iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Sending commands over sockets
  • chroniccommand
    Posts: 1,389
    I figured I'd make a little tutorial on sending / executing commands over sockets in Python. Mainly because when I was coding pyBackdoor I needed a lot of help with it but there was no help available :/

    So I figured I'd make one here just in case anybody here wants to execute commands over a python socket.

    Take a look at this simple server, then I'll dissect some important parts:

    import socket

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    host = \"localhost\"
    port = 31337
    s.connect((host, port))

    s.send(\"TEST\")

    What this does it connect to localhost on port 31337 and sends "TEST" over the socket. Now lets have a look at the server:

    import socket
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    host = \"\"
    port = 31337
    s.bind((host, port))
    s.listen(1)
    conn, addr = s.accept()
    socksize = 1024

    data = conn.recv(socksize)
    print(data)

    This will bind to port 31337 on the machine, listen and accept connections. It reads the string from the client and prints it. Simple. But what if we want to execute a command?
    Well we use a pipe, and subprocess. Have a look.
    Client:

    import socket

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    host = \"localhost\"
    port = 31337
    socksize = 1024
    s.connect((host, port))
    cmd = raw_input(\"Command: \")
    s.send(cmd)
    data = s.recv(socksize)
    output = data
    print(output)

    So it does what the other client does, but asks for a command. Then it sends the command and waits for the data received. Lets have a look at the server side:

    import socket, subprocess
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    host = \"\"
    port = 31337
    s.bind((host, port))
    s.listen(1)
    conn, addr = s.accept()
    socksize = 1024

    data = conn.recv(socksize)
    p = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    for line in p.stdout.readlines():
        l = line
        conn.send(l)

    Now what we do is receive the command, and execute it using Popen in subprocess. Simple but effective. It will execute the command and sent the output to the client. Thats all there is to it.

    --chroniccommand
  • Xin
    Posts: 3,251
    Nice guide chronic
    Xin
  • Sh3llc0d3
    Posts: 1,910
    I think also people need to start learning ipv6 sockets too... for example: as opposed to AF_INET it'd be AF_INET6.

    Some more coverage: http://docs.python.org/library/socket.html
  • Xin
    Posts: 3,251
    said:


    I think also people need to start learning ipv6 sockets too... for example: as opposed to AF_INET it'd be AF_INET6.

    Some more coverage: http://docs.python.org/library/socket.html



    I wish rather than IPv6 they just made addresses like 192.168.2.1 change to 192.168.2.1.1

    That would give us another few billion addresses.

    But these ipv6 addresses are like

    fjwa5a:faw5qg:hnwha4:gatanh:gfawta

    Or something lol
    Xin
  • chroniccommand
    Posts: 1,389
    said:


    said:


    I think also people need to start learning ipv6 sockets too... for example: as opposed to AF_INET it'd be AF_INET6.

    Some more coverage: http://docs.python.org/library/socket.html



    I wish rather than IPv6 they just made addresses like 192.168.2.1 change to 192.168.2.1.1

    That would give us another few billion addresses.

    But these ipv6 addresses are like

    fjwa5a:faw5qg:hnwha4:gatanh:gfawta

    Or something lol

    Yea IPV6 is going to be a lot more complicated than just the regular 255.255.255.255
  • Sh3llc0d3
    Posts: 1,910
    Yeah i'm in no way a fan of ipv6 addressing I think it'll change a hell of a lot in network security especially
  • chroniccommand
    Posts: 1,389
    said:


    Yeah i'm in no way a fan of ipv6 addressing I think it'll change a hell of a lot in network security especially


    Lol I already see it in my head. The day we migrate everything to IPV6 all of HF will be in panic.
    "HOW DUZ I HAX IPV6 IPZ"
  • Sh3llc0d3
    Posts: 1,910
    More along the likes of "some:made:up:ipv6:ip << how do I crack this hash!?!?!?"
  • chroniccommand
    Posts: 1,389
    said:


    More along the likes of "some:made:up:ipv6:ip << how do I crack this hash!?!?!?"


    Lmao why didn't I think of that >.<
  • undead
    Posts: 822
    said:


    More along the likes of "some:made:up:ipv6:ip << how do I crack this hash!?!?!?"



    looll i'd like to see that... :P
Add a Comment