mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-04-28 11:36:08 -04:00
44 lines
1.1 KiB
Python
44 lines
1.1 KiB
Python
#!/usr/bin/python
|
|
|
|
|
|
from scapy.all import *
|
|
|
|
conf.verb = 0
|
|
base_URL = "10.13.37.23"
|
|
|
|
def get_flag_part(port):
|
|
command = ["curl", "-s" ,base_URL+str(port)+"/flag.txt"]
|
|
p = subprocess.Popen(command, stdout=subprocess.PIPE)
|
|
result = p.communicate()[0]
|
|
return result.strip()
|
|
|
|
|
|
# ports = [21, 22, 23, 25, 53, 80, 110, 111, 135, 139, 143, 199, 443, 995, 587, 1025, 1720, 993, 1723, 3306, 3389, 5900, 8080, 8888]
|
|
|
|
|
|
|
|
# METHOD 1
|
|
|
|
# Knock twice on every port
|
|
for dport in range(65535):
|
|
|
|
print "[*] Knocking on " + base_URL + ": " + str(dport)
|
|
ip = IP(dst=base_URL)
|
|
port = dport + 10
|
|
SYN = ip/TCP(sport=port, dport=dport, flags="S", window=14600, options=[('MSS',1460)], seq=0)
|
|
send(SYN);
|
|
port = dport + 100
|
|
SYN = ip/TCP(sport=port, dport=dport, flags="S", window=14600, options=[('MSS',1460)], seq=0)
|
|
send(SYN);
|
|
|
|
flag = get_flag_part(port)
|
|
if "404" not in flag:
|
|
print "************************Yaaaayyyyyyyy************************"
|
|
print flag
|
|
|
|
|
|
# METHOD 2
|
|
|
|
print "[*] Scanning for open ports using nmap"
|
|
subprocess.call("nmap -sS -sV -T4 -p 22-2048 " + base_URL, shell=True)
|