python netcat

1. #!/usr/bin/python2.7
2.  
3. import sys
4. import socket
5. import getopt
6. import threading
7. import subprocess
8.  
9. # declare and initialize global vars
10. listen = False
11. command = False
12. upload = False
13. execute = ""
14. target = ""
15. upload_destination = ""
16. port = 0
17.  
18. def usage ():
19. print "Vy Net Tool"
20. print
21. print "Usage: vynet.pyc -t target_host -p port"
22. print "-l --listen - listen on [host]:[port] for incoming connections"
23. print "-e --execute=file_to_run - execute the given file upon receiving a connection"
24. print "-c --command - initialize a command shell"
25. print "-u --upload=destination - upon receiving a connection upload a file and write to [destination]"
26. print
27. print
28. print "Examples: "
29. print "vynet.pyc -t 192.168.0.1 -p 5555 -l -c"
30. print "vynet.pyc -t 192.168.0.1 -p 5555 -l -u=C:\\target.exe"
31. print "vynet.pyc -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\""
32. print "echo 'ABCDEFGHI' | ./vynet.pyc -t 192.168.11.12 -p 135"
33. sys.exit(0)
34.  
35. def client_sender(buffer):
36. client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
37.  
38. try:
39. # connect to our target host
40. client.connect((target,port))
41.  
42. if len(buffer):
43. client.send(buffer)
44.  
45. while True:
46. # now wait for data back
47. recv_len = 1
48. response = ""
49.  
50. while recv_len:
51. data = client.recv(4096)
52. recv_len = len(data)
53. response += data
54.  
55. if recv_len < 4096:
56. break
57. print response,
58.  
59. # wait for more input
60. buffer = raw_input("")
61. buffer += "\n"
62.  
63. # send it off
64. client.send(buffer)
65.  
66. except:
67. print "[*] Exception! Exiting."
68.  
69. # tear down the connection
70. client.close()
71.  
72.  
73. def server_loop():
74. global target
75. global port
76.  
77. # if no target is defined, we listen on all interfaces
78. if not len(target):
79. target = "0.0.0.0"
80.  
81. server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
82. server.bind((target, port))
83. server.listen(5)
84.  
85. while True:
86. client_socket, addr = server.accept()
87.  
88. # spin off a new thread to handle the client
89. client_thread = threading.Thread(target=client_handler, args=(client_socket,))
90. client_thread.start()
91.  
92. def run_command(command):
93. # trim the newline
94. command = command.rstrip()
95.  
96. # run the command and get the output back
97. try:
98. output = subprocess.check_output(command,stderr=subprocess.STDOUT,shell=True)
99. except:
100. output = "[-] Failed to execute command\r\n"
101.  
102. # send the output back to the client
103. return output
104.  
105. def client_handler(client_socket):
106. global upload
107. global execute
108. global command
109.  
110. # check for upload
111. if len(upload_destination):
112.  
113. # read in all the bytes of the file and write to our destination
114.  
115. file_buffer = ""
116.  
117. # keep reading data until none is available
118. while True:
119. data = client_socket.recv(1024)
120.  
121. if not data:
122. break
123. else:
124. file_buffer += data
125.  
126. # now we take these bytes and write them out
127. try:
128. file_descriptor = open(upload_destination,"wb")
129. file_descriptor.write(file_buffer)
130. file_descriptor.close()
131.  
132. # acknowledge that we wrote the file out
133. client_socket.send("Successfully saved file to %s/r/n" % upload_destination)
134. except:
135. client_socket.send("Failed to save file to %s/r/n" % upload_destination)
136.  
137. # check for command execution
138. if len(execute):
139.  
140. # run the command
141. output = run_command(execute)
142.  
143. client.socket.send(output)
144.  
145. # now we go into another loop if a command shell was requested
146.  
147. if command:
148. while True:
149. # show a simple prompt
150. client_socket.send("<cmd_$:#> ")
151.  
152. # now we revieve until we see a linefeed (enter key)
153. cmd_buffer = ""
154. while "\n" not in cmd_buffer:
155. cmd_buffer += client_socket.recv(1024)
156.  
157. # we have a valid command so execute it and send back the results
158. response = run_command(cmd_buffer)
159.  
160. # send the response back to the client
161. client_socket.send(response)
162.  
163. def main():
164. # needed to modify global copies of variables
165. global listen
166. global port
167. global execute
168. global command
169. global upload_destination
170. global target
171.  
172. if not len(sys.argv[1:]): # if there is more than one element in the array
173. usage()
174.  
175. # read the commandline options
176. try:
177. opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu",["help","listen","execute","target","port","command","upload"])
178. except getopt.GetoptError as err:
179. print str(err)
180. usage()
181.  
182. for o,a in opts:
183. if o in ("-h", "--help"):
184. usage()
185. elif o in ("-l", "--listen"):
186. listen = True
187. elif o in ("-e", "--execute"):
188. execute = a
189. elif o in ("-c", "--commandshell"):
190. command = True
191. elif o in ("-u", "--upload"):
192. upload_destination = a
193. elif o in ("-t", "--target"):
194. target = a
195. elif o in ("-p", "--port"):
196. port = int(a)
197. else:
198. assert False, "Unhandled Option"
199.  
200. # are we going to listen or just send data from stdin?
201. if not listen and len(target) and port > 0:
202.  
203. # read in the buffer from the commandline
204. # this will block, so send CTRL-D if not sending input
205. # to stdin
206.  
207. buffer = sys.stdin.read()
208.  
209. print "sending data"
210. # send data off
211. client_sender(buffer)
212.  
213. # we are going to listen and potentially
214. # upload things, execute commands, and drop a shell back
215. # depending on our command line options above
216. if listen:
217. server_loop()
218.  
219. main()