Wednesday, February 6, 2019

sloppy python script searching php webshells in opendir

from urllib.request import urlopen
from urllib.request import urlretrieve
import re
import sys
import os
filepath = 'urls.txt'
with open(filepath) as fp:
 theurl = fp.readline()
 while theurl:
  if(not theurl.startswith('http')):
   if(":443" in theurl):
    theurl = 'https://' + theurl.strip()
   else:
    theurl = 'http://' + theurl.strip()
  theurl = theurl.strip()
  if(theurl.endswith("/") or theurl.endswith("\\")):
   theurl = theurl[:-1]
  stopnow = 0
  while stopnow == 0:
   try:
    domain = theurl.split("//")[-1].split("/")[0]
    currentfolder = theurl.split("/")[-1]
    html = urlopen(theurl, timeout=3)
    val = html.read()
    titles = re.findall(r'(?i)<title>(.*?)</title>',str(val))
    if len(titles) > 0:
     if titles[0].startswith('Index of'):
      print("-OPENDIR-," + titles[0] + "," + theurl)
      zipfiles = re.findall(r'(?i)href\=\"[^\"]+\.php\"\>',str(val))
      if len(zipfiles) > 0:
       for zipfile in zipfiles:
        zipfile = zipfile.replace('\"', '').replace('href=', '').replace('>','').replace("&amp;", "&")
        if theurl.endswith('/'):
         phishkit = theurl + zipfile
        else:
         phishkit = theurl + "/" + zipfile
        print("**FILE**," + phishkit)
      zipfiles = re.findall(r'(?i)href\=\"[^\"]+\.txt\"\>',str(val))
      if len(zipfiles) > 0:
       for zipfile in zipfiles:
        zipfile = zipfile.replace('\"', '').replace('href=', '').replace('>','').replace("&amp;", "&")
        if theurl.endswith('/'):
         phishkit = theurl + zipfile
        else:
         phishkit = theurl + "/" + zipfile
        print("**FILE**," + phishkit)
      zipfiles = re.findall(r'(?i)href\=\"[^\"]+\.zip\"\>',str(val))
      if len(zipfiles) > 0:
       for zipfile in zipfiles:
        zipfile = zipfile.replace('\"', '').replace('href=', '').replace('>','').replace("&amp;", "&")
        if theurl.endswith('/'):
         phishkit = theurl + zipfile
        else:
         phishkit = theurl + "/" + zipfile
        print("**FILE**," + phishkit)
      zipfiles = re.findall(r'(?i)href\=\"[^\"]+\.log\"\>',str(val))
      if len(zipfiles) > 0:
       for zipfile in zipfiles:
        zipfile = zipfile.replace('\"', '').replace('href=', '').replace('>','').replace("&amp;", "&")
        if theurl.endswith('/'):
         phishkit = theurl + zipfile
        else:
         phishkit = theurl + "/" + zipfile
        print("**FILE**," + phishkit)
     else:
      print("-PAGE-," + titles[0] + "," + theurl)
    theurl = re.sub(r'\/[^\/]*$', '', theurl)
    if theurl.endswith('http:/') or theurl.endswith('https:/'):
     stopnow = 1
   except Exception as e:
    if "no host given" in str(e):
     stopnow = 1
    else:
     print("-FAILED-," + str(e) + "," + theurl)
     theurl = re.sub(r'\/[^\/]*$', '', theurl)
  theurl = fp.readline()

Posted by at No comments:

Monday, February 4, 2019

Kali Linux New Install has No Internet NAT

If you have no internet access on a new install of Kali Linux

root@kali:~# ping www.google.com
ping: www.google.com: Name or service not known
root@kali:~# ping 8.8.8.8
connect: Network is unreachable

and ifconfig has no ip address

root@kali:~# ifconfig -a
eth0: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 00:0c:29:3c:6b:02  txqueuelen 1000  (Ethernet)
  

my fix was to run 

root@kali:~# dhclient eth0

And now I have an ip address

root@kali:~# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 199.188.229.135  netmask 255.255.255.0  broadcast 192.168.229.255

and i can hit google

root@kali:~# ping www.google.com
PING www.google.com (172.217.6.100) 56(84) bytes of data
Posted by at No comments:
Labels: , ,

Test Credential Spraying in Kali

msfconsole

use auxillary/smb/smb_login

set SMBDomain
set SMBUser
set SMBPass
set RHOSTS      <== cidr is an option
set USER_FILE   <== optional list of users
set USERPASS_FILE <== optional list of passwords

run

example usages


setting SMBPass = Summer2017 and trying a bunch of user ids

Posted by at No comments:
Labels: , ,

Windows RDP Remote Desktop from Kali

~# rdesktop SERVER -d DOMAIN -u USER -p PASSWORD
Posted by at No comments:
Labels: , , ,

Hyrda Seg Faults

Trying to red team test and Hydra is segmentation faulting on a list of IP addresses I'm feeding it

~# hydra -l xxx -p xxx -M ips.txt -t 4 ssh
     Segmentation Fault

I tried apt-get remove and apt-get install but it still does the same thing.

So as a temporary sequential work-around I wrote a python script that calls it 1 record at a time and that worked

import fileinput
import subprocess
for line in fileinput.input("ips.txt"):
 x = "hydra " + line.strip() + " -l xxx -p xxx -t 4 ssh
 print(x)
 subprocess.run(x, shell=True)

Posted by at No comments:
Labels:

Friday, February 1, 2019

Kali Hydra ssh to Cisco timing out

In Kali , I was trying to use Hydra to ssh to a Cisco device but it kept failing/timing out

root@kali:~# hydra -l Account -p Password 10.10.10.10 ssh

The fix was to install libssh-dev

root@kali:~# apt-get install libssh-dev

 Then hyrda worked

Posted by at No comments:
Labels: , ,

Kali apt-get fail (404 not found), apt-get update fail (not valid yet), Fix=old date


In Kali I was trying to install packages but kept getting this error

root@kali:~# apt-get install libssh-dev
Reading package lists... Done
Building dependency tree     
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libgnutls-dane0 libunbound2
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  libssh-4 zlib1g-dev
Suggested packages:
  libssh-doc
The following NEW packages will be installed:
  libssh-dev zlib1g-dev
The following packages will be upgraded:
  libssh-4
1 upgraded, 2 newly installed, 0 to remove and 1472 not upgraded.
Need to get 435 kB/649 kB of archives.
After this operation, 1,651 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Err:1 http://http.kali.org/kali kali-rolling/main amd64 libssh-4 amd64 0.8.5-1
  404  Not Found [IP: 192.99.200.113 80]
Err:2 http://http.kali.org/kali kali-rolling/main amd64 libssh-dev amd64 0.8.5-1
  404  Not Found [IP: 192.99.200.113 80]
E: Failed to fetch http://http.kali.org/kali/pool/main/libs/libssh/libssh-4_0.8.5-1_amd64.deb  404  Not Found [IP: 192.99.200.113 80]
E: Failed to fetch http://http.kali.org/kali/pool/main/libs/libssh/libssh-dev_0.8.5-1_amd64.deb  404  Not Found [IP: 192.99.200.113 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

When I tried the update I got this error

root@kali:~# apt-get update
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Reading package lists... Done     
E: Release file for http://http.kali.org/kali/dists/kali-rolling/InRelease is not valid yet (invalid for another 41d 16h 53min 30s). Updates for this repository will not be applied.

When I ran date I realized is was many days behind

root@kali:~# date

The fix was to install ntpdate and run it

root@kali:~# apt-get install ntpdate
root@kali:~# ntpdate in.pool.ntp.org

Now my date was correct

root@kali:~# date

And now my installs worked

root@kali:~# apt-get install libssh-dev
Posted by at 2 comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)