SMK Muhammadiyah 2 Palembang
  • Introducation
  • The Basics
    • Basics of linux
    • Bash-scripting
    • Vim - Text Editor
    • Nano - Text Editor
  • Windows
    • Basics of windows
    • PowerShell
    • CMD - Windows commands
  • Scripting With Python
    • Python fundamentals
      • Useful Scripts
    • Transferring Files
      • Transferring Files on Linux
      • Transferring Files to Windows
    • Firewalls
  • Recon and Information Gathering Phase
    • Passive information gathering
    • Identify IP-addresses and Subdomains
      • Dorking Find Subdomains
      • Find Subdomains
      • DNS Basics
      • DNS Zone Transfer Attack
      • Identifying People
      • Search Engine Discovery
      • Active information gathering
      • Port Scanning
  • Vulnerability analysis
    • Server-side Vulnerabilities
      • Port knocking
    • HTTP - Web Vulnerabilities
      • Web-services
      • Common web-services
        • WAF - Web application firewall
          • WAF - Web application firewall
          • Attacking the System
          • Local File Inclusion (LFI)
          • Remote File Inclusion
          • Find hidden files and directories
          • SQL-injections
          • Nosql-injections
          • XML External Entity Attack
          • Bypass File Upload Filtering
          • Exposed Version Control
          • Failure to Restrict URL Access
    • Attacking the user
      • Clickjacking
      • Broken Authentication or Session Management
      • Text/content-injection
      • Subdomain Takeover
      • Cross Site Request Forgery
      • Cross-site-scripting
        • Examples
      • Browser vulnerabilities
      • Java applet
      • Automated Vulnerability Scanners
    • Exploiting
      • Social Engineering - Phishing
      • Default Layout of Apache on Different Versions
      • Shell
      • Webshell
      • Generate shellcode
      • Editing exploits
      • Compiling windows exploits
    • Post Exploitation
      • Spawning shells
      • Meterpreter shell for post-exploitation
      • Privilege Escalation
      • Privilege Escalation Windows
      • Escaping Restricted Shell
      • Bypassing antivirus
      • Loot and Enumerate
        • Loot Windows
        • Loot Linux
      • Persistence - Rootkit - Backdoor
      • Cover your tracks
  • Password Cracking
    • Generate custom wordlist
    • Offline password cracking
    • Online password cracking
    • Pass the hash - reusing hashes
  • Pivoting - Port forwarding - Tunneling
    • Pivoting
  • Network traffic
    • Arp-spoofing - Sniffing traffic
      • SSL-strip
    • DNS-spoofing
    • Wireshark
  • Wifi
    • WPS
    • WEP
  • Physical access to machine
  • Literature
Powered by GitBook
On this page
  • Make Request
  • Read and write to files
  • Basic banner-grabber
  • Connecting to SMTP
  • Client/Server using sockets
  1. Scripting With Python
  2. Python fundamentals

Useful Scripts

Make Request

Sometimes we might want to make a request to a website programmatically. Instead of having to visit the page in the browser. In Python we can to it the following way.

If you don't have the module requests installed you can install it like this.

pip install requests

import requests

req = requests.get("http://site.com")
print req.status_code
print req.text

Custom headers

We might receive a 403 error if we don't include a user-agent. Or we might want to send a specific header. We can do that the following way.

import requests

headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, sdch",
"Accept-Language": "en-US,en;q=0.8,es;q=0.6,sv;q=0.4",
"Cache-Control": "max-age=0",
"Connection": "keep-alive",
"Cookie": "_gauges_unique_hour=1; _gauges_unique_day=1; _gauges_unique_month=1; _gauges_unique_year=1; _gauges_unique=1",
"Host": "docs.python-requests.org",
"If-Modified-Since": "Wed, 03 Aug 2016 20:05:34 GMT",
"If-None-Match": 'W/"57a24e8e-e1f3"',
"Referer": "https://www.google.com/",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36"
}

req = requests.get("http://site.com", headers=headers)
print req.status_code
print req.text

If you need to add an action, like loggin in or something like that, to your request you do the following:

values = {'action' : 'whatever'}
req = requests.get("http://site.com", data=values, headers=headers)

Here is the documentation http://docs.python-requests.org/en/master/user/quickstart/

Read and write to files

Many times we want to read through files and do stuff do it. This can of course be done using bash but we can also do it in python. It might be easier to parse text in python.

file_open = open("readme.txt", "r")
for line in file_open:
    print line.strip("\n")
    if line.strip("\n") == "rad 4":
        print "last line"

Basic banner-grabber

Here is an example of the most basic usage of the socket module. It connects to a port and prints out the response.

#!/user/bin/env python

# Importing the socket module
import socket

# We use the socker() method of the module socket and store it in the variable s.
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Here we use the connect method of the socket we created. The two arguments are pretty self-explanatory
# The first is the adress the second is the port.
s.connect(("192.168.1.104", 22))

# Here we save what the socket reviewed in the variable answer.
answer = s.recv(1024)
print answer

# Send stuff. REMEMBER THE \r\n

s.send("this is my message\r\n")
print s.recv(1024)

# Here we close the socket.
s.close

If you need to check all 65535 ports this might take some time. If a packet is sent and recieved that makes it 65535 seconds, it translates into about 18 hours. So to solve that we can run the a function in new threads.

from multiprocessing.dummy import Pool as ThreadPool
pool = ThreadPool(300)
results = pool.map(function, array)

Read more about parallellism here: http://chriskiehl.com/article/parallelism-in-one-line/

Connecting to SMTP

A crappy script to connect to a smtp-server and if you are allowed to test for users with VRFY it goes ahead and test for the users that you input from a file. One very important thing to note here, that had me stuck for quite a while is that you need to send the query strings in raw-format

The here is fundamental!!

s.send('VRFY root \r\n')
#!/usr/bin/python
import socket
import sys
import time
import re

ips = [
"192.168.1.22",
"192.168.1.72"
]

users = ["root"]

userfile = open("/fileWithUsernames.txt", "r")
for line in userfile:
    user = line.strip("\n")
    users.append(user)


for ip in ips:
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((ip, 25))
    banner = s.recv(1024)

    print "****************************"
    print "Report for " + ip
    print banner
    s.send('VRFY root \r\n')
    answerUsername = s.recv(1024)
    answerAsArray = answerUsername.split(" ")

    if answerAsArray[0] == "502":
        print "VRFY failed"
    if answerAsArray[0] == "250":
        print "VRFY command succeeded.\nProceeding to test usernames"

        for username in users:
            time.sleep(5)
            s.send("VRFY " + username + "\r\n")

            answerUsername = s.recv(1024)
            answerUsernameArray = answerUsername.split(" ")
            print answerUsernameArray[0]
            if answerUsernameArray[0] == "250":
                print "Exists: " + username.strip("\n") 
            else :
                print "Does NOT exist: " + username.strip("\n")
    if answerAsArray[0] == "252":
        print "FAILED - Cannot verify user"
    else:
        "Some other error or whatever here it is: \n" + answerUsername



    s.close()

Client/Server using sockets

http://programmers.stackexchange.com/questions/171734/difference-between-a-socket-and-a-port

PreviousPython fundamentalsNextTransferring Files

Last updated 2 years ago