Python Listener/Reverse Backdoor Issue

Hi folks,

I’m almost 3/4 of the way through Zaid’s Learn Python & Ethical Hacking From Scratch course and working on Listener/Reverse Backdoor project. First time messing with JSON and it’s got me a bit confuzzled. As far as I can tell, the code seems correct, according to Zaid’s instructions (although I did rename the class and the variable used to call it. I think it’s having a problem with the reliable_receive method when returning command output to my Kali VM. The victim VM is a Win10 box that’s running the reverse_backdoor code.

The socket creation seems fine as I’m getting a connection from the victim. However, when I enter any command it returns “None” as output. I believe the commands are running on the victim machine, as evidenced by the “Non authoritative answer” message that appears on its command line. Also, it seems to be taking the appropriate amount of time to return “None” when a more resource-intensive command is entered, like systeminfo.

Below are images of both the code and CLI results. Any python gurus out there see what I’m missing? I’ve tried .encode() on the json_data, but had no luck. Any help is appreciated. Thanks.

Code: https://ibb.co/k8pdVHX
CLI Output: https://ibb.co/rmR0pGv

Hi @jthomas2112, in your reverse_backdoor2.py program, is your indentation wrong, or did you correct it later? Also, Can you try to place print statement print (json.loads(json_data) in your reliable_receive function on both server-side and client-side and see what it prints out?

Hi Apurv,

I believe the indentation is correct. I didn’t get any “indent expected/not expected” exceptions the whole way through the project. I replaced “return (json.loads(json_data)” with “print(json.loads(json_data))” on both the client and server side and it printed “None” twice on the server (Kali) side. Client side remains the same. See images below. This is really puzzling.

I found the error. You are returning nothing while executing function execute_system_command in reverse_backdoor2.py. Just type return in front of subprocess.check_output(command, shell=True). I ran the code correcting it and it works fine.

Thank you Apurv, that worked! You’re a life saver, I’ve been chasing my tail for a week trying to figure this out. I wasn’t even looking at the execute_system_command method. Great job! :grin:

Hi again Apurv,

Almost there! So I’m on the final lecture and I’ve got everything working except for upload functionality. Windows commands like systeminfo, whoami, cd and cd … (directory navigation) all work fine. So does download. When I try to upload Sample.txt it trips the exception in the try statement and returns what I’d expect when something isn’t working: “[-] Error executing command.”. I also noticed in Zaid’s reverse backdoor code that he uses “except Exception as e:” I don’t remember him mentioning that in any of the lessons. To see where it was failing I temporarily replaced line 59 in listener_113.py with “except BufferError:”

It gave me a JSON not serializable error after doing that, but I can’t figure out where my mistake is. I’ve tried what Zaid mentioned in an earlier lecture using .encode/.decode, but still can’t get upload to work. Any chance you could take a glance and let me know where my mistake/s are?

Also, while watching the final lecture I noticed a few class that Zaid imported that I hadn’t seen in the earlier lectures in the Listener/Reverse Backdoor session. On the listener side he imports a class called shlex and on the reverse backdoor side he imports sys and shutil. I don’t have either of those in my code. Any idea what I missed there? Also, just an FYI, I’m using Python3.7 on both the Kali and Windows sides. I’ve attached images below.

Python Code:

Kali with original code intact. Another FYI here, I deleted Sample.txt from the Windows Downloads folder prior to trying to upload it :wink:
Kali - Screenshot 1

Kali CLI output with modified except:
Kali - Screenshot 2

From what it seems is that you are doing JSON encode and are not doing the decode before decoding the base64. You are mixing up JSON decode/encode, and B64 decode/encode. Also, shutil is a python program that helps for file copying and removal.
You can also look at my code that I wrote a few years ago if you want to see something simpler for file copy and paste to and fro. https://github.com/apurvsinghgautam/TCP-Reverse-Shell

Hi Apurv,

Your code looks nice for doing file transfer, I’ll try it out. Can you tell me where I’m mixing up JSON decode/encode and B64 decode/encode? Having a difficult time since both are relatively new to me. Is my mistake/s in the “elif upload” statement in the reverse_backdoor, or somewhere else?

-jthomas2112

In the reliable_send, you are doing json_data.encode but in the reliable_receive, you are not doing the json_data.decode

Ok, I tried this on both the server and client code:
Decode
It returned this, which looks pretty much exactly as it did before doing the .decode. And again. everything worked except upload.


As a side note I also tried moving the .decode() to this line:
json_data = json_data.decode() + self.connection.recv(1024)
When I move it there all commands return “Error executing command.”

As you can see from the error, the data being passed is in the bytes format and it is not JSON data. So you can’t use json.loads if the data is not JSON. You are encoding where there is no need for encoding. Just remove all the .encode and .decode and leave it to Python to make it JSON serializable. Try that and debug the errors one step at a time

I got the exact same problem after converting everything to Python 3.

Having read this thread over and over, i still cannot pinpoint the problem.

The upload function is the only thjing that does not work

Yeah, this is a problem when it comes to working with files. Python2 works differently than Python3 and we have to figure out how to deal with it. Usually, go through the errors one step at a time to understand what is going wrong.