Hack Your Work Place - Turn that boring laptop into a hacking weapon!!!
If you are reading through this article and excited to know the methods to achieve, let's take a quick pause. Before delving into the solution, let's take a moment to explore the situation and the challenges it presents.
In the dynamic landscape of security enthusiasts, there's an insatiable quest for real-world platforms to put their acquired skills into action. However, this pursuit often leads to frustration when stumbling upon roadblocks such as administrative restrictions preventing the installation of essential tools like BurpSuite or encountering barriers imposed by endpoint protection that block nmap.exe from executing. It's a common scenario faced by many in the security community: the desire to apply learned techniques in practical settings, only to be thwarted by bureaucratic hurdles or technological constraints. The inability to access preferred tools can feel like hitting a wall, hindering progress and dampening enthusiasm.
THAT SOUND WE ALL HATE!!
You would always be in a situation where you have limited user privilege and installing Vulnerability Assessment and Penetration Testing (VAPT) applications is prohibited, resorting to circumventing administrators by utilizing a USB bootable Kali Linux loaded with your preferred tools can be tempting. However, this strategy comes with considerable risks. Administrators are likely to monitor such activities closely, whether through surveillance cameras or vigilant human observation. The feeling of helplessness can be overwhelming in such circumstances, leaving you scrambling for a solution.
The use of unauthorized tools or unauthorized methods to access systems is a clear violation of organizational policies and may result in severe consequences, including disciplinary action or legal repercussions. Administrators are typically vigilant in monitoring for such activities, employing various surveillance measures to detect and deter unauthorized behavior.
So no matter how efficient you may be with Nessus, Nikto, Burpsuite, Metasploit etc etc etc, all your tool oriented knowledge is a sheer waste when it can't be used / installed because you DON'T have sufficient permission!
There's always at least ONE!
Yet, amidst these challenges, there exists a beacon of hope: PYTHON! available & accessible through most of the company portals or those sanctioned by accommodating administrators. Administrators, cognizant of demands around operational requirement or personal development plan, often exhibit leniency in permitting the installation and use of Python, recognizing their instrumental role towards organizational objectives.
By embracing "THIS" accessible alternative, security enthusiasts can transcend the limitations imposed by administrative constraints and technological barriers. They can channel their expertise into meaningful endeavors, contributing to the enhancement of security protocols, the fortification of digital infrastructures, and the cultivation of a robust cybersecurity culture within their respective organizations.
This not only mitigates the risk of potential repercussions but also fosters a culture of accountability and responsibility within the security community.
An idea can change your privilege!
Let's answer the most basic question - What is a tool ? A penetration tool is nothing but a program or a group of programs together forming an application with a user friendly interface facilitating the need within few clicks.
How about achieving the potentials of a tool using python ?
Step 1: Getting your laptop ready: As stated above, you might not have sufficient privileges to install your favorite hacking tool. Time to get off that script kiddy chair and step into the real hacking world. Python as a programming language / tool is allowed across all organizations. You might even find some great IDEs on your company portal.
A few to look up for are as follows :
- IDLE
- PyCharm
- Spyder
- Pydev
No? Well don't be disheartened, there's still more alternatives. Every windows machine has Visual Studio Code. VS Code can be a good alternative to code and test your scripts.
If the thought of "what to code" leaves you wandering, I won't keep you waiting any longer but share my codes that can be simply get copied and pasted in the form of a python file, followed by your IDE running it for you.
Step 2: Scanning your victim - Before you hack a machine you would first like to know the open ports and services running on it. In an ideal scenario a hacker would like to use "nmap" and it's list of powerful switches to gain information.
I created the below codes which are subsets of nmap and will scan your victim's machines.
Scan Multiple Ports for 1 IP :
#The below code is for single IP address but with an option to select a #range of ports
#Use It Responsibly! This is for educational purpose only and the author #of this script is no way responsible for any unauthorized activity - #Sudipt Ghatak
import socketdef scan_ports(target, start_port, end_port):
open_ports = []
for port in range(start_port, end_port + 1):
try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.settimeout(1)
result = s.connect_ex((target, port))
if result == 0:
open_ports.append(port)
except KeyboardInterrupt:
print("\nScan interrupted.")
break
except socket.error:
pass
return open_portsdef main():
target = input("Enter the target IP address or hostname: ")
start_port = int(input("Enter the start port number: "))
end_port = int(input("Enter the end port number: "))
open_ports = scan_ports(target, start_port, end_port)
if open_ports:
print("Open ports:")
for port in open_ports:
print(port)
else:
print("No open ports found.")if __name__ == "__main__":
main()
Scan a subnet of IPs for a particular port :
#This script takes an IP subnet in CIDR notation (e.g., 192.168.1.0/24) #and a port number as input. It then scans all IP addresses within the #subnet for the specified port, using multithreading to speed up the #process.
#Use It Responsibly! This is for educational purpose only and the author #of this script is no way responsible for any unauthorized activity - #Sudipt Ghatakimport socket
import ipaddress
import concurrent.futuresdef scan_port(ip, port):
try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.settimeout(1)
result = s.connect_ex((ip, port))
if result == 0:
return port
except KeyboardInterrupt:
pass
except socket.error:
pass
return Nonedef scan_subnet(subnet, port):
open_ports = {}
with concurrent.futures.ThreadPoolExecutor() as executor:
future_to_ip = {executor.submit(scan_port, str(ip), port): str(ip) for ip in subnet.hosts()}
for future in concurrent.futures.as_completed(future_to_ip):
ip = future_to_ip[future]
try:
open_port = future.result()
if open_port:
open_ports[ip] = open_port
except Exception as e:
pass
return open_portsdef main():
subnet_str = input("Enter the IP subnet (e.g., 192.168.1.0/24): ")
port = int(input("Enter the port number to scan: "))try:
subnet = ipaddress.ip_network(subnet_str)
open_ports = scan_subnet(subnet, port)if open_ports:
print("Open ports:")
for ip, open_port in open_ports.items():
print(f"{ip}:{open_port}")
else:
print("No open ports found.")
except ValueError:
print("Invalid subnet format.")if __name__ == "__main__":
main()
Scans the IP & Port and returns the O/s version
#This script takes an IP and a port and returns the operating system #version of the victim machine.
#Use It Responsibly! This is for educational purpose only and the author #of this script is no way responsible for any unauthorized activity - #Sudipt Ghatak
import socket
import subprocess
import platformdef get_os_info():
return platform.system(), platform.release()def get_open_ports(ip_address, start_port, end_port):
open_ports = []
for port in range(start_port, end_port+1):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
result = sock.connect_ex((ip_address, port))
if result == 0:
open_ports.append(port)
sock.close()
return open_portsdef get_app_version(ip_address, port):
protocol = input("Enter the protocol (tcp/udp): ")
if protocol == "tcp":
result = subprocess.run(f"nmap -sT -p {port} {ip_address}", shell=True, capture_output=True, text=True)
elif protocol == "udp":
result = subprocess.run(f"nmap -sU -p {port} {ip_address}", shell=True, capture_output=True, text=True)
else:
print("Invalid protocol.")
return None
if "discovered open port" in result.stdout:
for line in result.stdout.split("\n"):
if "Service Info: OS: " in line:
return line.split(": ")
else:
print("No service detected on the specified port.")
return Nonedef ip_scanner(ip_address, start_port, end_port):
os_info, _ = get_os_info()
open_ports = get_open_ports(ip_address, start_port, end_port)
if open_ports:
print(f"Open ports on {ip_address} ({os_info}):")
for port in open_ports:
app_version = get_app_version(ip_address, port)
if app_version:
print(f"Port {port} - {app_version}")
else:
print(f"No open ports found on {ip_address} ({os_info}).")if __name__ == "__main__":
ip_address = input("Enter the IP address: ")
start_port = int(input("Enter the starting port: "))
end_port = int(input("Enter the ending port: "))
ip_scanner(ip_address, start_port, end_port)
- 0
Post Your Comment