subprocess - Running netcat listener and sql injection in one python script

Question

Hi so I'm pretty new to python programming and I've got an assignment that I'm busy with that requires me to do the following all in one python script:

1.Login to dvwa (BTW this is all being done in DVWA(Damn Vunerable Web Application)

2.Set up a listener

3.Send payload to DVWA using SQL Injection

4.Execute the payload (payload contains a simple netcat bind shell)

5.Receive the connection and use the shell

I've done most of this with success, the only thing I'm struggling with is creating a subprocess for the listener, I haven't worked with subprocesses before and it's very confusing.

So at the moment I'm calling netcat in a subprocess:

subprocess.call("nc -nvlp {}".format(port), shell=True)

But it's not executing the code after the listener subprocess because it's waiting for a connection, but a connection won't happen until the code below the listener gets executed. Any suggestions on how I would go about running more code after the listener subprocess? Thanks in advance.

question from:https://stackoverflow.com/questions/65842457/running-netcat-listener-and-sql-injection-in-one-python-script

Answer 1

I have found the solution, by running the subprocess in the background it completed the code below and gave me shell access.

So simply changing:

subprocess.call("nc -nvlp {}".format(port), shell=True)

To:

subprocess.Popen("nc -nvlp {}".format(port), shell=True)

Solved my problem !