telnetServer.py - Remote-Code-Command-execution - A naive ssh clone, with screen sharing

telnetServer.py (4309B)
      1 import socket
      2 import threading
      3 import random
      4 import os
      5 import utility
      6 import subprocess
      7 import pyautogui
      8 
      9 parentDir = utility.getpath()
     10 
     11 # get server IP
     12 IP = utility.get_ip_address()
     13 PORT = 5566
     14 ADDR = (IP, PORT)
     15 SIZE = 1024
     16 FORMATmsg = "utf-8"
     17 
     18 u_name = []     # list of usernames
     19 u_addr = []     # list of ip addresses
     20 u_conn = []     # list of connections
     21 u_pin = []      # list of pins
     22 u_port = []     # list of ports
     23 
     24 
     25 # server functions
     26 def start():
     27     global server
     28 
     29     print(f"SERVER IP = {IP}\n")
     30     print("[STARTING] Server is starting...")
     31     server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     32     server.bind(ADDR)
     33     server.listen()
     34     print(f"[LISTENING] Server is listening on {IP}:{PORT}")
     35 
     36 # broadcast connection list
     37 def broadcast(message):
     38     if message == 'LIST':
     39         for addr in u_conn:
     40             msg = str(u_name)
     41             msg = "[LIST] CONNECTION LIST: " + msg
     42             addr.send(msg.encode(FORMATmsg))
     43             msg = str(u_port)
     44             msg = "[LIST] CONNECTION LIST: " + msg
     45             addr.send(msg.encode(FORMATmsg))
     46     else:
     47         for addr in u_conn:
     48             addr.send(message.encode(FORMATmsg))
     49 
     50 def exec_cmd(msg):
     51     result = executeCommand(msg)
     52     print(f'Output: {result}')
     53     broadcast(result)
     54 
     55 def handle_client(conn, addr, u_name):
     56     print(f"[SERVER] [NEW CONNECTION] {u_name}:{addr} connected.")
     57 
     58     connected = True
     59     while connected:
     60         msg = conn.recv(SIZE).decode(FORMATmsg)
     61 
     62         print('[Incoming request]: ')
     63         print(f"[{u_name}:{addr}] {msg}")                   # print msg in server console
     64 
     65         print('Executing command...')
     66         # str = input()
     67         # print(str)
     68         str = msg
     69         # if str == "exit()":
     70         #     exit()
     71         if str[0]=="!" and str[1]!="!":
     72                 str = str.replace("`", "\n")
     73                 pyautogui.write(str[1:], interval = 0.05)
     74                 continue
     75         if str[0]== '!' and str[1 == '!']:
     76             spl = str[2:].split('~')
     77             if len(spl)==1:
     78                 pyautogui.hotkey(spl[0])
     79                 continue
     80             if len(spl)==2:
     81                 pyautogui.hotkey(spl[0], spl[1])
     82                 continue
     83 
     84         Thr = threading.Thread(target=exec_cmd, args=(msg,))
     85         Thr.start()
     86 
     87     conn.close()
     88 
     89 def executeCommand(command):
     90     result = os.popen(command).read()
     91     return result
     92 
     93 def startVideoStream():
     94     print('\nStarting video stream...')
     95     process = subprocess.Popen(['cmd', '/C', 'streamVideo.bat'], creationflags= subprocess.CREATE_NEW_CONSOLE)
     96 
     97     print(f'Video Stream: Path: http://{IP}:5000')
     98 
     99 def main():
    100     utility.printUI()
    101     start()
    102     startVideoStream()
    103 
    104     temp_port = PORT+1
    105     while True:
    106         conn, addr = server.accept()
    107         while True:
    108             temp_name = conn.recv(SIZE).decode(FORMATmsg)
    109             print(f"[CLIENT] Username: {temp_name}")
    110             if temp_name in u_name:
    111                 print("[SERVER] Username not accepted")
    112                 conn.send("NOTACCEPTED!".encode(FORMATmsg))
    113             else:
    114                 print("[SERVER] Username accepted")
    115                 conn.send(temp_name.encode(FORMATmsg))
    116                 break
    117         
    118         temp_pin = str(random.randint(1000, 9999))
    119         print(f"[AUTHENTICATING] Current Pin: {temp_pin}")
    120         msg_pin = conn.recv(SIZE).decode(FORMATmsg)
    121         
    122         if msg_pin != temp_pin:
    123             print("[SERVER] PIN not accepted")
    124             conn.send("try again".encode(FORMATmsg))
    125             continue
    126         else:
    127             print("[SERVER] PIN accepted")
    128             conn.send("!ACCEPTED".encode(FORMATmsg))
    129         
    130         
    131         conn.recv(SIZE).decode(FORMATmsg)
    132         conn.send(str(temp_port).encode(FORMATmsg))
    133 
    134         print(f"[SERVER] {temp_name} added to network")
    135         
    136         
    137         clientThread = threading.Thread(target=handle_client, args=(conn, addr, temp_name))
    138         clientThread.start()
    139 
    140 
    141         u_pin.append(temp_pin)
    142         u_name.append(temp_name)
    143         u_addr.append(addr)
    144         u_conn.append(conn)
    145         u_port.append(temp_port)
    146         temp_port += 1
    147 
    148         # broadcast connection list
    149         broadcast('LIST')
    150 
    151         print(f"\n[SERVER][ACTIVE CONNECTIONS] {threading.active_count() - 2}")
    152     pass
    153 
    154 
    155 if __name__ == "__main__":
    156     main()
	Remote-Code-Command-execution A naive ssh clone, with screen sharing
	git clone https://github.com/abdulrahim2002/Remote-Code-Command-execution
	Log \| Files \| Refs \| README