Hayi Habr!
Kutshanje ndibukele inguqulelo ekhutshelweyo yenkqubo βUyenza njani eyakho usetyenziso lwewebhu kwiFlask.β Kwaye ndaye ndagqiba ekubeni ndidibanise ulwazi lwam kwiprojekthi ethile. Kwangexesha elide ndingazi ukuba mandibhale ntoni kwaye umbono weza kum: "Kutheni ungenzi i-mini-backdoor kwiFlask?"
Iinketho zokuqala zokuphunyezwa kunye nezakhono ze-backdoor zavela kwangoko entlokweni yam. Kodwa ndaye ndagqiba ekubeni ndenze ngokukhawuleza uluhlu lwamandla angasemva:
- Yazi indlela yokuvula iiwebhusayithi
- Yiba nofikelelo kumgca womyalelo
- Ukwazi ukuvula iinkqubo, iifoto, iividiyo
Ke, inqaku lokuqala kulula kakhulu ukulisebenzisa usebenzisa imodyuli yesikhangeli sewebhu. Ndigqibe ekubeni ndiphumeze inqaku lesibini ndisebenzisa imodyuli ye-os. Kwaye eyesithathu ikwimodyuli ye-os, kodwa ndiza kusebenzisa "amakhonkco" (ngaphezulu koko kamva).
Ukubhala umncedisi
Ke, *drumroll* yonke ikhowudi yeseva:
from flask import Flask, request
import webbrowser
import os
import re
app = Flask(__name__)
@app.route('/mycomp', methods=['POST'])
def hell():
json_string = request.json
if json_string['command'] == 'test':
return 'The server is running and waiting for commands...'
if json_string['command'] == 'openweb':
webbrowser.open(url='https://www.'+json_string['data'], new=0)
return 'Site opening ' + json_string['data'] + '...'
if json_string['command'] == 'shell':
os.system(json_string['data'])
return 'Command execution ' + json_string['data'] + '...'
if json_string['command'] == 'link':
links = open('links.txt', 'r')
for i in range(int(json_string['data'])):
link = links.readline()
os.system(link.split('>')[0])
return 'Launch ' + link.split('>')[1]
if __name__ == '__main__':
app.run(host='0.0.0.0')
Sele ndiyilahlile yonke ikhowudi, lixesha lokuchaza undoqo.
Yonke ikhowudi isebenza kwikhompyuter yendawo kwi-port 5000. Ukusebenzisana nomncedisi, kufuneka sithumele isicelo se-JSON POST.
Ulwakhiwo lwesicelo se-JSON:
{βcommandβ: βcomecommandβ, βdataβ: βsomedataβ}Ewe, iyavakala into yokuba 'umyalelo' ngumyalelo esifuna ukuwuphumeza. Kwaye 'idatha' ziingxoxo zomyalelo.
Ungabhala kwaye uthumele izicelo ze-JSON zokusebenzisana nomncedisi ngesandla (izicelo ziya kukunceda). Okanye ungabhala umxhasi weconsole.
Ukubhala umxhasi
Ikhowudi:
import requests
logo = ['nn',
'****** ********',
'******* *********',
'** ** ** **',
'** ** ** ** Written on Python',
'******* ** **',
'******** ** **',
'** ** ** ** Author: ROBOTD4',
'** ** ** **',
'** ** ** **',
'******** *********',
'******* ********',
'nn']
p = ''
iport = '192.168.1.2:5000'
host = 'http://' + iport + '/mycomp'
def test():
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
def start():
for i in logo:
print(i)
start()
test()
while True:
command = input('>')
if command == '':
continue
a = command.split()
if command == 'test':
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
if a[0] == 'shell':
for i in range(1, len(a)):
p = p + a[i] + ' '
dict = {'command': 'shell', 'data': p}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
p = ''
if a[0] == 'link':
if len(a) > 1:
dict = {'command': 'link', 'data': int(a[1])}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('ΠΠΎΠΌΠΌΠ°Π½Π΄Π° Π½Π΅ ΡΠΎΠ΄Π΅ΡΠΆΠΈΡ Π°ΡΠ³ΡΠΌΠ΅Π½ΡΠΎΠ²!')
if a[0] == 'openweb':
if len(a) > 1:
dict = {'command': 'openweb', 'data': a[1]}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('ΠΠΎΠΌΠΌΠ°Π½Π΄Π° Π½Π΅ ΡΠΎΠ΄Π΅ΡΠΆΠΈΡ Π°ΡΠ³ΡΠΌΠ΅Π½ΡΠΎΠ²!')
if a[0] == 'set':
if a[1] == 'host':
ip = a[2] + ':5000'
if command == 'quit':
break
Iingcaciso:
Okokuqala, imodyuli yezicelo ithathwa kumazwe angaphandle (ngokunxibelelana nomncedisi). Apha ngezantsi kukho iinkcazo zokuqala kunye novavanyo lwemisebenzi. Kwaye ke umjikelo apho umlingo kwenzeka. Ngaba uyifundile ikhowudi? Ngoko uyayiqonda intsingiselo yomlingo eyenzekayo kumjikelo. Ngenisa umyalelo - wenziwe. I-Shell - imiyalelo yomgca womyalelo (ingqiqo ivaliwe kwisikali).
Uvavanyo-jonga ukuba umncedisi uyasebenza (umnyango ongasemva)
Unxulumano-ukusetyenziswa "kwendlela emfutshane"
I-Openweb β ukuvula iwebhusayithi
Yeka β phuma kumxhasi
Seta β ukuseta i-ip yekhompyuter yakho kwinethiwekhi yendawo
Kwaye ngoku ngakumbi malunga nekhonkco.
Kukho ifayile yekhonkco.txt ecaleni komncedisi. Iqulethe izixhumanisi (indlela epheleleyo) kwiifayile (iividiyo, iifoto, iinkqubo).
Ulwakhiwo lunje:
ΠΏΠΎΠ»Π½ΡΠΉ_ΠΏΡΡΡ>ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅
ΠΏΠΎΠ»Π½ΡΠΉ_ΠΏΡΡΡ>ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅
Isiphumo
Sinomncedisi wasemva wokulawula ikhompyutha kwinethiwekhi yendawo (ngaphakathi kwenethiwekhi ye-wi-fi). Ngokobuchwephesha, sinokuqhuba umxhasi kuso nasiphi na isixhobo esinotoliki wepython.
I-PS ndongeze umyalelo omiselweyo ukwenzela ukuba ukuba ikhompyutha kwinethiwekhi yendawo yabelwe i-IP eyahlukileyo, ingatshintshwa ngokuthe ngqo kumxhasi.
umthombo: www.habr.com