trying to replace netcat ,, with a python script
Question
I'm reading a book called ( Black Hat Python: Python Programming for Hackers and Pentesters Book by Justin Seitz)
and I'm doing a project from the book called Replacing Netcat , basically an attempt to replace netcat with a python script ,
I wrote the code identical to the book but its not running properly,,,
** I mean I had to make some obvious changes , cause the book is using python 2.7 , and I'm using Python 3.9.12**
but the code isn't working as it should , according to the book,,,,
this is how the book is telling me to run the code ::- how the book tells me to run the script
me trying to run the code 1st step
me trying to run the code 2nd step
as u can see it gives no output ,, if I try to run it according to the book
and just print's the strings and stops when I write "python3 file_name.py" 2 and stops , it doesn't even execute a single function after that, what am I doing wrong ?
import sys
import socket
import getopt
import threading
import subprocess
# global variables that we fooking need .
listen = False
command = False
upload = False
execute = ""
target = ""
upload_dest = ""
port = 0
def usage():
print ("BHP Net Tool")
print()
print ("Usage: bhpnet.py -t target_host -p port")
print ("""-l --listen - listen on [host]:[port] for ¬
incoming connections""")
print ("""-e --execute=file_to_run - execute the given file upon ¬
receiving a connection""")
print ("-c --command - initialize a command shell")
print ("""-u --upload=destination - upon receiving connection upload a ¬
file and write to [destination]""")
print()
print()
print ("Examples: ")
print ("bhpnet.py -t 192.168.0.1 -p 5555 -l -c")
print ("bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe")
print ("bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\"")
print ("echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135")
sys.exit(0)
def main():
global listen
global port
global execute
global command
global upload_dest
global target
if not len(sys.argv[1:]):
usage()
# read commandline options
try:
opts,args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:",
["help", "listen", "execute", "target", "port", "command", "upload"])
except getopt.GetoptError as err:
print(str(err))
usage()
for o,a in opts:
if o in ("-h", "--help"):
usage()
elif o in ("-l", "--listen"):
listen = True
elif o in ("-e", "--execute"):
execute = a
elif o in ("-c", "commandshell"):
command = True
elif o in ("-u", "--upload"):
upload_dest = a
elif o in ("-t", "--target"):
target = a
elif o in ("-p", "--port"):
port = int(a)
else:
assert False, "Unhandled Option"
#are we going to listen or just send data from stdin ?
if not listen and len(target) and port > 0 :
#read in buffer from the commandline
#this will block , so send CTRL-D if not sending input
#to stdin
buffer = sys.stdin.read()
# send data off
client_sender(buffer)
# we are going to listen and potentially
# upload things , execute commands , and drop a shell back
# depending on our command line options above
if listen:
server_loop()
main()
def client_sender(buffer):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
# connect to out target host
client.connect((target,port))
if len(buffer):
client.send(buffer)
while True:
# now wait for back
recv_len = 1
response = ""
while recv_len:
data = client.recv(4096)
recv_len = len(data)
response += data
if recv_len < 4096:
break
print(response)
# wait for more input
buffer = input("")
buffer += "\n"
# send it off
client.send(buffer)
except:
print("[*] Exception ! Exiting.")
# tear down the connection
client.close()
def server_loop():
global target
#if no target is defined, we listen on al interfaces
if not len(target):
target = "0.0.0.0"
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((target,port))
server.listen(5)
while True:
client_socket, addr = server.accept()
# spin off a thread to handel our new client
client_thread = threading.Thread(target=client_handler, args = (client_socket,))
client_thread.start()
def run_command(command):
# trim the newline
command = command.rstrip()
# run the command and get the output back
try:
output = subprocess.check_output(command,stderr = subprocess.STDOUT, shell=True)
except:
output = "Failed to execute command.\r\n"
#send the output back to the client
return output
def client_handler(client_socket):
global upload
global exceute
global command
# check for upload
if len(upload_dest):
# read in all of the bytes and write to our destination
file_buffer = ""
#keep reading data until none is available
while True:
data = client_socket.recv(1024)
if not data:
break
else:
file_buffer += data
# now we take these bytes and try to write them out
try:
file_descriptor = open("upload_dest", "wb")
file_descriptor.write(file_buffer)
file_descriptor.close()
# acknowledge that we wrote the file out
client_socket.send(f"Succesfully saved file to {upload_dest}")
except:
client_socket.send(f"Failed to save file to \r\n{upload_dest}")
# check for command execution
if len(execute):
# run the command
output = run_command(execute)
client_socket.send(output)
# now we go into another loop if a command shell was requested
if command:
while True:
# show a simple prompt
client_socket.send("<BHP:#>")
# now we recive until we see a linefeed ( enter key )
cmd_buffer = ""
while "\n" not in cmd_buffer:
cmd_buffer += client_socket.recv(1024)
# send back the command output
response = run_command(cmd_buffer)
# send back the response
client_socket.send(response)
1 answers
solution1
0 2022-07-16 12:24:39
How is your debugging skill?
I was experiencing the same issue afew days ago & i fixed it by debugging entry points into functions to keep track of the eip while the program is running by printing arguments before any operation as they are being passed between functions .. this helps to check whether the code is producing expected values as it runs .. in short as this case , the book was written in regards to python2 so most of the errors are going to force you to work on your debugging skills.. i would also advice you to take a short crash course in C programming before taking on the BHP book since alot of system calls like socket getopts are really C apis , check on man 2 and man 3 of whatever you're importing in python to have a broader look on things as you debug most errors ..
managed to fix it up until here ..
download source code link https://filebin.net/i40e2oisabxqmbys
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.