Subprocess module is a very unique and life easy module. Sometimes we have to perform some functionality in which we have to do functions on the system or the system files. If we write a code for such things, it can be lengthy and need higher expertise in system programming. However, the subprocess module made it very easy. If you know the command line for doing anything we can perform and executes the command from the python program.
So, let’s look at how to make a program that can run a command. Here is the code of subprocess.
If we run this problem, the return code will be 0. Why it is 0? 0 means that the command has executed successfully. So, what will be the return code when the command is not right? Here is the example of what will happen when the command is not right:
In the above example, we have changed a little bit and make the echo to echo, which makes the command wrong and it will print 127 as the return code.
Outputting the Value:
The above mention code only shows the return code but how to get the output. The output of the command can be getting by giving the argument in a run function, and the argument is stdout. Following code to get the output of the command line.
The stdout will return the output value. The output is in the form of bytes, so we have to decode the string first and then print it. It prints Hello World as it is.
Now let us take a look on listing the files within a directory. As we know in Linux, we use ‘ls’ command to list the files within a directory.
So the output is:
It shows all the files within that folder.
Pipe in Subprocess:
In sub-process, we can give multiple commands with arguments. For this purpose, we are using a pipe. Following code is used to run pipe with subprocess.
Here the return code will be none because the return code argument is none is and for getting the error, we have to assign stderr arguments. The output of the above code will be as follows:
This command shows all the detail of the file or folder. This is the subprocess. We can do anything which we can do with the command line we can do with subprocess. This module work with all OS like Mac, Linux, and Windows.
Reverse Shell Project:
We have learned many fundamental aspects of the Python programming language now, and it’s time to do a small project. In this project, we will be using the skills of networking and combine it with subprocess to access the system of other person and make command line functionality on their computer. This function will run locally, means the system must be using the same network. So, let’s begin:
The server.py file is straightforward; it is merely sending the message as a string. User has to send the commands as a string. If the command is equal to quite than the server will stop and exit the function. Moreover, if the command length is greater than 0 than it will send it to the client and at the same time the command will be fetched which show the current status of the terminal. Now let see what we have to do in order to execute the commands on the client side.
In client.py file we start with the importing os, subprocess, and sockets. The os module is used to get the current working directory from the client end so that it will be outputted on a server to track the location.
Then we connect the client with the server. If the connection is established it will enter in a while block.
In a while block, the program receives the data. As we know that cd command does not provide any output so id the command contains the cd at the start so it changes the directory and then the command will be executed. Then there is another if condition which sees that if data is greater than the length of zero. If it is true than command will be executed and the output and current working directory will be sent to the server where user can make another request.
The figures below show the server program as follows:
moreover, the client-side file is as follows:
As it is shown in figure 2, we first make an echo hello world command than we list the directory which returns all the file of that folder. In last we created the new folder named as RS_Folder which was made successfully. To use with other systems the actual IP address will be replaced by the localhost in both files, and it will execute the function in two separate systems.