I built this python script to take remote commands and execute them locally on the droid as if I had terminal access. It establishes a connection on port 21000 on the droid. Then you can connect using netcat or other clients. Then I added the functionality (since the 1st terminal emulator would not allow cat of files) to view the contents of files. With this I discovered the insecure storage of files on the sdcard that other researchers have also recognized.
import android
import os
from socket import *
droid = android.Android()
HOST=''
PORT=21000
BUFSIZE=1024
ADDR = (HOST, PORT)
tcpSrvSocket = socket(AF_INET, SOCK_STREAM)
tcpSrvSocket.bind(ADDR)
tcpSrvSocket.listen(5)
while True:
tcpClientSocket, addr = tcpSrvSocket.accept()
print 'Connected from:', addr
while True:
data = tcpClientSocket.recv(BUFSIZE)
if not data:
break
if "cat" in data:
# Remove the 'cat ' in the data
fileName = data[4:]
# Remove the newline character at the end
fileName2 = fileName[:-1]
fileContent = open(fileName2, 'r')
for line in fileContent:
tcpClientSocket.send('%s' % line)
else:
returnData = os.popen(data, 'r')
for eachLine in returnData:
tcpClientSocket.send('%s' % eachLine)
tcpClientSocket.close()
tcpSrvSocket.close()
Sunday, May 19, 2013
Friday, May 17, 2013
SL4A Python Script - Delete SMS Messages from Phone based on Keyword
I developed this script to run on my droid to remove the SMS messages that are sent to me from the python script that logs into Twitter using OAUTH and sends me a text through an email account.
This was to assist in keeping my text messages cleaned out.
import android
droid = android.Android()
msgids = droid.smsGetMessages(False).result
for message in msgids:
if "14100" in message['address']:
#print message['_id']
#droid.ttsSpeak(message['body'])
droid.smsDeleteMessage(message['_id'])
The script also has the capability to speak the messages prior to deleting them.
This was to assist in keeping my text messages cleaned out.
import android
droid = android.Android()
msgids = droid.smsGetMessages(False).result
for message in msgids:
if "14100" in message['address']:
#print message['_id']
#droid.ttsSpeak(message['body'])
droid.smsDeleteMessage(message['_id'])
The script also has the capability to speak the messages prior to deleting them.
Friday, May 3, 2013
Great Book: Violent Python by TJ O'Conner - Geo Location Script Adapted
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Script was adapted from Violent Python by TJ O'Conner
import dpkt
import socket
import pygeoip
import optparse
# Geodatabase from Maxmind
gi = pygeoip.GeoIP('geo.dat')
def retKML(description, ip):
rec = gi.record_by_name(ip)
try:
longitude = rec['longitude']
latitude = rec['latitude']
kml = (
'<Placemark>\n'
'<name>%s</name>\n'
'<Point>\n'
'<coordinates>%6f,%6f</coordinates>\n'
'</Point>\n'
'</Placemark>\n'
) %(description, longitude, latitude)
return kml
except:
return ''
def main():
# logfile.log contains 2 columns consisting of the label and the IP Address
f = open('logfile.log', 'r')
kmlPoints = ''
count = 1
for line in f:
info = line.split()
for item in info:
if count == 1:
description = item
count = 2
else:
ip = item
count = 1
location = retKML(description, ip)
kmlPoints = kmlPoints + location
kmlheader = '<?xml version="1.0" encoding="UTF-8"?>\n<kml xmlns="http://www.opengis.net/kml/2.2">\n<Document>\n'
kmlfooter = '</Document>\n</kml>\n'
kmldoc = kmlheader + kmlPoints + kmlfooter
print kmldoc
if __name__ == '__main__':
main()
# -*- coding: utf-8 -*-
# Script was adapted from Violent Python by TJ O'Conner
import dpkt
import socket
import pygeoip
import optparse
# Geodatabase from Maxmind
gi = pygeoip.GeoIP('geo.dat')
def retKML(description, ip):
rec = gi.record_by_name(ip)
try:
longitude = rec['longitude']
latitude = rec['latitude']
kml = (
'<Placemark>\n'
'<name>%s</name>\n'
'<Point>\n'
'<coordinates>%6f,%6f</coordinates>\n'
'</Point>\n'
'</Placemark>\n'
) %(description, longitude, latitude)
return kml
except:
return ''
def main():
# logfile.log contains 2 columns consisting of the label and the IP Address
f = open('logfile.log', 'r')
kmlPoints = ''
count = 1
for line in f:
info = line.split()
for item in info:
if count == 1:
description = item
count = 2
else:
ip = item
count = 1
location = retKML(description, ip)
kmlPoints = kmlPoints + location
kmlheader = '<?xml version="1.0" encoding="UTF-8"?>\n<kml xmlns="http://www.opengis.net/kml/2.2">\n<Document>\n'
kmlfooter = '</Document>\n</kml>\n'
kmldoc = kmlheader + kmlPoints + kmlfooter
print kmldoc
if __name__ == '__main__':
main()
Powershell Script to Fix Unquoted Path Vulnerability
# This script is designed to fix an unquoted path vulnerability that could be detected as a vulnerability
# Designed for Powershell
$Username = 'username'
$Password = 'password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
# Resolve the IP Address to a Hostname
$hostName = [System.Net.DNS]::GetHostbyAddress("IP Address").HostName
# Created to change the unquoted path for "A Service"
$info = Invoke-Command -ComputerName $hostName -ScriptBlock {
(Get-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\Service Name" -Name ImagePath).ImagePath
} -credential $Cred
if ($info -eq 'Z:\Path Name')
{
Write-Host "Service does not contain quotes adding them for Service"
Invoke-Command -ComputerName $hostName -ScriptBlock {
Set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\Service Name" -Name ImagePath -Value '"Z:\Path Name"'
} -credential $Cred
}
# Designed for Powershell
$Username = 'username'
$Password = 'password'
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$pass
# Resolve the IP Address to a Hostname
$hostName = [System.Net.DNS]::GetHostbyAddress("IP Address").HostName
# Created to change the unquoted path for "A Service"
$info = Invoke-Command -ComputerName $hostName -ScriptBlock {
(Get-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\Service Name" -Name ImagePath).ImagePath
} -credential $Cred
if ($info -eq 'Z:\Path Name')
{
Write-Host "Service does not contain quotes adding them for Service"
Invoke-Command -ComputerName $hostName -ScriptBlock {
Set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\Service Name" -Name ImagePath -Value '"Z:\Path Name"'
} -credential $Cred
}
Subscribe to:
Posts (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
-
Recently I was doing some scanning with a tool that is available on github called masscan. The tool allows you to configure a configuration...