python

So I decided to write a simple python port scanner but I wanted it to support to TCP, UDP, port ranges (22,23,135-139,443,445,3389 etc) and IP ranges(192.168.0.1/24, 192.168.10-20, example.com)

I also wanted to limit the libraries I used for use on locked down systems, thus, we only use socket, sys and argparse.

The first thing to do was get the code working for a single host and then slowly add bits… Continue reading

So we have found the base64 string “SGVsbG9Xb3JsZCE=” on a locked down workstation and we want to decode. Quite often we don’t have access to tools so here’s a list of ways to decode the string using various languages.

Python

12>>> import base64 >>> base64.b64decode("SGVsbG9Xb3JsZCE=")

PowerShell

12PS > [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("SGVsbG9Xb3JsZCE=")) blahblah

Perl

12use MIME::Base64; print decode_base64("SGVsbG9Xb3JsZCE=");

BASH

1echo SGVsbG9Xb3JsZCE= | base64 --decode

php

1echo base64_decode("SGVsbG9Xb3JsZCE=");

C#

12byte[] data = Convert.FromBase64String("SGVsbG9Xb3JsZCE=");… Continue reading

So the Juniper Netscreen/SSG ScreenOS password hash is a bit of a hidden mystery. I had in my hand the config of a Netscreen device and I wanted to perform a reverse of the password hashes to see if they were weak.

In this case here’s the line from the config:

1set admin user "admin" password "nAePB0rfAm+Nc4YO3s0JwPHtRXIHdn" privilege "all"

John The ripper has supported Netscreen passwords since back in 2008… Continue reading

So not so recently support was added to metasploit for a native python meterpreter. The cool thing about this is that the victim only needs to execute a few small lines of code.

This means that if you’re performing a local lockdown test and manage to get access to a python shell it wont take much more effort to turn this into a meterpreter session.

12msfvenom -f raw -p… Continue reading

So in order to teach myself how to create multi-threaded python apps I decided to have a go this morning at writing a simple MD5 bruteforcer (using a wordlist).

The way this works is that you create worker threads and each worker thread pulls an item from the queue and processes it; when finished it pulls another item from the queue and so on.

123456789101112131415161718192021222324252627282930313233343536373839#!/usr/bin/env python # md5brute.py import sys,Queue,threading,hashlib,os… Continue reading