1 概述
前几天在调试某应用的远程利用漏洞的时候,遇到一个问题,折腾了好久,在此记录一下
场景1:宿舍wifi
使用python 搭建server,使用android编译apk 远程connect python server —成功
场景2:手机热点wifi
使用python 搭建server,使用android编译apk 远程connect python server —失败,connect timeout
即使是设置为超长的时间也不能
场景3:手机热点wifi/宿舍wifi
使用python 搭建client,使用android编译apk 最为server端 —成功连接
即使是设置为超长的时间也不能
目前为止,关于场景2为什么会失败,始终没有找到答案,在overflow上找了半天也没有答案,如果有人了解,请留言或者私信
参考文章:
TCP socket Android客户端 Python服务
Android客户端和Python服务器通信(一)
2 案例
2.1 python 服务端<---->Android 客户端
2.1.1 APK 关键代码
private void startNetThread(final String host, final int port) {
new Thread() {
public void run() {
try {
execCommandDemo();
//创建客户端对象
System.out.println("host = " + host);
Socket socket = new Socket(host, port);
String send_data = "please send cmd";
OutputStream outputStream = socket.getOutputStream();//获取客户端对象的输出流
outputStream.write(send_data.getBytes());//把内容以字节流的形式写入(data).getBytes();
outputStream.flush();//刷新流管道
InputStream is = socket.getInputStream(); // 获取 cmd
byte[] bytes = new byte[1024];//接收数据
int n = is.read(bytes);
String cmd_str = new String(bytes, 0, n);
System.out.println(cmd_str);
System.out.println("打印客户端中的内容:" + socket);
//关闭客户端
outputStream.close()
is.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
//启动线程
}.start();
}
2.1.2 Python 关键代码
//python3
def socket_server_for_poc():
host = '' # 为空代表为本地host
hostname = socket.gethostname()
hostip = getipaddrs(hostname)
print('host ip', hostip) # 应该显示为:127.0.1.1
port = 9999
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((hostip, port))
s.listen(4)
while True:
conn, addr = s.accept()
print('Connected by', addr)
data = conn.recv(1024)
print('Received', repr(data))
if not data:
break
cmd = input("Please intput your cmd:")
conn.sendall(cmd.encode()) # 发送
print('send', cmd)
conn.close()
2.2 python 客户端<---->Android 服务端
2.2.1 APK 关键代码
private void startNetServerThread(final String host, final int port) {
new Thread() {
public void run() {
try {
ServerSocket ss = new ServerSocket(port, 10, InetAddress.getByName(host));
System.out.println(ss.getInetAddress());
while (true) {
Socket socket = ss.accept();
String send_data = "connect server success please send cmd";
OutputStream outputStream = socket.getOutputStream();//获取客户端对象的输出流
outputStream.write(send_data.getBytes());//把内容以字节流的形式写入(data).getBytes();
outputStream.flush();//刷新流管道
InputStream is = socket.getInputStream();// 获取 cmd
byte[] bytes = new byte[1024]; //接收数据
int n = is.read(bytes);
String cmd_str = new String(bytes, 0, n);
System.out.println(cmd_str);
System.out.println("打印客户端中的内容:" + socket);
//关闭客户端
outputStream.close()
is.close();
socket.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}.start();
}
2.2.2 Python 关键代码
//python3
def socket_client_for_poc():
host = '192.168.xxx.xxx' # 为空代表为本地host
ip_port = (host, 10003)
sk = socket.socket()
sk.connect(ip_port)
while True:
data = sk.recv(1024)
print('Received', repr(data))
if not data:
break
cmd = input("Please intput your cmd:")
sk.sendall(cmd.encode()) # 发送
print('send', cmd)
sk.close()