A small backdoor on Flask or how to control a computer on a local network
Hello, Habr!
I recently watched the downloaded version of the programming stream "How to Build Your Flask Web Application". And he decided to consolidate his knowledge in some project. For a long time I did not know what to write and the idea came to me: “Why not make a mini-backdoor on Flask?”.
The first options for the implementation and capabilities of the backdoor immediately appeared in my head. But I decided to immediately make a list of backdoor features:
So, the first item is extremely easy to implement using the webbrowser module. The second point I decided to implement using the os module. And the third one is also through the os module, but I will use "links" (more on that later).
Writing a server
So, * drum roll * all server code:
I already dumped all the code, it's time to explain the essence.
All code runs on the local computer on port 5000. To interact with the server, we must send a JSON POST request.
JSON request structure:
Well, it’s logical that 'command' is the command we want to execute. And 'data' are the arguments of the command.
You can write and send JSON requests to interact with the server with pens (requests help you). Or you can write a console client.
Customer Writing
Code:
Explanations:
The first step is importing the requests module (for interacting with the server). Further description of the start and test functions. And then the cycle in which the magic happens. Have you read the code? So the meaning of the magic that happens in the cycle is clear to you. Enter the command - it runs. Shell - commands for the command line (logic goes through the roof ).
Test - check if the server (backdoor)
is working Link - use the “shortcut”
Openweb - open the
Quit website - exit the
Set client - set the ip of your computer on the local network
And now more about link.
Next to the server is the link.txt file. It contains links (full path) to files (videos, photos, programs).
The structure is as follows:
We have a backdoor server for controlling a computer on a local network (inside a wi-fi network). Technically, we can run the client from any device that has a python interpreter.
PS I added the set command so that if a different ip is assigned to a computer on the local network, it can be changed directly in the client.
I recently watched the downloaded version of the programming stream "How to Build Your Flask Web Application". And he decided to consolidate his knowledge in some project. For a long time I did not know what to write and the idea came to me: “Why not make a mini-backdoor on Flask?”.
The first options for the implementation and capabilities of the backdoor immediately appeared in my head. But I decided to immediately make a list of backdoor features:
- Be able to open sites
- Have command line access
- Be able to open programs, photos, videos
So, the first item is extremely easy to implement using the webbrowser module. The second point I decided to implement using the os module. And the third one is also through the os module, but I will use "links" (more on that later).
Writing a server
So, * drum roll * all server code:
from flask import Flask, request
import webbrowser
import os
import re
app = Flask(__name__)
@app.route('/mycomp', methods=['POST'])
def hell():
json_string = request.json
if json_string['command'] == 'test':
return 'The server is running and waiting for commands...'
if json_string['command'] == 'openweb':
webbrowser.open(url='https://www.'+json_string['data'], new=0)
return 'Site opening ' + json_string['data'] + '...'
if json_string['command'] == 'shell':
os.system(json_string['data'])
return 'Command execution ' + json_string['data'] + '...'
if json_string['command'] == 'link':
links = open('links.txt', 'r')
for i in range(int(json_string['data'])):
link = links.readline()
os.system(link.split('>')[0])
return 'Launch ' + link.split('>')[1]
if __name__ == '__main__':
app.run(host='0.0.0.0')
I already dumped all the code, it's time to explain the essence.
All code runs on the local computer on port 5000. To interact with the server, we must send a JSON POST request.
JSON request structure:
{‘command’: ‘comecommand’, ‘data’: ‘somedata’}Well, it’s logical that 'command' is the command we want to execute. And 'data' are the arguments of the command.
You can write and send JSON requests to interact with the server with pens (requests help you). Or you can write a console client.
Customer Writing
Code:
import requests
logo = ['\n\n',
'****** ********',
'******* *********',
'** ** ** **',
'** ** ** ** Written on Python',
'******* ** **',
'******** ** **',
'** ** ** ** Author: ROBOTD4',
'** ** ** **',
'** ** ** **',
'******** *********',
'******* ********',
'\n\n']
p = ''
iport = '192.168.1.2:5000'
host = 'http://' + iport + '/mycomp'
def test():
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
def start():
for i in logo:
print(i)
start()
test()
while True:
command = input('>')
if command == '':
continue
a = command.split()
if command == 'test':
dict = {'command': 'test', 'data': 0}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
if a[0] == 'shell':
for i in range(1, len(a)):
p = p + a[i] + ' '
dict = {'command': 'shell', 'data': p}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
p = ''
if a[0] == 'link':
if len(a) > 1:
dict = {'command': 'link', 'data': int(a[1])}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('Комманда не содержит аргументов!')
if a[0] == 'openweb':
if len(a) > 1:
dict = {'command': 'openweb', 'data': a[1]}
r = requests.post(host, json=dict)
if r.status_code == 200:
print (r.content.decode('utf-8'))
else:
print('Комманда не содержит аргументов!')
if a[0] == 'set':
if a[1] == 'host':
ip = a[2] + ':5000'
if command == 'quit':
break
Explanations:
The first step is importing the requests module (for interacting with the server). Further description of the start and test functions. And then the cycle in which the magic happens. Have you read the code? So the meaning of the magic that happens in the cycle is clear to you. Enter the command - it runs. Shell - commands for the command line (
Test - check if the server (backdoor)
is working Link - use the “shortcut”
Openweb - open the
Quit website - exit the
Set client - set the ip of your computer on the local network
And now more about link.
Next to the server is the link.txt file. It contains links (full path) to files (videos, photos, programs).
The structure is as follows:
полный_путь>описание
полный_путь>описаниеTotal
We have a backdoor server for controlling a computer on a local network (inside a wi-fi network). Technically, we can run the client from any device that has a python interpreter.
PS I added the set command so that if a different ip is assigned to a computer on the local network, it can be changed directly in the client.