Book Image

Python Web Penetration Testing Cookbook

By : Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip
Book Image

Python Web Penetration Testing Cookbook

By: Benjamin May, Cameron Buchanan, Andrew Mabbitt, Dave Mound, Terry Ip

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Python Web Penetration Testing Cookbook
Benjamin May | Cameron Buchanan | Andrew Mabbitt | Dave Mound | Terry Ip
Jun, 2015 | 224 pages
No titles found
Table of Contents (16 chapters)
Python Web Penetration Testing Cookbook
Python Web Penetration Testing Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Gathering Open Source Intelligence
Gathering Open Source Intelligence
Introduction
Gathering information using the Shodan API
Scripting a Google+ API search
Downloading profile pictures using the Google+ API
Harvesting additional results from the Google+ API using pagination
Getting screenshots of websites with QtWebKit
Screenshots based on a port list
Spidering websites
2
Enumeration
Enumeration
Introduction
Performing a ping sweep with Scapy
Scanning with Scapy
Checking username validity
Brute forcing usernames
Enumerating files
Brute forcing passwords
Generating e-mail addresses from names
Finding e-mail addresses from web pages
Finding comments in source code
3
Vulnerability Identification
Vulnerability Identification
Introduction
Automated URL-based Directory Traversal
Automated URL-based Cross-site scripting
Automated parameter-based Cross-site scripting
Automated fuzzing
jQuery checking
Header-based Cross-site scripting
Shellshock checking
4
SQL Injection
SQL Injection
Introduction
Checking jitter
Identifying URL-based SQLi
Exploiting Boolean SQLi
Exploiting Blind SQL Injection
Encoding payloads
5
Web Header Manipulation
Web Header Manipulation
Introduction
Testing HTTP methods
Fingerprinting servers through HTTP headers
Testing for insecure headers
Brute forcing login through the Authorization header
Testing for clickjacking vulnerabilities
Identifying alternative sites by spoofing user agents
Testing for insecure cookie flags
Session fixation through a cookie injection
6
Image Analysis and Manipulation
Image Analysis and Manipulation
Introduction
Hiding a message using LSB steganography
Extracting messages hidden in LSB
Hiding text in images
Extracting text from images
Enabling command and control using steganography
7
Encryption and Encoding
Encryption and Encoding
Introduction
Generating an MD5 hash
Generating an SHA 1/128/256 hash
Implementing SHA and MD5 hashes together
Implementing SHA in a real-world scenario
Generating a Bcrypt hash
Cracking an MD5 hash
Encoding with Base64
Encoding with ROT13
Cracking a substitution cipher
Cracking the Atbash cipher
Attacking one-time pad reuse
Predicting a linear congruential generator
Identifying hashes
8
Payloads and Shells
Payloads and Shells
Introduction
Extracting data through HTTP requests
Creating an HTTP C2
Creating an FTP C2
Creating an Twitter C2
Creating a simple Netcat shell
9
Reporting
Reporting
Introduction
Converting Nmap XML to CSV
Extracting links from a URL to Maltego
Extracting e-mails to Maltego
Parsing Sslscan into CSV
Generating graphs using plot.ly
Index
Index

Creating an FTP C2

This script is a quick and dirty file-theft tool. It runs in a straight line up the directories, nabbing everything it comes into contact with. It then exports these to an FTP directory that it's pointed at. In situations where you can drop a file and want to quickly get the contents of the server, this is ideal as a starting point.

We will create a script that connects to an FTP, grabs the files in the current directory, and exports them to the FTP. It then jumps up into the next directory and repeats. When it encounters two directory listings that are the same (that is, it has hit the root), it stops.

Getting Started

For this, you will need a functioning FTP server. I'm using vsftpd, but you may use whatever you please. You'll need to either hard code the credentials into the script (not advisable) or send them with the credentials as flags.

How to do it…

The script we will be using is as follows:

from ftplib import FTP
import time
import os

user = sys.argv[1]
pw = sys.argv...
Previous Section
End of Section 5
Next Section