0x01 介绍
# 一个python版本的nc小工具,只有一个功能:输入命令,得到结果
# 1. 创建两个传送模式,服务器和客户端
# 2. 增加服务器端收到客户端的命令然后执行命令返回结果给客户端
# ps:
# 1. 输入quit表示退出
# 2. 默认target为127.0.0.1
# 3. 默认port为1234
思路:
0x02 代码实现
import socket
import threading
import sys
import getopt
import subprocess
TARGET = "127.0.0.1"
PORT = 1234
LISTEN = False
# 客户端
def client_node():
# 1. 创建一个流式套接字
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# 2. 连接服务器,服务器地址由参数决定
client_socket.connect((TARGET, PORT))
# 3. 发送消息,输入quit表示退出
while True:
cmd = input(">>")
print(cmd)
client_socket.send(cmd.encode('utf-8'))
if cmd == "quit":
print("bye~")
client_socket.close()
break
# 接收服务端的回复
recv_len = 1
response = ''
while recv_len:
tmp = client_socket.recv(1024).decode('utf-8')
response = response + tmp
recv_len = len(tmp)
if recv_len < 1024:
break
print(response)
# 服务器端
def server_node():
# 1. 创建一个流式套接字
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# 2. 绑定地址
server_socket.bind((TARGET, PORT))
# 3. 设置监听的最大链接数:5
server_socket.listen(5)
print("listen {}: {}".format(TARGET, PORT))
# 4.进行监听
waiter_socket, client_address = server_socket.accept()
# 开启子线程来进行处理
waiter_thread = threading.Thread(target=waiter_dealth, args=(waiter_socket, ))
waiter_thread.start()
def waiter_dealth(waiter_socket):
while True:
request = waiter_socket.recv(1024).decode("utf-8")
# print(request)
response = run_cmd(request)
if not response:
waiter_socket.send("ok".encode('utf-8'))
waiter_socket.send(response.encode('utf-8'))
if request == "quit":
waiter_socket.close()
break
#用于命令执行
def run_cmd(cmd):
cmd = cmd.rstrip()
try:
output = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
output = output.decode("cp936")
except:
output = "Fail to execute command.\r\n"
return output
def usage():
# 用于输出使用方法
print("BHP Net Tool")
print("Usage: nc.py -t target_host -p port")
print("-l --listen - listen on [host]:[port] for incoming connections")
print("Examples: ")
print("nc.py -t 127.0.0.1 -p 1234 -l")
print("echo 'asdf' | ./nc.py -t 127.0.0.1 -p 135")
sys.exit(0)
if __name__ == "__main__":
if not sys.argv[1:]:
usage()
try:
opts, args = getopt.getopt(sys.argv[1:], "hlt:p:", ["help", "listen", "target", "port"])
except getopt.GetoptError as err:
print(str(err))
usage()
for o,a in opts:
if o in ("-h", "--help"):
usage()
elif o in ("-l", "--listen"):
LISTEN = True
elif o in ("-t", "--target"):
TARGET = a
elif o in ("-p", "--port"):
PORT = int(a)
else:
print("err options!")
usage()
if LISTEN: # 监听模式:服务端
server_node()
if not LISTEN:
client_node()
0x03 运行效果
0x04 问题
1.只能实现简单的命令执行
2.命令执行的结果不能太长,否则不会传过去