Posts

Showing posts from May, 2014

Python: Cipher and Base64 Encoding / Decoding

Below is part of a challenge that I came up with to first create like a caesar cipher or rot13 similar cipher and then use base64 to encode a URL.  Below is the python code to accomplish this:

#!/usr/bin/python

import string
import base64

url = "http://i1.ytimg.com/vi/jp4nzjap6I8/movieposter.jpg?v=4f16e5dc"
my_base64chars  = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
std_base64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

s = url.translate(string.maketrans(my_base64chars, std_base64chars))
data = base64.b64encode(s)
print data

Below is how to decode the same information:
#!/usr/bin/python
import string import base64
code = "cjMzejovL3NCLjgzc3dxLm15dy81cy90ekV4OXRrekdTSS93eTVzb3p5MjNvMS50enE/NT1FcEJHb0ZubQ==" output = base64.b64decode(code) print output
my_base64chars  = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/" std_base64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmno…

Malware Analysis with twistd

On Kali Linux is an application called "twistd".  I utilized this program to spin up a quick FTP server and then an SMTP server to analyze some malware.  

To spin up the ftp server the following command was used:
twistd -n ftp -p 21 This allowed the malware to connect and allow me to pull the FTP username and FTP password was was being utilized.  I was also able to gather the SMTP information that I needed.  The DNS and other information was gathered with dnsspoof and other utilities.

To spin up the smtp server I needed to to allow for some sort of AUTH.   I utilized the following command:

twistd -n mail --smtp=25 --maildirdbmdomain='test.com=test' --user='test@test.com=password' --auth=anonymous -E --hostname=test.com This tool was quick and efficient to gather information that I needed quickly.From the malware I was able to identify the following indicators of compromise:

Email with Subject: Fw: CREDIT PAYMENT ALERT!($14,700.00) 
Link in email downloads: bank pay…