Exploit-DB updates

Thursday, October 27, 2011

Python Script for Monitoring a site to see whether it's up or down

Quick script I coded to save me time checking to see if a site was down, so I wrote this script to do it for me and to send me an alert using "libnotify-bin" if it happens to go down.

Two methods are available, Ping and HTTP Requests.

If I decide to add more methods, or add more sites to the HTTP request (to insure accuracy) than I'll post an update.. until then I hope you find this useful!

Source - http://pastebin.com/6Aemf2Y8

Monday, October 24, 2011

Python Script to Parse Files for MD5 Hashes

This script demonstrates basic usage of regular expressions in order to look for MD5's (AKA [0-9a-f]{32}) and write them to an output file.

Usage :

Python # python md5parser.py SomeFile.txt MD5list
File parsed ~ 6 hashes found.

Python # cat MD5list
aad3b435b51404eeaad3b435b51404ee
9a5760252b7455deaad3b435b51404ee
0d7f1f2bdeac6e574d6e18ca85fb58a7
9a5760252b7455deaad3b435b51404ee
0d7f1f2bdeac6e574d6e18ca85fb58a7
098f6bcd4621d373cade4e832627b4f6

Script: http://pastebin.com/PPnDs6AU

Python script to parse medusa logs and check if hosts are alive

As the title says, this is a script to parse medusa logs to in order to check if the host is alive, if it's been cracked then it will also display the password for the hosts service that specified when using medusa. Handy for parsing large medusa logs to see who's up.

Ex.

Python # sudo python check.py /root/medusa.log
Checking for live hosts.
220.XX3.1XX.20 is down...
83.XXX.1X9.246 is up!
Password:r00t3d
186.X2.X5.X is down...
190.XXX.37.XX4 is up!
Password:qwerty
79.1XX.XX9.166 is down...
216.XXX.1X9.106 is up!
Password:L4M3R
89.XXX.13X.39 is down...
136.XX9.XXX.106 is down...
31.44.137.109 is down...
15X.5X.70.X is down...
189.10X.175.X74 is down...
208.124.56.2X9 is down...
129.X3.1X2.1X5 is down... 
X8.4X.39.XXX is up!
Password:[SUCCESS] 
XXX.114.1X0.202 is down...
X2.91.XX.1 is up!
Password:123456
...
 
You can find the script below;

http://pastebin.com/QUUV39KU

Python script to look up all the sites hosted on given IP/URL

Here's a script you can use to find out all the domains hosted on the given IP/URL. Takes a command line argument as you can see in the code;

Python # python sharedhosts.py www.monsanto.in
33 sites hosted on IP Address 184.22.117.180
\_________________________________________/
/

http://www.outboards.cn
http://www.sieunhandienquang.com
http://www.medhelp.in
http://www.alibre.cn
http://www.doppelstock.net
http://www.sexhuflit.com
...

I cut the list down to save space, you can find the script below;

http://pastebin.com/BzypB63Q

Monday, October 17, 2011

Python script to parse syslog/audit.log for ssh activity.

I wrote this quick script to parse through my audit log for ssh login attempts and than decided to make it usable on my ubuntu-based box too. Below you can find the source code;

logmon.py


sshmon.py

http://pastebin.com/ehkm5syX

It's pretty strightforward, you run the logmon.py and type in ssh to run the sshmon module for your distro (Detects Ubuntu and Red Hat as of right now, you can easily tweak it to meet your needs). I made this for my own use so it's not perfect, and I plan on improving it and adding more modules to suit my needs. If I do than I'll post updates.

Find out which linux version you're running.

Here I will show you a few ways to find out which version of linux you're running, which may come in handy when writing scripts or something of that sort.

uname -a
cat /proc/version
dmesg | grep "Linux version"

You can also find out which distribution release it is like so;

cat /etc/*-release

Saturday, October 8, 2011

Making command alias's to shorten long commands.

I haven't posted in a while, but I wanted to make a quick post on how to make an alias for long commands to reduce your typing. 

For example, if I often had to perform MITM attacks during assessments/pentests than I may want to make an alias for the iptables rules. To do this I can create the following alias like so;

alias sslrule='iptables -t nat -A PREROUTING -p tcp --destination-port  80 -j REDIRECT --to-ports 10000'
alias rules='echo -e "\033[1;41;1mNAT Rules";iptables -t nat -L -nv;echo -e "\033[1;44;1mPlain Rules";iptables -L -nv;echo -e "\033[0m"'

Now instead of typing out that long rule you can just type sslrule, and to see the rules in a distinctive manner I can just type rules.

Now this isn't a permanent alias, if we want to make a permanent alias than we'll need to edit our .bashrc file and add the alias there. In my case it will be located in /root/.bashrc. From there you can just append the alias's of your choice below the existing ones and you'll now have a permanent alias to save you some typing (and carpal tunnel).