文章内容是python 黑帽子的笔记
代码改用Python3.7
电子书
网络基础
TCP客户端
import socket
target_host = "cn.bing.com"
target_port = 80
# create a socket object
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# connect the client
client.connect((target_host, target_port))
# send some data
client.send(bytes("GET / HTTP/1.1
Host: cn.bing.com
", "utf-8"))
# receive some data
response = client.recv(4096)
print(response)
TCP服务端
import socket
address = ('127.0.0.1', 80)
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind(address)
# start listening with a maximum backlog of connections set to 5
server.listen(5)
while True:
client_socket, addr = server.accept()
request = client_socket.recv(1024)
if not client_socket:
print("client has exist")
break
print("client,", "is", addr)
print("request,", "is", request)
client_socket.send(bytes("send by tcp server ", "utf-8"))
client_socket.close()
server.close()
TCP服务端(多线程)
import socket
import threading
address = ('127.0.0.1', 80)
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind(address)
# start listening with a maximum backlog of connections set to 5
server.listen(5)
def handler_client(client_socket, args):
print(args)
request = client_socket.recv(1024)
if not client_socket:
print("client has exist")
print("client,", "is", addr)
print("request,", "is", request)
client_socket.send(bytes("send by tcp server ", "utf-8"))
client_socket.close()
while True:
client_socket, addr = server.accept()
client_handler = threading.Thread(target=handler_client, args=(client_socket, "other_args"))
client_handler.start()
server.close()
UDP客户端
import socket
target_host = "127.0.0.1"
target_port = 80
# create a socket object
client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# send some data
client.sendto(bytes("hello, this is udp client", "utf-8"), (target_host, target_port))
# receive some data
data, addr = client.recvfrom(4096)
print(data, addr)
UDP服务端
import socket
address = ('127.0.0.1', 80)
server = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
server.bind(address)
while True:
data, addr = server.recvfrom(2048)
if not data:
print("client has exist")
break
print("received:", data, "from", addr)
server.sendto(bytes("send by udp server ", "utf-8"), addr)
server.close()
取代Netcat
- 作为客户端部分代码
# coding=utf-8
# Python 实现 NetCat 工具
import sys
import socket
import getopt
import threading
import subprocess
# define some global variables
listen = False
command = False
upload = False
execute = ""
target = ""
upload_destination = ""
port = 0
def usage():
print("XHCat Net Tool")
print("Usage: XHCat.py -t target_host -p port")
print("-l --listen - listen on [host]:[port] for incoming connections")
print("-e --execute=file_to_run - execute the given file upon receiving a connection")
print("-c --command - initialize a command shell")
print("-u --upload=destination - upon receiving connection upload a file and write to[destination]")
print("Examples: ")
print("bhpnet.py -t 192.168.0.1 -p 5555 -l -c")
print("bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\target.exe")
print("bhpnet.py -t 192.168.0.1 -p 5555 -l -e="cat /etc/passwd"")
print("echo 'ABCDEFGHI' | ./XHCat.py -t 192.168.11.12 -p 135")
sys.exit(0)
def main():
global listen
global port
global execute
global command
global upload_destination
global target
if not len(sys.argv[1:]):
usage()
# read the commandline options
try:
opts, args = getopt.getopt(sys.argv[1:], "hle:t:p:cu:",
["help", "listen", "execute", "target", "port", "command", "upload"])
except getopt.GetoptError as err:
print(str(err))
usage()
for o, a in opts:
if o in ("-h", "--help"):
usage()
elif o in ("-l", "--listen"):
listen = True
elif o in ("-e", "--execute"):
execute = a
elif o in ("-c", "--commandshell"):
command = True
elif o in ("-u", "--upload"):
upload_destination = a
elif o in ("-t", "--target"):
target = a
elif o in ("-p", "--port"):
port = int(a)
else:
assert False, "Unhandled Option"
# are we going to listen or just send data from stdin?
# 作为客户端
if not listen and len(target) and port > 0:
# read in the buffer from the commandline
# this will block, so send CTRL-D if not sending input
# to stdin
buffer = sys.stdin.read()
# send data off
client_sender(buffer)
# we are going to listen and potentially
# upload things, execute commands, and drop a shell back
# depending on our command line options above
# 作为服务端
if listen:
server_loop()
def client_sender(buffer):
alive = True
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
# connect to our target host
client.connect((target, port))
if len(buffer):
client.send(bytes(buffer, "utf-8"))
while alive:
# now wait for data back
recv_len = 1
response = ""
while recv_len:
data = client.recv(4096)
recv_len = len(data)
response += str(data)
if recv_len < 4096:
break
print(str(response))
# wait for more input
buffer = input("")
buffer += "
"
if str(buffer) == str("exit
"):
alive = False
print("...........exited............")
# send it off
client.send(bytes(buffer, "utf-8"))
except:
print("[*] Exception! Exiting.")
# tear down the connection
client.close()
def server_loop():
pass
main()
- 启动参数
-t 127.0.0.1 -p 80
- 改进之前的TCP服务端配合
import socket
import threading
address = ('127.0.0.1', 80)
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind(address)
# start listening with a maximum backlog of connections set to 5
server.listen(5)
def handler_client(client_socket, args):
while True:
print(args)
request = client_socket.recv(1024)
print("client,", "is", addr)
print("request,", "is", request)
client_socket.send(bytes("send by tcp server :: " + str(request), "utf-8"))
# client_socket.close()
while True:
client_socket, addr = server.accept()
client_handler = threading.Thread(target=handler_client, args=(client_socket, "other_args"))
client_handler.start()
server.close()