So I decided to write a simple python port scanner but I wanted it to support to TCP, UDP, port ranges (22,23,135-139,443,445,3389 etc) and IP ranges(192.168.0.1/24, 192.168.10-20, example.com)
I also wanted to limit the libraries I used for use on locked down systems, thus, we only use socket, sys and argparse.
The first thing to do was get the code working for a single host and then slowly add bits… Continue reading
So we have found the base64 string “SGVsbG9Xb3JsZCE=” on a locked down workstation and we want to decode. Quite often we don’t have access to tools so here’s a list of ways to decode the string using various languages.
Python12>>> import base64 >>> base64.b64decode("SGVsbG9Xb3JsZCE=")
PowerShell12PS > [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("SGVsbG9Xb3JsZCE=")) blahblah
Perl12use MIME::Base64; print decode_base64("SGVsbG9Xb3JsZCE=");
BASH1echo SGVsbG9Xb3JsZCE= | base64 --decode
C#12byte data = Convert.FromBase64String("SGVsbG9Xb3JsZCE=");… Continue reading
So the Juniper Netscreen/SSG ScreenOS password hash is a bit of a hidden mystery. I had in my hand the config of a Netscreen device and I wanted to perform a reverse of the password hashes to see if they were weak.
In this case here’s the line from the config:1set admin user "admin" password "nAePB0rfAm+Nc4YO3s0JwPHtRXIHdn" privilege "all"
John The ripper has supported Netscreen passwords since back in 2008… Continue reading
So not so recently support was added to metasploit for a native python meterpreter. The cool thing about this is that the victim only needs to execute a few small lines of code.
This means that if you’re performing a local lockdown test and manage to get access to a python shell it wont take much more effort to turn this into a meterpreter session.12msfvenom -f raw -p… Continue reading
So in order to teach myself how to create multi-threaded python apps I decided to have a go this morning at writing a simple MD5 bruteforcer (using a wordlist).
The way this works is that you create worker threads and each worker thread pulls an item from the queue and processes it; when finished it pulls another item from the queue and so on.123456789101112131415161718192021222324252627282930313233343536373839#!/usr/bin/env python # md5brute.py import sys,Queue,threading,hashlib,os… Continue reading