Tuesday, October 20, 2015

Powershell - Send Email through GMail SMTP Server

I came across an instance where I had to send an email through Powershell.  This is the powershell script that I came up with and tested.

function sendMyEmail ($fromAddress, $toAddress, $subject, $body, $password)
{
    # The sendEmail function is setup to use a GMail STMP Server with a valid account    
    $SMTPServer = "smtp.gmail.com"
    $SMTPClient = New-Object System.Net.Mail.SmtpClient
    $SMTPClient.Host = 'smtp.gmail.com'
    $SMTPClient.Port = 587
    $SMTPClient.EnableSsl = $true
    $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($fromAddress, $password);
    $SMTPClient.Send($fromAddress, $toAddress, $subject, $body)
}

function gatherInfo {

}

#Main 
$smtpInfo = New-Object PSObject -Property @{
    fromAddress = $null
    toAddress = $null
    subject = $null
    body = $null
    password = $null
}
$smtpInfo.fromAddress = "myemail@gmail.com"
$smtpInfo.toAddress = "mystuff@scriptkitty.work"
$smtpInfo.subject = "Awesome Email"
$smtpInfo.body = "Email is Awesome"
$smtpInfo.password = "xxxxxxxxxxxxx"
gatherInfo
sendMyEmail -fromAddress $smtpInfo.fromAddress -toAddress $smtpInfo.toAddress -subject $smtpInfo.subject -body $smtpInfo.body -password $smtpInfo.password

nmap - Storing nmap Scan Information 1 File at a Time

The other day I was faced with a challenge where I needed to store each nmap scan as its own file. I created this quick python script to assist with doing this.


#!/usr/bin/python

import sys
import os
import re

scanFile = 'scan.list'

def selectScan(nList, dList, sIP, eIP):
 file = open('scan.list', 'r')
 for line in file:
  if '#' not in line:
   theList = line.split(',')
   nList.append(theList[0])
   dList.append(theList[1])
   sIP.append(theList[2])
   eIP.append(theList[3].strip()) 
 file.close()
 print
 print "Select which scan you would like to perform:"
 print
 for i in range(0, len(nList)):
  print str(i+1) + ". Scan: " + nList[i] + ", Save to Directory: " + dList[i] + ", Start IP: " + sIP[i] + ", End IP: " + eIP[i]
 print
 scanSelect = raw_input('Select: ') 
 try:
  scanSelect = int(scanSelect)
  scanSelect = scanSelect - 1
 except:
  scanSelect = 9999
 return scanSelect

def ipRangeScan(nList, dList, sIP, eIP):
 dList = dList.strip(' ')
 sIP = sIP.strip(' ')
 eIP = eIP.strip(' ')
 # nmap -sP 172.16.2.1-31 -oN test/test.subnet
 print
 print "Checking to see if the directory exists that we are saving the results to..."
 if not os.path.exists(dList):
  os.mkdir(dList)
 # This only works if the scan encompasses a /24 to a /31 subnet range...  Any subnet larger that a /24 will not work 
 ipScanRange = sIP + '-' + eIP.split('.')[3]
 saveFile = dList + "/" + dList + ".range"
 print "Executing 'nmap -sP " + ipScanRange + " -oN " + saveFile
 execCommand = "nmap -sP " + ipScanRange + " -oN " + saveFile
 c = os.system(execCommand)

def individualIPScan(nList, dList, sIP, eIP):
 dList = dList.strip(' ')
 sIP = sIP.strip(' ')
 eIP = eIP.strip(' ')
 ipList = []
 # nmap -sS -sV -O 172.16.2.1 -oN test/172_16_2_1.nmap
 print
 print "Checking to see if the directory exists that we are saving the results to..."
 if not os.path.exists(dList):
  os.mkdir(dList)
 saveFile = dList + "/" + dList + ".range"
 f = open(saveFile, 'r')
 pattern = re.compile('^.*for\s[0-9]+(?:\.[0-9]+){3}(?:.*$|$)')
 for line in f:
  if pattern.match(line.strip()):
   ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', line)
   ipList = ipList + ip
 f.close() 
 ipStartRange = int(sIP.split('.')[3])
 ipEndRange = int(eIP.split('.')[3]) + 1     # If you do not add 1 it does not catch the last IP in the range
 for j in range(ipStartRange, ipEndRange):
  currentIP = sIP.split('.')[0] + "." + sIP.split('.')[1] + "." + sIP.split('.')[2] + "." + str(j)
  # Only scan the IP Addresses that were found through the previous scan...
  if currentIP in ipList:
   saveFile = dList + "/" + currentIP.replace('.','_') + ".nmap"
   print "Executing 'nmap -sS -sV -O " + currentIP + " -oN " + saveFile + "'"
   execCommand = "nmap -sS -sV -O " + currentIP + " -oN " + saveFile
   c = os.system(execCommand)
 

def main():
 while True:
  selection = 0
  nameList = []
  dirList = []
  startIP = []
  endIP = []
  selection = selectScan(nameList, dirList, startIP, endIP)
  if ((selection < 9999) and (selection <= (len(nameList)-1))):
   print "You selected to perform the following scan: " + nameList[selection]
   continueScan = raw_input('Run the above selected scan? (y/n): ')
   if (continueScan == 'y' or continueScan == 'Y'):
    ipRangeScan(nameList[selection], dirList[selection], startIP[selection], endIP[selection])
    individualIPScan(nameList[selection], dirList[selection], startIP[selection], endIP[selection])
   else:
    print "Error: The scan was aborted"
    print
  else:
   print "Error: The selection of the scan was incorrect"
   print


if __name__ == "__main__":
    main()



It parses a file like the following to cycle through a variety of scans that you can stage.  To comment out a line in the scan.list file just place a # in the front of the line.  I have not tested this but I believe you can not have spaces in the save to directory.




#Name of Scan, Save to Directory, Start IP Address, End IP Address
Test1, test1, 172.16.2.1, 172.16.2.31
Test2, test2, 172.16.2.32, 172.16.2.63



Prepare, Bait, Hook, Execute and Control - Buffer Overflows

This post is the third of four that I am planning to write about social engineering specifically about phishing.  The form of phishing that...