出于开发目的与服务交互的最佳方式 [英] Best way to interact with a service for exploitation purpose
问题描述
假设我有一个要与之交互的服务.使用 netcat 会是这样的:
Suppose I have a service to interact with. Using netcat it would be something like this:
> nc 127.0.0.1 8080
hello
hi how are you?
我想自动化与此服务的交互以执行一些攻击,例如格式字符串.所以我创建了一个 Python 脚本,让它工作真的很痛苦.代码如下:
I want to automatize the interaction with this service in order to perform some attack e.g. format string. So I create a Python script and that was really painful to make it work. Here's the code:
t = Telnet(HOST, PORT)
t.write('2\n')
for _ in xrange(10)): print(t.read_some())
t.write('3\n')
for _ in xrange(12)): print(t.read_some())
这里的问题是服务的响应.我对这个脚本的期望如下:
The problem here is the response from the service. The behavior I was expecting from this script was the following:
- 发送请求,例如你好"
- 得到回复:你好吗?"
在这种情况下,该服务非常简单,但假设我有一个打印选项菜单或欢迎屏幕的服务,我必须阅读所有这些内容并手动查找对我发送的命令的响应(使用 for _在xrange ...)
In this case the service is quite simple but suppose I have a service that prints a menu of options or a welcome screen, I had to read all this stuff and manually find the response to the command I sent (using the for _ in xrange ...).
总结:仅考虑输入命令的响应,与此类服务交互的最佳方式是什么?
To summarize: what's the best way to interact with such service by taking into account ONLY the response of an input command?
我不知道 python 是否适合这些东西.我尝试使用套接字,但由于功能 recv
推荐答案
看看expect,它在用户提供的脚本的帮助下与交互式程序对话".
Take a look into expect, which "talks" to interactive programs with the help of a user provided script.
使用
expect ./interact
或使 interact
可执行(chmod a+x interact
):
./interact
其中 interact
是以下脚本:
#!/usr/bin/expect
spawn nc 127.0.0.1 8080
send -- "hallo\r"
expect "hi how are you?\r"
这只是一个简单的例子,手册页充满了深入的解释,还有安装附带的示例脚本.
This is just a simple example, the man page is full of in depth explanations and there are also example scripts which come with the installation.
参考资料
* http://linuxaria.com/howto/2-practical-examples-of-expect-on-the-linux-cli?lang=en
这篇关于出于开发目的与服务交互的最佳方式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!