Posts

Showing posts from 2012

Learning Python - Half-Duplex Chat Server/Client

#!/usr/bin/env python

import sys
from socket import *

usage = "Usage: ./clientChat.py <Listening Port>"

if (len(sys.argv) > 1):
    LPORT = int(sys.argv[1])
else:
    sys.exit(usage)

LOCALHOST = ''
BUFSIZE = 1024
ADDR = (LOCALHOST, LPORT)

serverID = ''
portNumb = ''

tcpChatSocket = socket(AF_INET, SOCK_STREAM)
tcpChatSocket.bind(ADDR)
tcpChatSocket.listen(5)

chatID = raw_input('Enter you chat ID: ')
chatConversation = raw_input('"W" to wait for a connection, or press "I" to initiate a conversation. ')

while True:

    if chatConversation == "W":
        if serverID == '':
            print "Waiting for the connection..."
        tcpMySocket, ADDR = tcpChatSocket.accept()
        while True:
            data = tcpMySocket.recv(BUFSIZE)
            print data
            if not data:
                break
        chatConversation = "I"
    elif chatConversation == "I":
        if serverID == …

Encode ASCII to Hex

#!/bin/bash

# Usage: ./script-name <ASCII FILE> | tr -d '\n' > <ENCODED FILE>
# Take a file as the input

testInput=$1

function encode {

    case ${1} in
        "") echo "%20" ;; "!") echo "%21" ;; "\"") echo "%22" ;;
        "#") echo "%23"    ;; "$") echo "%24" ;; "&") echo "%26" ;;
        "%") echo "%25"    ;; "'") echo "%27" ;; "(") echo "%28" ;;
        ")") echo "%29" ;; '*') echo '%2a' ;; '+') echo '%2b' ;;
        ',') echo '%2c' ;; '-') echo '%2d' ;; '.') echo '%2e' ;;
        "/") echo '%2f' ;; '0') echo '%30' ;; '1') echo '%31' ;;
        '2') echo '%32' ;; '3') echo '%33' ;; '4') ec…

Decode Hex to ASCII

#!/bin/bash

# Written: December 2012

# This program is built to decode hex to ASCII text
# The program takes what it is given at the command line and then decodes it...

testInput=$1

# echo $testInput -- If you echo it will read the string from the command line
# cat $testInput -- Takes the filename and decodes it
cat $testInput | sed 's/%20/ /g' | \
        sed 's/%21/!/g' | sed 's/%22/"/g' | sed 's/%23/#/g' | sed 's/%24/$/g' | \
        sed 's/%25/%/g' | sed 's/%26/&/g' | sed "s/%27/'/g" | sed 's/%28/(/g' | \
        sed 's/%29/)/g' | sed 's/%2a/*/g' | sed 's/%2b/+/g' | sed 's/%2c/,/g' | \
        sed 's/%2d/-/g' | sed 's/%2e/./g' | sed 's/%2f/\//g' | sed 's/%30/0/g' | \
        sed 's/%31/1/g' | sed 's/%32/2/g' | sed 's/%33/3/g' | sed 's/%34/4/g' | \
        sed 's/%35/5/g' | sed 's/%36/6/g' | sed &#…

Change syslog timestamp to Human Readable Date and Time

#!/bin/bash

#

# This script is designed to take the first column of the syslog and convert it to a time stamp...
# This is given if the 3 0's are removed from the end of the time stamp if they exist

while read syslogLine
do

        timeRecreate=`echo $syslogLine | awk '{print "@"$1}'`
        dateRecreate=`date -d $timeRecreate`
        echo $dateRecreate" "$syslogLine

done < syslogFile.txt

Compare 2 Lists of IP Addresses

#!/bin/bash
# Written by: Leon Trappett
#
# This script will take 2 lists of IP addresses from text files and then list the IP addresses that are common amongst them
# For example from a firewall log and a list of known compromised hosts

countLoopA=0
countLoopB=0

while read unusualIP
do

        while read firewallIP
        do

                if [[ $unusualIP == $firewallIP ]]; then
                        echo "***" $firewallIP
                        break
                fi

                let countLoopA=countLoopA+1

        done < filename1.txt


        let countLoopB=countLoopB+1

#       echo $countLoopB " " $countLoopA


done < filename2.txt

Word Mangling a Word List to become a Password List

#!/bin/bash

# Written: December 2012
#
# This program was written to take as input a file that contains a wordlist and then transform it to make a password list.
# The password list is designed to be that of an 8 character password
# This is not meant to be used maliciously

function mangleWord {

    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/1/' | sed 's/o/0/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/!/' | sed 's/o/0/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/1/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/' | sed 's/i/!/'
    echo $1 | sed 's/a/@/' | sed 's/e/3/'
    echo $1 | sed 's/a/@/'
    echo $1 | sed 's/e/3/' | sed 's/i/1/' | sed 's/o/0/'
    echo $1 | sed 's/e/3/' | sed 's/i/!/' | sed 's/o/0/'
    echo $1 | sed 's/e/3/' | sed 's/i/1/'
    echo $1 | sed 's/…

sqlmap - A Tool to Test SQL Injection

In a previous post I designed a simple web page that would accept a username and password.  I chose to test this same page for sql injections with a tool called sqlmap.

First taking the server response from a previous post I noticed the data was posted as "username=test&password=test".  Then I took this information and created the sqlmap command I was going to run.

python sqlmap.py --data="username=test&password=test" --url="http://test.local" -t http.log

It was after some research that I found the "-t" option.  This outputs to a file the server and client responses in plain text or the encoding used. 

The http.log was a lot easier to use then wireshark that I initially was using.  I wanted to understand more of how sqlmap could gather the database name, table name and then the contents of this.

I grepped the http.log file for the keyword username= and found after url-decoding the SQL statements being sent back and forth.  Then I analyzed th…

Simple Bash HTTP Spider

I was tasked with finding broken links and links that did not link directly with a parent site.  Here is the simple Bash HTTP Spider that I wrote.  The followMaster.txt has the list of URLs referring to the parent site.  The links_outside.txt and links_outsideNew.txt have the external links or ones without the URL as the argument in them.

Usage: ./spider.sh http://url.url

#!/bin/bash
# This script is design to spider a web site for URLs
# The first argument is the URL that will be spidered...
# This core URL will remain as the spider goes through the site
# Will spider 5 rounds through the URLs found

if [ $# -eq 0 ]; then
    echo "Example: ./spider.sh url"
    echo "URL - URL to spider"
    echo ""
    exit
fi

wget $1 -O main.txt

cat main.txt | grep "a href" | sed 's/.*<a href="//' | sed 's/">.*//' | awk '{print $1}' | grep -v -e "javascript:" | sed 's/"//' | grep "$1" | sort | uniq
&g…

Brute Force HTTP Login

The purpose of this post is to better understand how to brute force an HTTP login.  So I took the time to design a real simple web application in php with a MySQL database.  This is so I could have a test server to work from.

The php code is below that I used:
<HTML>
<BODY>
<FORM NAME="index" method="POST" action="checklogin.php">
<?php
        echo '<TABLE><TR>';
        echo '<TD>Username</TD><TD><input type=text name=username size=20></TD>';
        echo '</TR><TR>';
        echo '<TD>Password</TD><TD><input type=password name=password size=20></TD>';
        echo '</TR><TR>';
        echo '<TD COLSPAN=2><CENTER><input type=submit value=Login></CENTER></TD>';
        echo '</TR></TABLE>';
?>
</FORM>
</BODY>
</HTML>

The php code for chec…