Showing posts from 2012

Learning Python - Half-Duplex Chat Server/Client

#!/usr/bin/env python

import sys
from socket import *

usage = "Usage: ./ <Listening Port>"

if (len(sys.argv) > 1):
    LPORT = int(sys.argv[1])

BUFSIZE = 1024

serverID = ''
portNumb = ''

tcpChatSocket = socket(AF_INET, SOCK_STREAM)

chatID = raw_input('Enter you chat ID: ')
chatConversation = raw_input('"W" to wait for a connection, or press "I" to initiate a conversation. ')

while True:

    if chatConversation == "W":
        if serverID == '':
            print "Waiting for the connection..."
        tcpMySocket, ADDR = tcpChatSocket.accept()
        while True:
            data = tcpMySocket.recv(BUFSIZE)
            print data
            if not data:
        chatConversation = "I"
    elif chatConversation == "I":
        if serverID == …

Encode ASCII to Hex


# Usage: ./script-name <ASCII FILE> | tr -d '\n' > <ENCODED FILE>
# Take a file as the input


function encode {

    case ${1} in
        "") echo "%20" ;; "!") echo "%21" ;; "\"") echo "%22" ;;
        "#") echo "%23"    ;; "$") echo "%24" ;; "&") echo "%26" ;;
        "%") echo "%25"    ;; "'") echo "%27" ;; "(") echo "%28" ;;
        ")") echo "%29" ;; '*') echo '%2a' ;; '+') echo '%2b' ;;
        ',') echo '%2c' ;; '-') echo '%2d' ;; '.') echo '%2e' ;;
        "/") echo '%2f' ;; '0') echo '%30' ;; '1') echo '%31' ;;
        '2') echo '%32' ;; '3') echo '%33' ;; '4') ec…

Decode Hex to ASCII


# Written: December 2012

# This program is built to decode hex to ASCII text
# The program takes what it is given at the command line and then decodes it...


# echo $testInput -- If you echo it will read the string from the command line
# cat $testInput -- Takes the filename and decodes it
cat $testInput | sed 's/%20/ /g' | \
        sed 's/%21/!/g' | sed 's/%22/"/g' | sed 's/%23/#/g' | sed 's/%24/$/g' | \
        sed 's/%25/%/g' | sed 's/%26/&/g' | sed "s/%27/'/g" | sed 's/%28/(/g' | \
        sed 's/%29/)/g' | sed 's/%2a/*/g' | sed 's/%2b/+/g' | sed 's/%2c/,/g' | \
        sed 's/%2d/-/g' | sed 's/%2e/./g' | sed 's/%2f/\//g' | sed 's/%30/0/g' | \
        sed 's/%31/1/g' | sed 's/%32/2/g' | sed 's/%33/3/g' | sed 's/%34/4/g' | \
        sed 's/%35/5/g' | sed 's/%36/6/g' | sed &#…

Change syslog timestamp to Human Readable Date and Time



# This script is designed to take the first column of the syslog and convert it to a time stamp...
# This is given if the 3 0's are removed from the end of the time stamp if they exist

while read syslogLine

        timeRecreate=`echo $syslogLine | awk '{print "@"$1}'`
        dateRecreate=`date -d $timeRecreate`
        echo $dateRecreate" "$syslogLine

done < syslogFile.txt

Compare 2 Lists of IP Addresses

# Written by: Leon Trappett
# This script will take 2 lists of IP addresses from text files and then list the IP addresses that are common amongst them
# For example from a firewall log and a list of known compromised hosts


while read unusualIP

        while read firewallIP

                if [[ $unusualIP == $firewallIP ]]; then
                        echo "***" $firewallIP

                let countLoopA=countLoopA+1

        done < filename1.txt

        let countLoopB=countLoopB+1

#       echo $countLoopB " " $countLoopA

done < filename2.txt

Word Mangling a Word List to become a Password List


# Written: December 2012
# This program was written to take as input a file that contains a wordlist and then transform it to make a password list.
# The password list is designed to be that of an 8 character password
# This is not meant to be used maliciously

function mangleWord {

    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/1/' | sed 's/o/0/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/!/' | sed 's/o/0/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/1/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/!/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/'
    echo $1 | sed 's/a/@/'
    echo $1 | sed 's/e/3/' | sed 's/i/1/' | sed 's/o/0/'
    echo $1 | sed 's/e/3/' | sed 's/i/!/' | sed 's/o/0/'
    echo $1 | sed 's/e/3/' | sed 's/i/1/'
    echo $1 | sed 's/…

sqlmap - A Tool to Test SQL Injection

In a previous post I designed a simple web page that would accept a username and password.  I chose to test this same page for sql injections with a tool called sqlmap.

First taking the server response from a previous post I noticed the data was posted as "username=test&password=test".  Then I took this information and created the sqlmap command I was going to run.

python --data="username=test&password=test" --url="http://test.local" -t http.log

It was after some research that I found the "-t" option.  This outputs to a file the server and client responses in plain text or the encoding used. 

The http.log was a lot easier to use then wireshark that I initially was using.  I wanted to understand more of how sqlmap could gather the database name, table name and then the contents of this.

I grepped the http.log file for the keyword username= and found after url-decoding the SQL statements being sent back and forth.  Then I analyzed th…

Simple Bash HTTP Spider

I was tasked with finding broken links and links that did not link directly with a parent site.  Here is the simple Bash HTTP Spider that I wrote.  The followMaster.txt has the list of URLs referring to the parent site.  The links_outside.txt and links_outsideNew.txt have the external links or ones without the URL as the argument in them.

Usage: ./ http://url.url

# This script is design to spider a web site for URLs
# The first argument is the URL that will be spidered...
# This core URL will remain as the spider goes through the site
# Will spider 5 rounds through the URLs found

if [ $# -eq 0 ]; then
    echo "Example: ./ url"
    echo "URL - URL to spider"
    echo ""

wget $1 -O main.txt

cat main.txt | grep "a href" | sed 's/.*<a href="//' | sed 's/">.*//' | awk '{print $1}' | grep -v -e "javascript:" | sed 's/"//' | grep "$1" | sort | uniq

Brute Force HTTP Login

The purpose of this post is to better understand how to brute force an HTTP login.  So I took the time to design a real simple web application in php with a MySQL database.  This is so I could have a test server to work from.

The php code is below that I used:
<FORM NAME="index" method="POST" action="checklogin.php">
        echo '<TABLE><TR>';
        echo '<TD>Username</TD><TD><input type=text name=username size=20></TD>';
        echo '</TR><TR>';
        echo '<TD>Password</TD><TD><input type=password name=password size=20></TD>';
        echo '</TR><TR>';
        echo '<TD COLSPAN=2><CENTER><input type=submit value=Login></CENTER></TD>';
        echo '</TR></TABLE>';

The php code for chec…