1 概述
前幾天在調試某應用的遠程利用漏洞的時候,遇到一個問題,折騰了好久,在此記錄一下
場景1:宿舍wifi
使用python 搭建server,使用android編譯apk 遠程connect python server —成功
場景2:手機熱點wifi
使用python 搭建server,使用android編譯apk 遠程connect python server —失敗,connect timeout
即使是設置爲超長的時間也不能
場景3:手機熱點wifi/宿舍wifi
使用python 搭建client,使用android編譯apk 最爲server端 —成功連接
即使是設置爲超長的時間也不能
目前爲止,關於場景2爲什麼會失敗,始終沒有找到答案,在overflow上找了半天也沒有答案,如果有人瞭解,請留言或者私信
參考文章:
TCP socket Android客戶端 Python服務
Android客戶端和Python服務器通信(一)
2 案例
2.1 python 服務端<---->Android 客戶端
2.1.1 APK 關鍵代碼
private void startNetThread(final String host, final int port) {
new Thread() {
public void run() {
try {
execCommandDemo();
//創建客戶端對象
System.out.println("host = " + host);
Socket socket = new Socket(host, port);
String send_data = "please send cmd";
OutputStream outputStream = socket.getOutputStream();//獲取客戶端對象的輸出流
outputStream.write(send_data.getBytes());//把內容以字節流的形式寫入(data).getBytes();
outputStream.flush();//刷新流管道
InputStream is = socket.getInputStream(); // 獲取 cmd
byte[] bytes = new byte[1024];//接收數據
int n = is.read(bytes);
String cmd_str = new String(bytes, 0, n);
System.out.println(cmd_str);
System.out.println("打印客戶端中的內容:" + socket);
//關閉客戶端
outputStream.close()
is.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
//啓動線程
}.start();
}
2.1.2 Python 關鍵代碼
//python3
def socket_server_for_poc():
host = '' # 爲空代表爲本地host
hostname = socket.gethostname()
hostip = getipaddrs(hostname)
print('host ip', hostip) # 應該顯示爲:127.0.1.1
port = 9999
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((hostip, port))
s.listen(4)
while True:
conn, addr = s.accept()
print('Connected by', addr)
data = conn.recv(1024)
print('Received', repr(data))
if not data:
break
cmd = input("Please intput your cmd:")
conn.sendall(cmd.encode()) # 發送
print('send', cmd)
conn.close()
2.2 python 客戶端<---->Android 服務端
2.2.1 APK 關鍵代碼
private void startNetServerThread(final String host, final int port) {
new Thread() {
public void run() {
try {
ServerSocket ss = new ServerSocket(port, 10, InetAddress.getByName(host));
System.out.println(ss.getInetAddress());
while (true) {
Socket socket = ss.accept();
String send_data = "connect server success please send cmd";
OutputStream outputStream = socket.getOutputStream();//獲取客戶端對象的輸出流
outputStream.write(send_data.getBytes());//把內容以字節流的形式寫入(data).getBytes();
outputStream.flush();//刷新流管道
InputStream is = socket.getInputStream();// 獲取 cmd
byte[] bytes = new byte[1024]; //接收數據
int n = is.read(bytes);
String cmd_str = new String(bytes, 0, n);
System.out.println(cmd_str);
System.out.println("打印客戶端中的內容:" + socket);
//關閉客戶端
outputStream.close()
is.close();
socket.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}.start();
}
2.2.2 Python 關鍵代碼
//python3
def socket_client_for_poc():
host = '192.168.xxx.xxx' # 爲空代表爲本地host
ip_port = (host, 10003)
sk = socket.socket()
sk.connect(ip_port)
while True:
data = sk.recv(1024)
print('Received', repr(data))
if not data:
break
cmd = input("Please intput your cmd:")
sk.sendall(cmd.encode()) # 發送
print('send', cmd)
sk.close()