Python and Shell Commands (Popen) example

Well I've recently moved back to python after learning PHP/MySQL for a while, so as I learned I coded a small program to issue remote commands. It essentially opens a given socket and waits for a connection, when a connection is established it prompts the user for validation. If validation is successful it passes a shell (limited to /bin tools) which you can use to issue remote commands. It also adds an iptables firewall rule to accept all packets on the port you specified which it then deletes when you exit the shell. All activity is logged to Logfile.log, including failed login attempts and their IP.

Things you can learn from this script: 

User Validation using the hashlib and a sha512'd password 

Command line arguments
Popen shell commands 

Reading/Writing Files

Basic sockets 

I wrote another small script to connect to the host, but in the end I decided to just use netcat instead. Example usage;

Host:

~$ python recon.py 1984

Client:

~$ nc -vv 19.84.20.11 1984

Script - http://pastebin.com/Mx600RA8

Getting started with iptables

Okay so I have probably talked about iptables before, and used it in previous tutorials, but now I've decided to talk about it in particular. iptables is extremely useful and powerful if configured properly. We'll start off with a very basic rule, allowing all traffic to and from telnet.

iptables -A INPUT -p tcp --destination-port 23 -j ACCEPT

Now we should be allowing all connections on port 23 (telnet).

We can view the rules we have like so;

iptables -L

If we had wanted to list the table with numeric values instead, use the (-n) flag. In addition, we can specify what rules we want to list (INPUT, OUTPUT, etc) and increase the verbosity to see the packet and byte statistics.

iptables -L INPUT -n -v

Now, that's nice and all but I'd like to filter out SSH on this laptop to drop any packets coming from IP's other than mine. In order to do this, I would issue the following command.

iptables -A INPUT -p tcp --dport 22 ! -s 19.84.20.11 -j DROP

Now any packets coming from a source ip other than the one I specified will be dropped for ssh. This applies to blacklisting IP's, which can easily be circumvented with proxies like TOR though. But if we had wanted to accept all packets except a specific IP, than we can issue the same command with (-j ACCEPT) rather than dropping it.

iptables -A INPUT -p tcp --dport 22 ! -s 19.84.20.11 -j ACCEPT

Now everyone but my home network can ssh into this box.

If we wanted to "flush" our chain, we can issue the following command;

iptables -F

That will have removed all the rules in the chain.

Another nice feature of iptables is the ability to redirect traffic to another port, so for example if we issued the following command than we would be redirecting the unwanted traffic from SSH to our honeypot's port.

iptables -t nat -A PREROUTING -p tcp --dport 22 ! -s 19.84.20.11 -j REDIRECT --to-port 1984

Now, nat rules are located in a separate are than you average rules. If we wanted to view these rules than we would need to explicitly specify that it's the nat rules we want to see or modify. For example, to view the rules and then flush them we would issue the following;

iptables -t nat -L -nv

iptables -t nat -F

That about wraps it up for my "how to" on getting started with iptables. Hope this helps someone else out there.

Simple PHP Toolkit

Well I've been learning PHP/MySQL lately so while learning I decided to make something of use (well... kind of). But I've decided to move to python for my web development, so I decided to just post what I've coded so far for others to play with and learn from. If uses a MySQL DBase to login, which you can set up using that queries in my previous post on the hash cracker.

What it has;

Malware String Detector (looks through files for specific strings, which you can specify - I used it for looking through keyloggers for email credentials)

Basic Port Scanner

MD5 Hash Generator/Cracker

Below you can find the tar'd files.

PHP Scripts - http://www.mediafire.com/?g1iwudpkic5vip4
Images - http://www.mediafire.com/?7v2q2r469dn6mie

Windows Command Line/Console Alternative

Well I'm a linux guy, therefore I've come to love the CLI...which is unfortunately lacking on windows. I've had a stock windows starter install on this netbook I've been dual booting with and decided to play more with windows and do some malware analysis. I can't stand dealing with microsofts CLI, so I decided to look for an alternative... and I found exactly what I was looking for. "Console" is a Windows console window enhancement.

Console features include: multiple tabs, text editor-like text selection, different background types, alpha and color-key transparency, configurable font, different window style. 

This is a very nice addition for anyone who loves the CLI, and it really helps in customizing windows to suite me which makes for a more pleasant experience.

You can find the download here, on sourceforge.

http://sourceforge.net/projects/console/

Basic PHP Hash Cracker (Updated)

Well I've previously posted the basic hash cracker I had coded in PHP, but it seems the links had died and since I've added MySQL Database functionality I decided I would just make an updated post with both of them and their sources.

To download the original one which doesn't use a SQL DBase and works on free hosting, use this version.

To download the latest version which stores cracked hashes and hashed words in a DBase which it then utilizes when cracking hashes by trying all the plaintext words in the DBase against the hash. You can download that version here.

To setup the MySQL Database, open up your MySQL shell and issue the following sql queries. (If you need help to get started with setting up a web server / using the MySQL shell than check out this post)

~$ mysql -u root -p

mysql> create database HashCracker;

mysql> create table HashCracker.users(UID int not null auto_increment,User varchar(50),Pass varchar(42),primary key(UID));

mysql> create table HashCracker.Hashes(HID int not null auto_increment,String varchar(50),Hash varchar(32),primary key(HID));

mysql> insert into HashCracker.users(User,Pass) values('Username',sha1('Password'));

Now your MySQL DBase should be all setup and ready for use. Just extract the contents of the tar into your /var/www directory (or whatever your webroot directory is) and log in with the credentials you specified in the query above. If you have any comments feel free to leave them.

Monitor Turns Off After A Few Seconds (FIX)

Well I had this old flat panel radius lying around just taking up room which I thought was broken, but I had given someone an old system including an old monitor from the 90's which I decided wasn't sufficient. I had decided to pull it out and take it apart to see what exactly was wrong as it would turn on and show the desktop for a brief second and then go black. I'm not much of a hardware guy, but lately I've been playing around with things salvaged from my former job. I fixed a brand new 7-in-1 Kodak printer/everything else you can imagine, which they tossed out because they thought it was broken. I also grabbed all the flat panels they were tossing out, and this radius was one of them. After doing some reading I realized this was a good sign the capacitors are dying, and the (temporary) fix didn't require any soldering. I was able to use it by simply turning the brightness down with the few seconds I had to navigate the menu with, then once I turned the monitor on again it had enough energy to stay on, at some point I may have to replace them, but I'm sure I have something lying around I can salvage some from.

Also using a higher power supply pack made it usable regardless of brightness or contrast, but switching out the compacitor will eventually need to be done I expect.