Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specific resources. Result: They work on any OS with a python interpreter. If packaged, they will work on any OS if even if python is NOT installed.…

BACKDOORS Sockets Problem: TCP is stream-based. Difficult to identify the end of message/batch. Solution: Make sure the message is well defined. Implement a protocol that sends and receives methods conform to. Send the size of the message as a header…

REVERSE_BACKDOOR Access file system. Execute system commands. Download files. Upload files. Persistence. BACKDOORS An interactive program gives access to a system its executed on. Command execution. Access file system. Upload/download files. Run keyl…

Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: An incorrect command is sent. The correct command is miss-used. Listener: #!/usr/bin/env python import socket import json import base64 class Listener…

File Upload: A file is a series of characters. Uploading a file is the opposite of downloading a file. Therefore to transfer a file we need to: 1. Read the file as a sequence of characters. 2. Send this sequence of characters. 3. Create a new empty f…

File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read the file as a sequence of characters. 2. Send this sequence of characters. 3. Create a new empty file at the destination. 4. Store the transferred seque…

REVERSE_BACKDOOR - cd command Access file system: cd command changes current working directory. It has 2 behaviours: cd -> shows current working directory. cd directoryname -> changes current working directory to directoryname Client side - Backdoor…

Refactoring - Creating a Listener Class #!/usr/bin/env python import socket class Listener: def __init__(self, ip, port): listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM) listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) list…

Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they did not send a request. 2. Clients trust response without any form of verification. 1. Run the following command on the victim - Windows 10 Machine. a…

DICTIONARIES Similar to lists but use key instead of an index. LISTS List of values/elements, all can be stored in one variable. Improving the Program Using a List of Dictionaries: #!/usr/bin/env python import scapy.all as scapy def scan(ip): arp_req…