpnet.py -t target_host -p port"print "-l --listen - listen on [host]:[port] for incoming connections"print "-e --execute=file_to_run - execute the given file upon receiving a connection"print "-c --command - initialize a command shell"print "-u --upload=destination - upon receiving connection upload a file and write to [destination]"printprintprint "Examples: "print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c"print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe"print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\""print "echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135"sys.exit(0)def main():global listenglobal portglobal executeglobal commandglobal upload_destinationglobal targetif not len(sys.argv[1:]):usage()# read the commandline optionstry:opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:",["help","listen","execute","target","port","command","upload"])except getopt.GetoptError as err:print str(err)usage()for o,a in opts:if o in ("-h","--help"):usage()elif o in ("-l","--listen"):listen = Trueelif o in ("-e", "--execute"):execute = aelif o in ("-c", "--commandshell"):command = Trueelif o in ("-u", "--upload"):upload_destination = aelif o in ("-t", "--target"):target = aelif o in ("-p", "--port"):port = int(a)else:assert False,"Unhandled Option"# are we going to listen or just send data from stdinif not listen and len(target) and port > 0:# read in the buffer from the commandline# this will block, so send CTRL-D if not sending input# to stdinbuffer = sys.stdin.read()# send data offclient_sender(buffer) # we are going to listen and potentially # upload things, execute commands and drop a shell back# depending on our command line options aboveif listen:server_loop()main() 运行情况:
在一个终端中输入:
root@kali:~# ./bhnet.py -l -p 9999 -c按回车之后什么都没有显示,它已经在监听了。接下来打开一个新的终端,输入:
root@kali:~# ./bhnet.py -t localhost -p 9999
接下来还是没反应,接着按住ctrl+d键,就会如图所示:
接着输入:
会显示文件数及它们的属性。
再输入别的命令试试:
pwd命令 Linux中用 pwd 命令来查看”当前工作目录“的完整路径。
可以看到,我们返回了典型的命令行shell,由于我们在一个UNIX主机上,所以可以运行一些本地命令并回传其输出,就好像我们通过SSH登录一样,或者像是在目标主机本地运行。我们可以使用老派的方式直接利用客户端发送HTTP请求:
root@kali:~# echo -ne "GET / HTTP/1.1\r\nHost: www.baidu.com\r\n\r\n" | ./bhnet.py -t www.baidu.com -p 80
Python黑帽子 黑客与渗透测试编程之道(三)取代netcat相关推荐
- Python黑帽子--黑客与渗透测试编程之道 python3 实现代码
最近在看 Python黑帽子–黑客与渗透测试编程之道 这本书 发现这本书的代码实现都是使用python2 的于是我就想使用python3来实现 缓慢更新中 python2版本 有一个博主写的特别好 这 ...
- Python黑帽子 黑客与渗透测试编程之道(七) 第四章:Scapy:网络的掌控者
1 窃取Email认证 代码: from scapy.all import *def packet_callback(packet):if packet[TCP].payload:mail_packe ...
- Python黑帽子-黑客与渗透测试编程之道
Python黑帽子-黑客与渗透测试编程之道 时间:2018年4月28日 前言 本文参考了两篇资料,优化补全了代码内容 giantbranch 的 Python黑帽子–黑客与渗透测试编程之道 意闲 的 ...
- 关于《Python黑帽子:黑客与渗透测试编程之道》的学习笔记
本篇文章是学习<Python黑帽子:黑客与渗透测试编程之道>的笔记,会持续地将书上的代码自己敲一遍,从而让自己对Python的安全编程有更多的了解,同时希望各位可以给给建议,不足之处太多了 ...
- 《Python黑帽子:黑客与渗透测试编程之道》读书笔记(三):scapy——网络的掌控者
目录 前言 1.窃取email认证 2.ARP缓存投毒 3.PCAP文件处理 结语 前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源码,并自己将其中一些改写成P ...
- 《Python黑帽子:黑客与渗透测试编程之道》读书笔记(九):自动化攻击取证
目录 前言 1.Volatility配置 2.抓取口令的哈希值 3.直接代码注入 4.插入shellcode 结语 前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书 ...
- 《Python黑帽子:黑客与渗透测试编程之道》读书笔记(二):原始套接字和流量嗅探
目录 前言 1.Windows和Linux上的包嗅探 2.解码IP层 3.解码ICMP层 4.发现主机 结语 前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源码 ...
- 《Python黑帽子:黑客与渗透测试编程之道》读书笔记(四):web攻击
目录 前言 1.urllib2 2.开源web应用安装 3.破解目录和文件位置 4.破解HTML表格认证 结语 前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源 ...
- 《Python黑帽子:黑客与渗透测试编程之道》读书笔记(五):扩展burp代理
目录 前言 1.burp的fuzz脚本 2.burp中利用Bing服务 3.利用网站内容生成密码字典 结语 前言 <Python黑帽子:黑客与渗透测试编程之道>的读书笔记,会包括书中源码, ...
- 《Python黑帽子:黑客与渗透测试编程之道》 Web攻击
Web的套接字函数库:urllib2 一开始以urllib2.py命名脚本,在Sublime Text中运行会出错,纠错后发现是重名了,改过来就好: #!/usr/bin/python #coding ...
最新文章
- eclipse配置了maven,项目报错
- IOS Core Animation Advanced Techniques的学习笔记(五)
- [js] js的循环结构有哪些?
- 自定义手势--输入法手势技术
- python方法解析顺序_浅谈Python的方法解析顺序(MRO)
- linux 循环显示所有的sh.*文件.,利用shell脚本遍历文件夹内所有的文件并作整理统计的方法...
- 树莓派4b 调整屏幕分辨率
- SLAM 学习笔记 本质矩阵E、基础矩阵F、单应矩阵H的推导
- TOYOTA MOTOR CORPORATION Programming Contest 2022(AtCoder Beginner Contest 270) AB题解
- POJ1417 True Liars —— 并查集 + DP
- 学习到第一个国庆的感想
- 苹果手机软件闪退怎么解决_和平精英闪退怎么办 和平精英无法登陆怎么解决...
- 多节点Linux环境打造
- Java_obj(一)
- Hander异步消息处理机制完全解析
- 今天,就让坏得很的糟老头子来告诉你顺序表的基操,零基础也可get!
- Mac端解压缩工具推荐,哪款更实用?
- 计算机工程师中级答辩内容,中级工程师论文答辩(注意事项及答辩准备)
- 《重新定义公司:谷歌是如何运营的》
- 2000-2019年地级市绿色全要素生产率数据