Jump to content
Hak5 Forums

Search the Community

Showing results for tags 'python'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Packet Squirrel
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 16 results

  1. Hello, what would be the best way to execute a python script from the bash bunny? It downloads things using the wget python module, and I'd like them to be downloaded to the victim's pc.
  2. WhiteDNS - Mini DNS server

    WhiteDNS WhiteDNS is something I've been working on for a few days now. It's basically a small DNS server that only serves domains it knows/has listed. A whitelisting DNS server, hence WhiteDNS. Link to the Github repo is here. Instead of explaining everything it can do, I'll just provide examples of queries to this DNS server. The main documentation is in the python script itself and there is a bit on the Github. If I query "test" using nslookup.. [ SERVER SIDE ] # test isn't in ROUTES therefore only responds with a preset IP if query not in ROUTES then return 127.0.0.1 [ CLIENT SIDE ] QUERY: nslookup test 127.0.0.1 # Assuming server is hosted on local PC OUTPUT: Non-authoritative answer: Server: test Addresses: 127.0.0.1 If I give "test" a corresponding IP then query "test" using nslookup.. [ SERVER SIDE ] # test is in ROUTES therefore responds with corresponding IP test. -> 192.168.1.10 if query not in ROUTES then return 127.0.0.1 if query is in ROUTES then return query's set IP (192.168.1.10) [ CLIENT SIDE ] QUERY: nslookup test 127.0.0.1 # Assuming server is hosted on local PC OUTPUT: Non-authoritative answer: Server: test Addresses: 192.168.1.10 What if the querier is under a company domain or some other domain? Won't it come up with this super long domain name that the server can't recognise? Well, yes, you are correct. However, you are also not.. Example: If I query "test" and my PC is under the domain "company.local" this is what happens: [ SERVER SIDE ] # test is in ROUTES therefore responds with corresponding IP test -> 192.168.1.10 # notice how I removed the '.' here as well string = first bit of query (test.company.local.) if string not in ROUTES then return 127.0.0.1 if string is in ROUTES then return query's set IP (192.168.1.10) [ CLIENT SIDE ] QUERY: nslookup test 127.0.0.1 # Assuming server is hosted on local PC OUTPUT: Non-authoritative answer: Server: test.company.local Addresses: 192.168.1.10 This server can potentially be made into a payload and served on the Bunny for all your DNS pentesting needs. That was my end goal and now that I've done the hard part I figured I would release this as a python server and let others create payloads on it. Because it is a whitelisting server you can set the primary DNS server on a PC to the Bunny (which is hosting the server) and block any phone-homes made by the PC allowing you to basically ignore the rest of the network's hostnames. Or you could collect them all or change them all to go through the Bunny instead..or reset all the hostnames to go to a specific IP (does that already, really..). Possibilities are as far as a DNS server goes! :P I hope this helps someone achieves their DNS pentesting dreams or even helps you understand how a DNS server works. Keep in mind though, this is a very simple DNS server and only responds with generic answers. It can't handle ridiculously complex DNS queries - not that many internal queries require that.
  3. TLDR: https://github.com/ThoughtfulDev/PyDuckGen Hey, since the Simple-Ducky Payload Generator is discontinued i think.. i just wanted to create an easy way to generate existing payloads and move the needed files to the Rubber Ducky. PyDuck is a Python Script which helps you to get your once written USB Rubber Ducky Payloads onto your Duck's SDCard quickly. You can even change variable components by using a simple set <attribute> <val> command. All of this is made easy with a Metasploit like interface. Simply choose your payload with use <payload> configure it and there you go :) Have a look into the bundled modules in the module folder to understand the attributes but here is a quick explanation. Your duckscript is: ... STRING <replacable_text> ... In your module.json just add you attribute to the attributes tree like this: "attributes": { "replacable_text": "The default value" } If you know load your payload with 'use <your_payload>' you can now use the following: set replacable_text Hak5 is awesome :) If you then generate the inject.bin using: gen or generate the <replacable_text> will be replaced with Hak5 is awesome. Isn't that...awesome? :D You can even add folder/files to your module.json which are needed for you payload (have a look at the mimikatz_lazagne payloads to see how this works.) I really suggest that you have a look at the existing payloads to figure out how this works :D More Information can be found on the Github Repo: https://github.com/ThoughtfulDev/PyDuckGen Let me know what you think.
  4. I'm stuck while working on a prank payload. While the target computer is locked or logged off, I'm trying to find a way or see if it's even possible to copy a single file from the BB onto the target computer either into multiple Users folders or searching for a specific named file and replacing them with the file on the BB. Since the target computer would be locked or logged out, using the command prompt or powershell scripts is out of the question. I'm thinking that anything done would have to be solely done on the BB side, setup as say the SMB_Exfil payload only in reverse with the BB setting up as an SMB server, copy the file from the BB to an SMB temp folder, pulling the targets IP, and either copying the file over to the target computer or searching for a file name within the target computer from the IP address and replacing it with file. I'm just thinking out loud since I'd started working on this and using a CMD script to do the job (which works so far, but I'm still testing it), but wanted to see if it was possible to remove the CMD script for this to be accomplished without needing to be logged into the computer. If it takes learning python to write a script for the BB to be able to do this I'll do it, but I'd rather ask if anyone else thinks or knows it would be possible. Any thoughts?
  5. Python server not continuous on BB

    Hey all, I've got a problem with my python server. The Bash Bunny doesn't want to handle it forever, so it seems to stop handling after about 5 seconds (or shutting it down, can't tell which). The exact same code works locally on my computer (python script that runs a simple SocketServer), and it runs forever (using httpd.serve_forever()), however the BB doesn't want to run it forever. Any ideas why the BB stops handling? EDIT: Just for those that are interested, the browser error says "Site cannot be reached; connection was reset (ERR_CONNECTION_RESET)".
  6. Trouble with Python Script

    Hi Everyone, I am currently writing my first script for the Bash Bunny. I am done with it and I know it works locally. I think there is a disconnect somewhere with me locating where on the Bash Bunny the payload is located? My log turns up empty when run from the Bash Bunny. I also noticed my light is turning Green (finished) before I even show it as a connected network device. Is that possible to start running the script before having the internet? I thought it waited until it received an IP. Anyway - any help would be greatly appreciated. Thanks in advance. LOOTDIR="/root/udisk/loot/brutebunny" # Setup Ethernet LED R B # ATTACKMODE RNDIS_ETHERNET ATTACKMODE ECM_ETHERNET # Need Switch Position source bunny_helpers.sh # Setup loot directory and working directory mkdir -p $LOOTDIR # Bruteforce LED G R 100 python /root/udisk/payloads/$SWITCH_POSITION/BruteBunny.py >> $LOOTDIR/log.txt # Finished LED G I am testing this on Ubuntu. Thanks, Decoy
  7. Hello, do you guys know if it's possible to capure Client(s)-to-WifiRouter(s) probe request, just like Karma does, but without "answering" to any of those requests by using python? I mean, to passively monitor surrounding devices' probes and log them in to a text file or something, but be invisible in their wifi network list. Any python libraries suggestions would be appreciated!
  8. Upload python scripts

    Once I deploy the LAN Turtle, SSH into it using my own VPS, is it possible to run my own custom python scripts using the LAN turtle terminal. For example: I write my own python keylogger script and SCP it onto my LAN Turtle. Is there a way to run this? I'm unsure if this will work as this is connected via ethernet, not necessarily a normal USB stick. Thanks for your time.
  9. CrackMapExec is a fantastic tool developed by Byt3bl33de3r and can be found here: https://github.com/byt3bl33d3r/CrackMapExec As stated in the repo's README, it's powered by Impacket and takes queues and inspiration from several other tools targeting SMB, WMI, and Windows in general. I recommend reading up on it if you are unfamiliar. For now, it's worth mentioning that CrackMapExec (CME) is also a Python library that can be installed with pip and used like a standard tool, i.e. you can type "crackmapexec" and use it without needing a Python script to act as a vehicle. I installed it on the Bunny and have used it for some network based attacks using RNDIS_ETHERNET mode. If you'd like to do the same, I encourage you to install pip. Connect to the Bunny via SSH and use curl with the "insecure" and output file options, like so: cd /pentest curl -k -O https://bootstrap.pypa.io/get-pip.py Now check your Bunny's current system date and time. If it's not current then you need to update it or Python and SSL will throw a fit because the date/time is wrong. Then use Python to run the script: python get-pip.py That may take some time to complete, but pip will open up a lot of possibilities and assist with Python tools and dependencies. Once that's done, you'll need to install packages required for supporting OpenSSL/PyOpenSSL. You'll need to have shared your internet connection with the Bunny for this to work. apt-get install build-essential libssl-dev libffi-dev python-dev Once those packages have been installed successfully, you should now be able to successfully use pip to install CME. If something goes wrong with this next step, it's almost certainly related to the cryptography library and a missing dependency. Read the error carefully and Google it. You can be certain there will be several GitHub and StackOverflow hits at the top. Run pip: pip install crackmapexec Once that is done, you can test everything by just running "crackmapexec" in your terminal and you should see CME spit out its help text and version information. You're now ready to include CME commands in your Bunny payloads. CME is a network attack tool, so you can use it against locked PCs. A very basic example of this is: crackmapexec $TARGET_IP That command tells CME to connect to the target's IP address via SMB. If that much can be done, CME will return a hostname and the target's operating system build. This is a fast "attack" and can be used to, let's say, fingerprint a machine quickly to prove you had access and collect some information. You can go a step further with this: crackmapexec $TARGET_IP -u "" -p "" That tells CME to try a Null session with SMB. If the target disallows Null sessions nothing bad happens. You still get the basic OS details. If the target allows for a Null session to be initiated then you can check for success and then potentially proceed with something like running CME again with the addition of "--shares" to enumerate network shares and gather additional information. If you happen to have a password hash or credentials from an earlier attack (perhaps phishing or passed to you from a teammate), those creds can be used with CME and any CME-based payload can be easily edited to include the credentials for a much wider variety of attacks.
  10. Hello everyone! I'm currently trying to make the script "fakeAP" work on my Pineapple. This script simply creates a fake AP, I let you imagine what for. The problem is: This script require Scapy to work. I tried to install it but when I run the setup script, It says that it can't find "distutils.core". Distutils is used to install python package. I searched a way to install it but, when I try to install it (via OPKG or from source), it says: * pkg_write_filelist: Failed to open //usr/lib/opkg/info/python-distutils.list: No space left on device. * opkg_install_pkg: Failed to extract data files for python-distutils. Package debris may remain! * opkg_install_cmd: Cannot install package python. * opkg_conf_write_status_files: Can't open status file //usr/lib/opkg/status: No space left on device. So, my Pineapple don't have enough space left. I tried to tweak the opkg.conf so it can install it on my sd card (mounted on /sd) but it fails everytime. I deleted a bunch of my modules and temp files, but the result is the same. Has anyone a solution ? Thanks and sorry for bad english! :)
  11. Hi, As a starter project for messing around with TK, I made a replacement for the wp6.sh script with a GUI. It's a bit basic to say the least, but it should be functional. I'm aware that I should really be using classes to build my application, but this is just an excuse to code something. Hopefully, someone might ind this useful. Anyway, the code (such as it is) is located here: https://github.com/phpsystems/PineappleSetupGui Phpsystems.
  12. Hi, I've been crunching away at this python3 script(s) for the past month and I would like some input on how to make it better. I based this bot off of Paul Mutton's work from the book “IRC Hacks.” Threading, having less hard coded variables, self healing, and making this code less dyslexic is definitely on the to do list! Let me know what you think :3 https://github.com/notpike/PikeBot
  13. Hi all, I was looking at trying wifite2 on the tetra mainly for the 5ghz addition over the std wifite which works reasonably well. It seemed to require stty, so I installed coreutils-stty and that got me a little further so it runs and finds networks. But as soon as you specify a target it hits an issue with :- WPA-handshake attack: waiting for handshake... [!] Error: global name 'err' is not defined [!] Full stack trace below [!] Traceback (most recent call last): [!] File "./Wifite.py", line 171, in <module> [!] w.main() [!] File "./Wifite.py", line 34, in main [!] self.run() [!] File "./Wifite.py", line 120, in run [!] attack.run() [!] File "/root/wifite2-master/py/AttackWPA.py", line 80, in run [!] if handshake.has_handshake(): [!] File "/root/wifite2-master/py/Handshake.py", line 61, in has_handshake [!] if len(self.tshark_handshakes()) > 0: [!] File "/root/wifite2-master/py/Handshake.py", line 127, in tshark_handshakes [!] if not Process.exists('tshark'): [!] File "/root/wifite2-master/py/Process.py", line 51, in exists [!] if stdout == '' and err == '': [!] NameError: global name 'err' is not defined At first i thought this was to do with STDOUT & STDERR so I looked at libdaemon from opkg but that doesn't seem to make a difference. Did anyone already try wifite2 and if so did you get any further? would love to hear from you. Cheers all
  14. pip/install python modules?

    Looking to install some python modules for a project. pip is not there. Tried a workaround that seemed have failed. So what are my options? And can I get a list of python modules available for the Turtle ahead of time? (to avoid wasting time)
  15. Learning python!

    Hello there guys! nice to see you! Just wanted to know about the power of python from you leets, im a beginner! trying to learn new things of python can you please tell me what are the things could be done with python?? Can I use python for IoT devices? is it gonna help me only in scripting ?
  16. Hi Guys, I've been working on a python script to help organize the pineapple's SSID pool. Most of the work I do with the pineapple has to do with attracting unassociated clients. As such it's sometimes undesirable to have an extremely large SSID pool. For instance, if I'm trying to grab a client and it's looking for an SSID that's 2250 on the list, but the pineapple rolling through SSIDs at number 5 on the list, I might miss my opportunity. To help combat this, I generally use an SSID list that is smaller in number, but the SSIDs on that list are SSIDs that many people use (Ex: attwifi, panera, CableWifi). Up until now I've just been looking at multiple lists trying to pick out ones I think clients will be broadcasting. The script makes use of pineapple's pineap.log file. You can find this file by going to the Logging system module and clicking the Download button after you've used Pineap to log some probe requests. You can also find it on the pineapple in the /tmp/ directory. This file starts anew after each restart. If you place pineap.log in the same directory as the script and run the script, the script will: - harvest of the SSIDs and the mac addresses that probed for them - eliminate all duplicate requests - assign each SSID a rank based on the number of times a unique device requested that SSID - sort the SSID with the highest rank to the top with each successive rank behind - write the results to two files. The first file, SSIDlist.log, has just SSIDs listed in their appropriate rank order. The second file, finalRanking.log, has the same but each SSID has it's rank next to it. What I then do is edit SSIDlist.log, erase all but the top 100 SSIDs, rename the file to ssid_file, and place it in the pineapple's /etc/pineapple/ directory. (More on that here: https://forums.hak5.org/index.php?/topic/38060-ssid-pool-management/?p=275753) Now my standard pool of SSIDs are the top 100 SSIDs used in my part of the world. Just to give you an example of how I'm using this on the ground. Yesterday I took my pineapple to a large target area. I needed to know what SSIDs would most likely ensnare the devices and the employees' personal devices on that campus. I spent over an hour walking the grounds and ended up with over 450 SSIDs. Using this script, I'll cut that 450 down to 100 or even 50 to increase the speed and efficiency of grabbing a client. The example files that are with the script are from me driving around Tampa yesterday with the pineapple in the back of my car. Just for the record, war driving is a terrible way to collect probe requests for an area. You're better off walking. You might be asking, why isn't this a module? First, I've never used javascript or php. I'm attempting to learn, but I'm not even close. So if anyone finds this helpful enough and wants to make it a module, be my guest. Finally, I'd like to make a suggestion. If you use this script for a particular area and you don't mind sharing, I would like to make a repository of Top 100's on regions all over the world. I have webspace at skinnyrd.com and can post them all there in an organized fashion. The more distinct the region, like neighborhoods or industrial parks in cities vs entire metro areas, the better. If you live in a small town, that's welcome to. If you'd really rather not share, no big deal. If you have any questions just let me know. Have a great day! SSIDsort.zip
×