Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-27 19:16:08 -04:00
Code Issues Packages Projects Releases Wiki Activity
sec-pentesting-toolkit/useful/port_knocking/port_knocking3.py
Mari Wahl 9dc0d638a4 hacklu ctf
2014-10-27 08:51:29 -04:00

77 lines
1.3 KiB
Python
Raw Blame History

#!/usr/bin/python
from scapy.all import *
conf.verb = 0
base_URL = "10.13.37.23"
def get_flag_part(port):
command = ["curl", "-s" ,base_URL+str(port)+"/flag.txt"]
p = subprocess.Popen(command, stdout=subprocess.PIPE)
result = p.communicate()[0]
return result.strip()
ports = [39367, 39368]
save = []
ports = [21, 22, 23, 25, 53, 80, 110, 111, 135, 139, 143, 199, 443, 995, 587, 1025, 1720, 993, 1723, 3306, 3389, 5900, 8080, 8888]
# Knock twice on every port
for dport in ports:
print "[*] Knocking on " + base_URL + ": " + str(dport)
ip = IP(dst=base_URL)
SYN = ip/TCP(dport=dport, flags="S")
send(SYN);
SYN = ip/TCP(dport=dport, flags="S")
send(SYN);
"""
#flag = get_flag_part(dport)
#if "404" not in flag:
# save.append(flag)
if save:
print "Maybe?"
print flag
# METHOD 2
#print "[*] Scanning for open ports using nmap"
"""
subprocess.call("nmap -sS -sV -T4 -p 22-2048 " + base_URL, shell=True)
"""
import socket
host = "10.13.37.23"
startport = 0
endport = 32000
def knock(port):
s = socket.socket(socket.AF_NET, socket.SOCK_TEAM)
s.send(1024)
s.settimeout((0,0))
try:
s.connect((host, port))
s.recv(1024)
for port in range (startport, endport):
knock(host, port)
time.sleep(3)
"""
Reference in New Issue View Git Blame Copy Permalink