'Hello_World!/애플추가_파이썬'에 해당되는 글 11건

  1. 2011.12.22 Python threads - a first example by bitfox
  2. 2011.11.30 파이썬 로그인 세션유지 by bitfox
  3. 2011.11.30 KillApachePy by bitfox
  4. 2011.10.05 파이썬 v2.7.2 - email: Examples by bitfox
  5. 2011.10.05 Python - Sending Email using SMTP by bitfox
  6. 2011.10.05 Gmail의 SMTP를 이용한 메일 발송 by bitfox
  7. 2011.09.01 Web Shell Detection Using NeoPI by bitfox
  8. 2011.09.01 [md5 cracker] icrack by bitfox
  9. 2011.08.08 [자작쉘] http URL 긁어오기 by bitfox
  10. 2011.08.08 [자작쉘]특정 디렉터리 찾기 by bitfox
[참조] http://www.wellho.net/solutions/python-python-threads-a-first-example.html

Python threads - a first example

If you have a process that you want to do several things at the same time, threads may be the answer for you. They let you set up a series of processes (or sub-processes) each of which can be run independently, but which can be brought back together later and/or co-ordinated as they run.

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

파이썬 로그인 세션유지  (0) 2011.11.30
KillApachePy  (0) 2011.11.30
파이썬 v2.7.2 - email: Examples  (0) 2011.10.05
Python - Sending Email using SMTP  (0) 2011.10.05
Gmail의 SMTP를 이용한 메일 발송  (0) 2011.10.05
Posted by bitfox
l

If you want to keep the authentication you need to reuse the cookie. I'm not sure if urllib2 is available in python 2.3.4 but here is an example on how to do it:

req1 = urllib2.Request(url1) 
response
= urllib2.urlopen(req1) 
cookie
= response.headers.get('Set-Cookie') 
 
# Use the cookie is subsequent requests 
req2
= urllib2.Request(url2) 
req2
.add_header('cookie', cookie) 
response
= urllib2.urlopen(req2) 

 

-------------------------------------------------------------------------

If this is cookie based authentication use HTTPCookieProcessor:

import cookielib, urllib2 
cj
= cookielib.CookieJar() 
opener
= urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) 
r
= opener.open("http://example.com/") 

If this is HTTP authentication use basic or digest AuthHandler:

import urllib2 
# Create an OpenerDirector with support for Basic HTTP Authentication... 
auth_handler
= urllib2.HTTPBasicAuthHandler() 
auth_handler
.add_password(realm='PDQ Application', 
                          uri
='https://mahler:8092/site-updates.py', 
                          user
='klem', 
                          passwd
='kadidd!ehopper') 
opener
= urllib2.build_opener(auth_handler) 
# ...and install it globally so it can be used with urlopen. 
urllib2
.install_opener(opener) 
urllib2
.urlopen('http://www.example.com/login.html') 

... and use same opener for every request.



[출처] http://stackoverflow.com/questions/923296/keeping-a-session-in-python-while-making-http-requests

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Python threads - a first example  (0) 2011.12.22
KillApachePy  (0) 2011.11.30
파이썬 v2.7.2 - email: Examples  (0) 2011.10.05
Python - Sending Email using SMTP  (0) 2011.10.05
Gmail의 SMTP를 이용한 메일 발송  (0) 2011.10.05
Posted by bitfox
l

CVE-2011-3192 취약점을 이용한 아파치 서버를 멈추게 하는 툴이 파이썬 버젼으로 나왔습니다. 아주 간단한 명령어 한줄로 아파치 서버를 멈추게 할 수 있으니 패치바랍니다.


펄 버젼은 예전에 갖고 있었는데 공개하기가 참....그렇습니다. 파이썬 또한 그러네요..접..


취약점 간단 요약..
-----------------------------------------------------------------
Title:       Range header DoS vulnerability Apache HTTPD prior to 2.2.20.

CVE:         CVE-2011-3192
Last Change: 20110831 1800Z
Date:        20110824 1600Z
Product:     Apache HTTPD Web Server
Versions:    Apache 2.0 - all versions prior to 2.2.20 and prior to 2.0.65
             Apache 1.3 is NOT vulnerable.
-----------------------------------------------------------------



패치 방법 아래 링크 참조
http://httpd.apache.org/security/CVE-2011-3192.txt


[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.


Posted by bitfox
l

Here are a few examples of how to use the email package to read, write, and send simple email messages, as well as more complex MIME messages.


[출처] http://docs.python.org/library/email-examples.html

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

파이썬 로그인 세션유지  (0) 2011.11.30
KillApachePy  (0) 2011.11.30
Python - Sending Email using SMTP  (0) 2011.10.05
Gmail의 SMTP를 이용한 메일 발송  (0) 2011.10.05
Web Shell Detection Using NeoPI  (0) 2011.09.01
Posted by bitfox
l

Simple Mail Transfer Protocol (SMTP) is a protocol which handles sending e-mail and routing e-mail between mail servers.




[출처] http://www.tutorialspoint.com/python/python_sending_email.htm

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

KillApachePy  (0) 2011.11.30
파이썬 v2.7.2 - email: Examples  (0) 2011.10.05
Gmail의 SMTP를 이용한 메일 발송  (0) 2011.10.05
Web Shell Detection Using NeoPI  (0) 2011.09.01
[md5 cracker] icrack  (0) 2011.09.01
Posted by bitfox
l
#!/usr/bin/env python
# Gmail SMTP script by joon
# Snippets from the following codes were used:
# http://www.go4expert.com/forums/showthread.php?t=7567
# http://docs.python.org/library/email-examples.html?highlight=sendmail
# http://djkaos.wordpress.com/2009/04/08/python-gmail-smtp-send-email-script/
import smtplib
from email.mime.text import MIMEText
sender = 'sender@gmail.com'
recipients = 'toEmailAddress'
msg = MIMEText('Email Contents')
msg['Subject'] = 'Email Subject'
msg['From'] = sender
msg['To'] = recipients
smtpserver = 'smtp.gmail.com'
smtpuser = 'ID' # set SMTP username here
smtppass = 'Password' # set SMTP password here
session = smtplib.SMTP("smtp.gmail.com", 587)
session.ehlo()
session.starttls()
session.ehlo()
session.login(smtpuser, smtppass)
smtpresult = session.sendmail(sender, [recipients], msg.as_string())
if smtpresult:
  errstr = ""
  for recip in smtpresult.keys():
      errstr = """Could not delivery mail to: %s
Server said: %s
%s
%s""" % (recip, smtpresult[recip][0], smtpresult[recip][1], errstr)
  raise smtplib.SMTPException, errstr
session.close()
[출처] https://gist.github.com/840116#file_gmailsmtp.py



[주의] 본 자료는 연구용 및 학습자료로 사용하길 바라며, 악의적인 사용시 
사용자 본인에게 책임이 있음을 명시합니다.



'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

파이썬 v2.7.2 - email: Examples  (0) 2011.10.05
Python - Sending Email using SMTP  (0) 2011.10.05
Web Shell Detection Using NeoPI  (0) 2011.09.01
[md5 cracker] icrack  (0) 2011.09.01
[자작쉘] http URL 긁어오기  (0) 2011.08.08
Posted by bitfox
l
[출처] https://github.com/Neohapsis/NeoPI

웹쉘 탐지 기능이 있는 파이썬이다. 환경은 리눅스와 윈도우에서 사용가능하며 파이썬 2.6 이상 버젼이어야 한다. 파이썬은 버젼에 따라 큰 변동이 있으므로 잘 확인해야 한다.

각설하고 기능은 크게 기대하지 말자. 없는 것보다는 좋겠지만 누락되는게 있다. 시간날 때 좀 수정하자

<NeoPI Manual>




<실제 테스트>


실제 3개의 웹 쉘을 갖고 있었으나 2가지 웹 쉘만 탐지되었다. ^^;
좀 더 좋아지길 기대하며.. 썬이 홧팅!


Posted by bitfox
l

Online/ofline md5 cracker
Currently containes about 14 db for online cracking

here are two snips from the source code:

128   def bigtrapeze():
129     site = 'http://www.bigtrapeze.com/'
130     rest = 'md5/index.php?query=%s' %passwd
131     req = urllib2.Request(site+rest)
132     req.add_header('User-Agent', 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.2)\
133     Gecko/20100316 AskTbSPC2/3.9.1.14019 Firefox/3.6.2')
134     opener = urllib2.build_opener()
135     data = opener.open(req).read()
136     match = re.search('(=> <strong>)(\w+.\w+)', data)
137     if match: print '[-] site: %s\t\t\tPassword: %s' %(site, match.group(2))
138     else: print '[-] site: %s\t\t\tPassword: Not found' %site
139   bigtrapeze()
211     def offline():
212       print '[+] This opertaion will take some time, be patient ...'
213       dictionary = sys.argv[3]
214       dic = {}
215       shooter = 0
216       try:
217         f = open(dictionary, 'rb')
218         for line in f:
219           line = line.rstrip()
220           dic[line] = hashlib.md5(line).hexdigest()
221         for k in dic.keys():
222           if passwd in dic[k]:
223             print '\n[-] Hash:', dic[k], '   \t\t\t', 'Data:', k
224             shooter += 1
225         if shooter == 0:  print "\n[*]Password not found in [%s] try the online cracker\n" % dictionary
226         f.close()
227       except IOError: print '\n[*] Erorr: %s doesn\'t exsit \n' % dictionary
228     offline()

Tow shots for using both the flags in cracking:



to download it in plain text:

icrack.py download

[원문] : http://lnxg33k.wordpress.com/2011/03/05/scripts-md5-hash-cracker-online-offline/
====================================
[필자 테스트]

Very good Job~ :D

Posted by bitfox
l

#http://docs.python.org/howto/regex.html
#해당 서비스 URL을 긁어와야 하는데 넘 귀찮아 우리 파썬이를 이용해봤다.
#매우 단순~ 코드.. 하지만 모르면 어렵다는거 =ㅅ=;
import re, time
import httplib, string

print "====================="
f=open("url.html",'r')
line=f.readline()
print "Scan URL! ==========="
for line in f:
 ad = re.findall('http.*?\'',line)
 if ad:
  print "Success is  %s" %ad
  e = open("Url_list.txt", 'a')
  data = str(ad) + '\n'
  e.write(data)
  e.close()
 else:
  print "URL is not found"
# time.sleep(0.5)

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Gmail의 SMTP를 이용한 메일 발송  (0) 2011.10.05
Web Shell Detection Using NeoPI  (0) 2011.09.01
[md5 cracker] icrack  (0) 2011.09.01
[자작쉘]특정 디렉터리 찾기  (0) 2011.08.08
파이썬으로 통신하기  (0) 2010.10.27
Posted by bitfox
l

# 3시간만에 삽질과 오류잡고.. 성공 -ㅅ-;
# 일반적으로 진단 스캐너 보다 직접 구현하는게 더 정밀하고 안전하다.
# 하지만 귀찮고 시간이 걸린다는게.. 현실 +ㅁ+
import re, time
import httplib, string

print "====================="
f=open("url.txt",'r')
line=f.readline()
params = ''
print "Scan Type [원하는 디렉토리]"
for line in f:
                headers = {"Accept-Encoding": "gzip, deflate","Cookie": "PHPSESSID=e22d82112ba35e1d8f1f2f5d03b345ee"}
                url1 = string.replace(line, '\n', '')
                try:
                                conn = httplib.HTTPConnection("%s:80" %url1)
                                conn.request("GET", "/원하는 디렉토리/",params,headers)
                                response = conn.getresponse()
                                data = response.read()
                                data2 = response.status
                                data3 = url1 + ' ' + str(data2) + ' ' + "Success" + '\n'
                                data4 = url1 + '\n'
                                ad = re.findall("관리자페이지", data)
                                if ad:
                                                print "Success is  %s" %url1
                                                e = open("Type1_Success_main.txt", 'a')
                                                e.write(data3)
                                                e.close()
                                else:
                                                print "Error is %s" %url1
                                                s = open("Error.txt", 'a')
                                                s.write(data4)
                                                s.close()
                               
                except Exception, E:
                        print "Status: 500 Unexpected Error"
                        print "Content-Type: text/plain"
                        print "url: ", url1
                        print "Some unexpected error occurred. Error text was:", E
                       
#                time.sleep(2)
                conn.close()

f2=open("Error.txt",'r')
print "====================="
print "Scan Type 2[원하는 디렉토리2]"
line2=f2.readline()
params2 = ''
for line2 in f2:
                headers = {"Accept-Encoding": "gzip, deflate","Cookie": "PHPSESSID=e22d82112ba35e1d8f1f2f5d03b345ee"}
                url3 = string.replace(line2, '\n', '')
                try:
                        conn2 = httplib.HTTPConnection("%s:80" %url3)
                        conn2.request("GET", "/원하는 디렉토리2/",params2,headers)
                        response2 = conn2.getresponse()
                        data10 = response2.read()
                        data12 = response2.status
                        data13 = url3 + ' ' + str(data12) + ' ' + "Success" + '\n'
                        data14 = url3 + ' ' + str(data12) + ' ' + "Error" + '\n'
                        ad = re.findall("접근권한", data10)
                        if ad:
                                print "Success is  %s" %url3
                                e = open("Type2_Success_mainbody.txt", 'a')
                                e.write(data13)
                                e.close()
                        else:
                                print "Error is %s" %url3
                                s = open("Error2.txt", 'a')
                                s.write(data14)
                                s.close()
                except Exception, E:
                        print "Status: 500 Unexpected Error"
                        print "Content-Type: text/plain"
                        print "url: ", url1
                        print "Some unexpected error occurred. Error text was:", E
#                time.sleep(2)
                conn2.close()

 

'Hello_World! > 애플추가_파이썬' 카테고리의 다른 글

Gmail의 SMTP를 이용한 메일 발송  (0) 2011.10.05
Web Shell Detection Using NeoPI  (0) 2011.09.01
[md5 cracker] icrack  (0) 2011.09.01
[자작쉘] http URL 긁어오기  (0) 2011.08.08
파이썬으로 통신하기  (0) 2010.10.27
Posted by bitfox
l