Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor Read Free Book Online Page A
Authors: TJ O'Connor
tgtIP
setdefaulttimeout(1)
for tgtPort in tgtPorts:
print ‘Scanning port ’ + tgtPort
connScan(tgtHost, int(tgtPort))
Application Banner Grabbing
In order to grab the application banner from our target host, we must first insert additional code into the connScan function. After discovering an open port, we send a string of data to the port and wait for the response. Gathering this response might give us an indication of the application running on the target host and port.
import optparse
import socket
from socket import ∗
def connScan(tgtHost, tgtPort):
try:
connSkt = socket(AF_INET, SOCK_STREAM)
connSkt.connect((tgtHost, tgtPort))
connSkt.send(‘ViolentPython\r\n’)
results = connSkt.recv(100)
print ‘[+]%d/tcp open’% tgtPort
print ‘[+] ’ + str(results)
connSkt.close()
except:
print ‘[-]%d/tcp closed’% tgtPort
def portScan(tgtHost, tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
print “[-] Cannot resolve ‘%s’: Unknown host” %tgtHost
return
try:
tgtName = gethostbyaddr(tgtIP)
print ‘\n[+] Scan Results for: ’ + tgtName[0]
except:
print ‘\n[+] Scan Results for: ’ + tgtIP
setdefaulttimeout(1)
for tgtPort in tgtPorts:
print ‘Scanning port ’ + tgtPort
connScan(tgtHost, int(tgtPort))
def main():
parser = optparse.OptionParser(“usage%prog ”+\
“-H -p ”)
parser.add_option(‘-H’, dest=‘tgtHost’, type=‘string’, \
help=‘specify target host’)
parser.add_option(‘-p’, dest=‘tgtPort’, type=‘string’, \
help=‘specify target port[s] separated by comma’)
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(‘, ’)
if (tgtHost == None) | (tgtPorts[0] == None):
print ‘[-] You must specify a target host and port[s].’
exit(0)
portScan(tgtHost, tgtPorts)
if __name__ == ‘__main__’:
main()
For example, scanning a host with a FreeFloat FTP Server installed might reveal the following information in the banner grab:
attacker$ python portscanner.py -H 192.168.1.37 -p 21, 22, 80
[+] Scan Results for: 192.168.1.37
Scanning port 21
[+] 21/tcp open
[+] 220 FreeFloat Ftp Server (Version 1.00).
In knowing that the server runs FreeFloat FTP (Version 1.00) this will prove to be useful for targeting our application as seen later.
Threading the Scan
Depending on the timeout variable for a socket, a scan of each socket can take several seconds. While this appears trivial, it quickly adds up if we are scanning multiple hosts or ports. Ideally, we would like to scan sockets simultaneously as opposed to sequentially. Enter Python threading. Threading provides a way to perform these kinds of executions simultaneously. To utilize this in our scan, we will modify the iteration loop in our portScan() function. Notice how we call the connScan function as a thread. Each thread created in the iteration will now appear to execute at the same time.
for tgtPort in tgtPorts:
t = Thread(target=connScan, args=(tgtHost, int(tgtPort)))
t.start()
While this provides us with a significant advantage in speed, it does present one disadvantage. Our function connScan() prints an output to the screen. If multiple threads print an output at the same time, it could appear garbled and out of order. In order to allow a function to have complete control of the screen, we will use a semaphore. A simple semaphore provides us a lock to prevent other threads from proceeding. Notice that prior to printing an output, we grabbed a hold of the lock using screenLock.acquire(). If open, the semaphore will grant us access to proceed and we will print to the screen. If locked, we will have to wait until the thread holding the semaphore
setdefaulttimeout(1)
for tgtPort in tgtPorts:
print ‘Scanning port ’ + tgtPort
connScan(tgtHost, int(tgtPort))
Application Banner Grabbing
In order to grab the application banner from our target host, we must first insert additional code into the connScan function. After discovering an open port, we send a string of data to the port and wait for the response. Gathering this response might give us an indication of the application running on the target host and port.
import optparse
import socket
from socket import ∗
def connScan(tgtHost, tgtPort):
try:
connSkt = socket(AF_INET, SOCK_STREAM)
connSkt.connect((tgtHost, tgtPort))
connSkt.send(‘ViolentPython\r\n’)
results = connSkt.recv(100)
print ‘[+]%d/tcp open’% tgtPort
print ‘[+] ’ + str(results)
connSkt.close()
except:
print ‘[-]%d/tcp closed’% tgtPort
def portScan(tgtHost, tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
print “[-] Cannot resolve ‘%s’: Unknown host” %tgtHost
return
try:
tgtName = gethostbyaddr(tgtIP)
print ‘\n[+] Scan Results for: ’ + tgtName[0]
except:
print ‘\n[+] Scan Results for: ’ + tgtIP
setdefaulttimeout(1)
for tgtPort in tgtPorts:
print ‘Scanning port ’ + tgtPort
connScan(tgtHost, int(tgtPort))
def main():
parser = optparse.OptionParser(“usage%prog ”+\
“-H
parser.add_option(‘-H’, dest=‘tgtHost’, type=‘string’, \
help=‘specify target host’)
parser.add_option(‘-p’, dest=‘tgtPort’, type=‘string’, \
help=‘specify target port[s] separated by comma’)
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(‘, ’)
if (tgtHost == None) | (tgtPorts[0] == None):
print ‘[-] You must specify a target host and port[s].’
exit(0)
portScan(tgtHost, tgtPorts)
if __name__ == ‘__main__’:
main()
For example, scanning a host with a FreeFloat FTP Server installed might reveal the following information in the banner grab:
attacker$ python portscanner.py -H 192.168.1.37 -p 21, 22, 80
[+] Scan Results for: 192.168.1.37
Scanning port 21
[+] 21/tcp open
[+] 220 FreeFloat Ftp Server (Version 1.00).
In knowing that the server runs FreeFloat FTP (Version 1.00) this will prove to be useful for targeting our application as seen later.
Threading the Scan
Depending on the timeout variable for a socket, a scan of each socket can take several seconds. While this appears trivial, it quickly adds up if we are scanning multiple hosts or ports. Ideally, we would like to scan sockets simultaneously as opposed to sequentially. Enter Python threading. Threading provides a way to perform these kinds of executions simultaneously. To utilize this in our scan, we will modify the iteration loop in our portScan() function. Notice how we call the connScan function as a thread. Each thread created in the iteration will now appear to execute at the same time.
for tgtPort in tgtPorts:
t = Thread(target=connScan, args=(tgtHost, int(tgtPort)))
t.start()
While this provides us with a significant advantage in speed, it does present one disadvantage. Our function connScan() prints an output to the screen. If multiple threads print an output at the same time, it could appear garbled and out of order. In order to allow a function to have complete control of the screen, we will use a semaphore. A simple semaphore provides us a lock to prevent other threads from proceeding. Notice that prior to printing an output, we grabbed a hold of the lock using screenLock.acquire(). If open, the semaphore will grant us access to proceed and we will print to the screen. If locked, we will have to wait until the thread holding the semaphore
Similar Books
Lullabye (Rockstar #6)
Anne Mercier
Florence and Giles
John Harding
Chasing Temptation
Payton Lane
Unforgettable
Adrianne Byrd
Three Little Maids
Patricia Scott
Insatiable
Opal Carew
Bat-Wing
Sax Rohmer
Mug Shots
Barry Oakley
Knowing Your Value
Mika Brzezinski
Murder Gets a Life
Anne George