A small backdoor on Flask or how to control a computer on a local network
Hi, Habr!
Recently, I looked at the downloaded version of Stream programming “How to create your own web application on Flask”. And I decided to consolidate my knowledge in some project. I didn’t know what to write for a long time and the idea came to me: “Why not make a mini backdoor on Flask?”.
The first versions of the implementations and capabilities of the backdoor immediately appeared in my head. But I decided to immediately make a list of backdoor features:
')
So, the first item is extremely easy to implement using the webbrowser module. I decided to implement the second item with the os module. And the third is also through the os module, but I will use the “links” (more on that later).
Server writing
So, * drum roll * all server code:
I already dumped all the code, it's time to explain the essence.
All code runs on the local computer on port 5000. To interact with the server, we must send a JSON POST request.
JSON request structure:
Well, it is logical that 'command' is the command we want to execute. And 'data' are command arguments.
You can write and send JSON requests to interact with the server with handles (requests for assistance). And you can write a console client.
Client writing
Code:
Explanations:
First of all, the requests module is imported (to interact with the server). Further descriptions of the start and test functions. And then the cycle in which the magic happens. Did you read the code? So you understand the meaning of the magic that happens in the cycle. Enter the command - it is executed. Shell - command line commands (logic rolls over ).
Test - check if the server is working (backdoor)
Link - use the "label"
Openweb - site opening
Quit - exit from client
Set - set the ip of your computer on the local network
And now more in detail about link.
Next to the server is the file link.txt. It contains links (full path) to files (video, photos, programs).
The structure is as follows:
We have a backdoor server for managing a computer on a local network (inside a wi-fi network). Technically, we can run the client from any device that has a python interpreter.
PS I added the set command so that if a computer on the local network is assigned another ip, it can be changed directly in the client.
Recently, I looked at the downloaded version of Stream programming “How to create your own web application on Flask”. And I decided to consolidate my knowledge in some project. I didn’t know what to write for a long time and the idea came to me: “Why not make a mini backdoor on Flask?”.
The first versions of the implementations and capabilities of the backdoor immediately appeared in my head. But I decided to immediately make a list of backdoor features:
')
- Be able to open sites
- Have access to the command line
- Be able to open programs, photos, videos
So, the first item is extremely easy to implement using the webbrowser module. I decided to implement the second item with the os module. And the third is also through the os module, but I will use the “links” (more on that later).
Server writing
So, * drum roll * all server code:
from flask import Flask, request import webbrowser import os import re app = Flask(__name__) @app.route('/mycomp', methods=['POST']) def hell(): json_string = request.json if json_string['command'] == 'test': return 'The server is running and waiting for commands...' if json_string['command'] == 'openweb': webbrowser.open(url='https://www.'+json_string['data'], new=0) return 'Site opening ' + json_string['data'] + '...' if json_string['command'] == 'shell': os.system(json_string['data']) return 'Command execution ' + json_string['data'] + '...' if json_string['command'] == 'link': links = open('links.txt', 'r') for i in range(int(json_string['data'])): link = links.readline() os.system(link.split('>')[0]) return 'Launch ' + link.split('>')[1] if __name__ == '__main__': app.run(host='0.0.0.0') I already dumped all the code, it's time to explain the essence.
All code runs on the local computer on port 5000. To interact with the server, we must send a JSON POST request.
JSON request structure:
{'command': 'comecommand', 'data': 'somedata'} Well, it is logical that 'command' is the command we want to execute. And 'data' are command arguments.
You can write and send JSON requests to interact with the server with handles (requests for assistance). And you can write a console client.
Client writing
Code:
import requests logo = ['\n\n', '****** ********', '******* *********', '** ** ** **', '** ** ** ** Written on Python', '******* ** **', '******** ** **', '** ** ** ** Author: ROBOTD4', '** ** ** **', '** ** ** **', '******** *********', '******* ********', '\n\n'] p = '' iport = '192.168.1.2:5000' host = 'http://' + iport + '/mycomp' def test(): dict = {'command': 'test', 'data': 0} r = requests.post(host, json=dict) if r.status_code == 200: print (r.content.decode('utf-8')) def start(): for i in logo: print(i) start() test() while True: command = input('>') if command == '': continue a = command.split() if command == 'test': dict = {'command': 'test', 'data': 0} r = requests.post(host, json=dict) if r.status_code == 200: print (r.content.decode('utf-8')) if a[0] == 'shell': for i in range(1, len(a)): p = p + a[i] + ' ' dict = {'command': 'shell', 'data': p} r = requests.post(host, json=dict) if r.status_code == 200: print (r.content.decode('utf-8')) p = '' if a[0] == 'link': if len(a) > 1: dict = {'command': 'link', 'data': int(a[1])} r = requests.post(host, json=dict) if r.status_code == 200: print (r.content.decode('utf-8')) else: print(' !') if a[0] == 'openweb': if len(a) > 1: dict = {'command': 'openweb', 'data': a[1]} r = requests.post(host, json=dict) if r.status_code == 200: print (r.content.decode('utf-8')) else: print(' !') if a[0] == 'set': if a[1] == 'host': ip = a[2] + ':5000' if command == 'quit': break Explanations:
First of all, the requests module is imported (to interact with the server). Further descriptions of the start and test functions. And then the cycle in which the magic happens. Did you read the code? So you understand the meaning of the magic that happens in the cycle. Enter the command - it is executed. Shell - command line commands (
Test - check if the server is working (backdoor)
Link - use the "label"
Openweb - site opening
Quit - exit from client
Set - set the ip of your computer on the local network
And now more in detail about link.
Next to the server is the file link.txt. It contains links (full path) to files (video, photos, programs).
The structure is as follows:
_>
_>Total
We have a backdoor server for managing a computer on a local network (inside a wi-fi network). Technically, we can run the client from any device that has a python interpreter.
PS I added the set command so that if a computer on the local network is assigned another ip, it can be changed directly in the client.
Source: https://habr.com/ru/post/448360/
All Articles