[Request] for password implementation in the system. about python-backdoor HOT 9 CLOSED

Seems pretty easy I'll work on this later.

from python-backdoor.

@ArlenRicard I am confused why you would need a password system since the only way to inreact with the client is through my server.

from python-backdoor.

The idea I gave, is to improve the security of the client and server with some password that only both communicate with each other, and completely isolate any other access.
I know that only those who use your server will be successful in using the features. I know the chances are remote. But supposing that somehow, by coincidence somebody ran your server and that person has acquired my old ip. That way she will have access.
And anyway it is not impossible, as the client is trying to reconnect frequently with the reverse function, the person can try to exploit a possible failure and gain access if I have my old dynamic ip.
so this is an optional suggestion, but with this encryption, it would improve security.

I use a firewall system, and in the logs I realized that someone had communicated with my clients, I do not know if he even had access to the resources. But the connection had been stabilized.

from python-backdoor.

@ArlenRicard Using what program did someone communicate with your clients?

from python-backdoor.

So, how could I know what listening system the supposed attacker used?
The only thing I know, is that I had left the default port on the client in 3000. Until then I had not changed ..
And looking at the firewall logs, there was my old external ip with connection stabilized on that port, that external ip was obviously being used by someone else.
And surely she had some server running on that 3000 port.
There is no way for me to know if she had access to the resources of server.py, as she would only have if she had been using your server, any other backdoor server would hang.

But then we come back to my suggestion. If the person had been using your server, surely he would have accessed the entire client system. Therefore there is a need to have a pre-authentication between server and client. One password set on the client and one on the server, so that only both use the resources provided.

from python-backdoor.

Sorry, I'm using google translator, and I had not seen the entire translation. He exchanged the word "your" for "his".

from python-backdoor.

I will probably never add this.

from python-backdoor.

@ArlenRicard I have been working on a reverse shell with AES Encryption for a few days now, it doesn't have all the features Python-Backdoor has yet, but It could help. Here's the link

from python-backdoor.

WIth encryption this is no longer needed.

from python-backdoor.