Forum Replies Created
- Posts
Hi Diego,
To clarify my last post, I know how to turn a applescript payload into an application but my problem is to turn a python script into an application for osx.
Hi Diego,
I am not sure I understand correctly. I compiled the python script on a osx machine using pyinstaller as shown in the lesson and i get an exe. As exe are Windows executable only how do I compile the script into an osx executable? From the social engineering course I learned how to turn bat file into a script but how do I do it with a Python script? As you can see I am very confused.
Thanks for clarifying
Thanks Diego,
I am now able to download the JPEG but I have a problem with the backdoor. I added open inside subprocess.call but it does’t execute the exe. Instead it opens the Unarchiver app on screen and no connection gets established . Is open the right command to run the reverse backdoor?
Thanks for your help
Hello Diego,
1. I run sudo pip3 install pynput and it is installed. My pip version is 20.1.1
2. Numbers on the right , I am using a desktop keyboard.Thanks a lot Diego, I will read it.
Is the subject covered in any of the courses? Also any other course that has coding in it? I have done a few but this one is by far the most interesting as we write our codes.
Hello Diego,
here is the code:
#!/usr/bin/env python import requests import re import urllib.parse as urlparse from bs4 import BeautifulSoup class Scanner: def __init__(self, url, ignore_links): self.session = requests.Session() self.target_url = url self.target_links = [] self.links_to_ignore = ignore_links def extract_links_from(self, url): response = self.session.get(url) return re.findall('(?:href=")(.*?)"', response.content.decode(errors="ignore")) # response.content.decode(ignore="error)) def crawl(self, url=None): if url == None: url =self.target_url href_links = self.extract_links_from(url) for link in href_links: link = urlparse.urljoin(url, link) if "#" in link: link = link.split("#")[0] if self.target_url in link and link not in self.target_links and link not in self.links_to_ignore: self.target_links.append(link) print(link) self.crawl(link) def extract_forms(self,url): response = self.session.get(url) parsed_html = BeautifulSoup(response.content, features="lxml") return parsed_html.findAll("form") def submit_form(self, form, value, url): action = form.get("action") post_url = urlparse.urljoin(url, action) method = form.get("method") inputs_list = form.findAll("input") post_data = {} for input in inputs_list: input_name = input.get("name") input_type = input.get("type") input_value = input.get("value") if input_type == "text": input_value = value post_data[input_name] = input_value if method == "post": return self.session.post(post_url, data=post_data) return self.session.get(post_url, params=post_data) def run_scanner(self): for link in self.target_links: forms = self.extract_forms(link) for form in forms: print("[+] Testing form in " + link) is_vulnerable_to_xss = self.test_xxs_in_form(form, link) if is_vulnerable_to_xss: print("[****] XXS discovered in " + link + "in the following form") print(form) if "=" in link: print("\n\n[+] Testing " + link) is_vulnerable_to_xss = self.test_xxs_in_link(link) if is_vulnerable_to_xss: print("[****] XXS discovered in " + link ) def test_xxs_in_link(self,url): xxs_test_script = "<sCript>alert('test')</scriPt>" url = url.replace("=", "=" + xxs_test_script) response = self.session.get(url) return xxs_test_script.encode() in response.content def test_xxs_in_form(self, form, url): xxs_test_script = "<sCript>alert('test')</scriPt>" response = self.submit_form(form, xxs_test_script, url) return xxs_test_script.encode() in response.contentHi Diego!
I tried the findAll and I get the same error as I get with find_all:
root@kali:~/PycharmProjects/vulnerability-scanner# python3 vulnerability_scanner.py http://10.0.2.14/dvwa/dvwa/css/main.css http://10.0.2.14/dvwa/favicon.ico http://10.0.2.14/dvwa/ http://10.0.2.14/dvwa/instructions.php http://10.0.2.14/dvwa/setup.php http://10.0.2.14/dvwa/vulnerabilities/brute/ http://10.0.2.14/dvwa/vulnerabilities/exec/ http://10.0.2.14/dvwa/vulnerabilities/csrf/ http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php http://10.0.2.14/dvwa/vulnerabilities/sqli/ http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/ http://10.0.2.14/dvwa/vulnerabilities/upload/ http://10.0.2.14/dvwa/vulnerabilities/xss_r/ http://10.0.2.14/dvwa/vulnerabilities/xss_s/ http://10.0.2.14/dvwa/security.php http://10.0.2.14/dvwa/phpinfo.php http://10.0.2.14/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 http://10.0.2.14/dvwa/about.php http://10.0.2.14/dvwa/instructions.php?doc=PHPIDS-license http://10.0.2.14/dvwa/instructions.php?doc=readme http://10.0.2.14/dvwa/instructions.php?doc=changelog http://10.0.2.14/dvwa/instructions.php?doc=copying http://10.0.2.14/dvwa/security.php?phpids=on http://10.0.2.14/dvwa/security.php?phpids=off http://10.0.2.14/dvwa/security.php?test=%22><script>eval(window.name)</script> http://10.0.2.14/dvwa/ids_log.php [+] Testing form in http://10.0.2.14/dvwa/setup.php [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/brute/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/exec/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/csrf/ [+] Testing http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/upload/ Traceback (most recent call last): File "vulnerability_scanner.py", line 13, in <module> vuln_scanner.run_scanner() File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 66, in run_scanner is_vulnerable_to_xss = self.test_xxs_in_form(form, link) File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 87, in test_xxs_in_form return xxs_test_script.encode() in response.content AttributeError: 'NoneType' object has no attribute 'content'any suggestions? thanks!
see here:
Since html.parser is not the same parser as SGMLParser, you may find that Beautiful Soup 4 gives you a different parse tree than Beautiful Soup 3 for the same markup. If you swap out html.parser for lxml or html5lib, you may find that the parse tree changes yet again. If this happens, you’ll need to update your scraping code to deal with the new tree.
Method namesrenderContents -> encode_contents
replaceWith -> replace_with
replaceWithChildren -> unwrap
findAll -> find_all
findAllNext -> find_all_next
findAllPrevious -> find_all_previous
findNext -> find_next
findNextSibling -> find_next_sibling
findNextSiblings -> find_next_siblings
findParent -> find_parent
findParents -> find_parents
findPrevious -> find_previous
findPreviousSibling -> find_previous_sibling
findPreviousSiblings -> find_previous_siblings
getText -> get_textHello Diego,
I think with this version of BeautifulSoup i need to use find_all, see the error i get with findALL:
`root@kali:~/PycharmProjects/vulnerability-scanner# python3 vulnerability_scanner.py
http://10.0.2.14/dvwa/dvwa/css/main.css
http://10.0.2.14/dvwa/favicon.ico
http://10.0.2.14/dvwa/
http://10.0.2.14/dvwa/instructions.php
http://10.0.2.14/dvwa/setup.php
http://10.0.2.14/dvwa/vulnerabilities/brute/
http://10.0.2.14/dvwa/vulnerabilities/exec/
http://10.0.2.14/dvwa/vulnerabilities/csrf/
http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php
http://10.0.2.14/dvwa/vulnerabilities/sqli/
http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/
http://10.0.2.14/dvwa/vulnerabilities/upload/
http://10.0.2.14/dvwa/vulnerabilities/xss_r/
http://10.0.2.14/dvwa/vulnerabilities/xss_s/
http://10.0.2.14/dvwa/security.php
http://10.0.2.14/dvwa/phpinfo.php
http://10.0.2.14/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
http://10.0.2.14/dvwa/about.php
http://10.0.2.14/dvwa/instructions.php?doc=PHPIDS-license
http://10.0.2.14/dvwa/instructions.php?doc=readme
http://10.0.2.14/dvwa/instructions.php?doc=changelog
http://10.0.2.14/dvwa/instructions.php?doc=copying
http://10.0.2.14/dvwa/security.php?phpids=on
http://10.0.2.14/dvwa/security.php?phpids=off
http://10.0.2.14/dvwa/security.php?test=%22><script>eval(window.name)</script>
http://10.0.2.14/dvwa/ids_log.php
Traceback (most recent call last):
File “vulnerability_scanner.py”, line 13, in <module>
vuln_scanner.run_scanner()
File “/root/PycharmProjects/vulnerability-scanner/scanner.py”, line 63, in run_scanner
forms = self.extract_forms(link)
File “/root/PycharmProjects/vulnerability-scanner/scanner.py”, line 39, in extract_forms
return parsed_html.findALL(“form”) # find_all
TypeError: ‘NoneType’ object is not callable
root@kali:~/PycharmProjects/vulnerability-scanner#Hello Diego,
Yes it was a the / the was missing, I now run into another error:
#!/usr/bin/env python import requests import re import urllib.parse as urlparse from bs4 import BeautifulSoup class Scanner: def __init__(self, url, ignore_links): self.session = requests.Session() self.target_url = url self.target_links = [] self.links_to_ignore = ignore_links def extract_links_from(self, url): response = self.session.get(url) return re.findall('(?:href=")(.*?)"', response.content.decode(errors="ignore")) # response.content.decode(ignore="error)) def crawl(self, url=None): if url == None: url =self.target_url href_links = self.extract_links_from(url) for link in href_links: link = urlparse.urljoin(url, link) if "#" in link: link = link.split("#")[0] if self.target_url in link and link not in self.target_links and link not in self.links_to_ignore: self.target_links.append(link) print(link) self.crawl(link) def extract_forms(self,url): response = self.session.get(url) parsed_html = BeautifulSoup(response.content, features="lxml") return parsed_html.find_all("form") def submit_form(self, form, value, url): action = form.get("action") post_url = urlparse.urljoin(url, action) method = form.get("method") inputs_list = form.find_all("input") post_data = {} for input in inputs_list: input_name = input.get("name") input_type = input.get("type") input_value = input.get("value") if input_type == "text": input_value = value post_data[input_name] = input_value if method == "post": return self.session.post(post_url, data=post_data) return self.session.get(post_url, params=post_data) def run_scanner(self): for link in self.target_links: forms = self.extract_forms(link) for form in forms: print("[+] Testing form in " + link) is_vulnerable_to_xss = self.test_xxs_in_form(form, link) if is_vulnerable_to_xss: print("[****] XXS discovered in " + link + "in the following form") print(form) if "=" in link: print("\n\n[+] Testing " + link) is_vulnerable_to_xss = self.test_xxs_in_link(link) if is_vulnerable_to_xss: print("[****] XXS discovered in " + link ) def test_xxs_in_link(self,url): xxs_test_script = "<sCript>alert('test')</scriPt>" url = url.replace("=", "=" + xxs_test_script) response = self.session.get(url) return xxs_test_script.encode() in response.content def test_xxs_in_form(self, form, url): xxs_test_script = "<sCript>alert('test')</scriPt>" response = self.submit_form(form, xxs_test_script, url) return xxs_test_script.encode() in response.content#!/usr/bin/env python import scanner target_url = "http://10.0.2.14/dvwa/" links_to_ignore =["http://10.0.2.14/dvwa/logout.php"] data_dict = {"username": "admin", "password": "password", "Login": "submit"} vuln_scanner = scanner.Scanner(target_url, links_to_ignore) vuln_scanner.session.post("http://10.0.2.14/dvwa/login.php", data=data_dict) vuln_scanner.crawl() vuln_scanner.run_scanner()Error:
root@kali:~/PycharmProjects/vulnerability-scanner# python3 vulnerability_scanner.py http://10.0.2.14/dvwa/dvwa/css/main.css http://10.0.2.14/dvwa/favicon.ico http://10.0.2.14/dvwa/ http://10.0.2.14/dvwa/instructions.php http://10.0.2.14/dvwa/setup.php http://10.0.2.14/dvwa/vulnerabilities/brute/ http://10.0.2.14/dvwa/vulnerabilities/exec/ http://10.0.2.14/dvwa/vulnerabilities/csrf/ http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php http://10.0.2.14/dvwa/vulnerabilities/sqli/ http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/ http://10.0.2.14/dvwa/vulnerabilities/upload/ http://10.0.2.14/dvwa/vulnerabilities/xss_r/ http://10.0.2.14/dvwa/vulnerabilities/xss_s/ http://10.0.2.14/dvwa/security.php http://10.0.2.14/dvwa/phpinfo.php http://10.0.2.14/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 http://10.0.2.14/dvwa/about.php http://10.0.2.14/dvwa/instructions.php?doc=PHPIDS-license http://10.0.2.14/dvwa/instructions.php?doc=readme http://10.0.2.14/dvwa/instructions.php?doc=changelog http://10.0.2.14/dvwa/instructions.php?doc=copying http://10.0.2.14/dvwa/security.php?phpids=on http://10.0.2.14/dvwa/security.php?phpids=off http://10.0.2.14/dvwa/security.php?test=%22><script>eval(window.name)</script> http://10.0.2.14/dvwa/ids_log.php [+] Testing form in http://10.0.2.14/dvwa/setup.php [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/brute/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/exec/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/csrf/ [+] Testing http://10.0.2.14/dvwa/vulnerabilities/fi/?page=include.php [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/sqli_blind/ [+] Testing form in http://10.0.2.14/dvwa/vulnerabilities/upload/ Traceback (most recent call last): File "vulnerability_scanner.py", line 13, in <module> vuln_scanner.run_scanner() File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 66, in run_scanner is_vulnerable_to_xss = self.test_xxs_in_form(form, link) File "/root/PycharmProjects/vulnerability-scanner/scanner.py", line 87, in test_xxs_in_form return xxs_test_script.encode() in response.content AttributeError: 'NoneType' object has no attribute 'content' root@kali:~/PycharmProjects/vulnerability-scanner#I could not work out, the same code few lines above doesn’t give an error.
If I may I have a suggestion, I have done a Python course on Udemy and there was the possibility to download the source code of what we were learning, it was easier like this to spot typo by our self.
Thanks
Hi Diego,
Yes I did install Wine first and then I was asked to install Wine32.
This is the version:
r`oot@kali:~# cat /etc/os-release
PRETTY_NAME=”Kali GNU/Linux Rolling”
NAME=”Kali GNU/Linux”
ID=kali
VERSION=”2020.1″
VERSION_ID=”2020.1″
VERSION_CODENAME=”kali-rolling”
ID_LIKE=debian
ANSI_COLOR=”1;31″
HOME_URL=”https://www.kali.org/”
SUPPORT_URL=”https://forums.kali.org/”
BUG_REPORT_URL=”https://bugs.kali.org/”
root@kali:~#`Hi Diego!
no need to be sorry! You spotted it and now it’s working. I learn a lot from this kind of mistakes.
Thanks again
Hello Diego,
I installed Wine and then i needed to install wine32, once I tried i got this error:
root@kali:~/Downloads# apt-get install wine32 Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: wine32:i386 : Depends: libc6:i386 (>= 2.28) but it is not going to be installed Depends: libwine:i386 (= 5.0-4) but it is not going to be installed E: Unable to correct problems, you have held broken packages. root@kali:~/Downloads#please advise
