Erra's blog

[NIX Programming] Part 1: Knowing the Roots.

[History and Overview]
It's important to keep an open mind when it comes to going back to the roots because understanding them is something that can help unlock a barrier long forgotten that is important in the way things work. Now everything that's fundamental about computer came from a system once known as UNIX, UNIX was an incredibly powerful operating system that was dated back in the late 20th century, only that as it grew it went from being free into something that was sold onto corporations for big money. Over time Bill Gates used UNIX to create the very first form of windows written in C. 2 years after the release of Windows in 1983 C became C++. Gradually over time Windows evolved and Microsoft wanted to remove UNIX from the equation in an effort to become independent, and they did as such by ripping away everything good that UNIX brought for the sake of making their own proprietary versions of it through MS-DOS. The other computer company at the time, Apple, chose to file a lawsuit over their grand scheme of things involving the software for the Lisa project, for imitating all the new qualities they had to offer, but Steve Jobs was in it for the loss in this lawsuit as by the time Windows was improved they had already removed all the things that made Lisa what it was.

[NETENG] Python TCP Programming

All scripts I write for this are found from the latest edition of Foundations of Python Networking by Brandon Rhodes which you can buy here:

The almighty Transfer Control Protocol or TCP as we all know it to be can be seen as a demigod for network protocols encompassing most of the internet in its grasp. To the way TCP works, you have to consider the way the three-way handshake happens SYN - SYN/ACK - ACK for beginning the connection, and FIN - FIN/ACK - ACK. If you don't already know about it consider looking up information about it. I went ahead and looked for a really good tutorial on YouTube which you can check out here

Anyway, the simplest thing to look at is a code for simply making a TCP client and server scenario...however with an added twist explained later on:

#!/usr/bin/env python3
import argparse, socket

def recvall(sock, length):
    #define empty data buffer
    data = b''
    #while the data buffer isnt the size of the incoming data
    while len(data) < length:
        #receive the (length - len(data)) bytes
        more = sock.recv(length - len(data))
        #if the server/client receives nothing
        if not more:
            #raise EOF error
            raise EOFError('was expecting {0} bytes but only received {1} bytes before the socket closed'.format(length, len(data)))
        data += more
    return data

def server(interface, port):
    #create socket with the reuse option for server
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.bind((interface, port))
    print('Listening at', sock.getsockname())
    while True:
        #accept the incoming socket
        print('Waiting to accept a new connection')
        sc, sockname = sock.accept()

[NETENG] Python UDP Programming

All scripts I write for this are found from the latest edition of Foundations of Python Networking by Brandon Rhodes which you can buy here:

Contrasting the two biggest fields in IT to me is essential, like the concept of yin and yang, the two cannot coexist without the other. The two fields I am talking about are Network Engineering and Cybersecurity; I feel that it is essential to have an understanding of both as opposed to just one because the more you understand about one the more control you have over a network. Network Engineering is about solving problems...well through the use of engineering. Essentially what you are doing is solving problems within a network or making things easier through automation, plain and simple, using programming languages to do so. So to start this topic off I'll give an overview by introducing network programming with python.

To start off, we all know UDP is a non connection oriented protocol that sends out packets in the form of datagrams. Working with the protocol can be a tricky because in the world of cybersecurity clients using the protocol can be seen as promiscuous simply because often times the programmer may forget to check who the sender of the packet they just received is. Here's an example of a dangerous client:

import argparse, socket
from datetime import datetime

def server(port):
        server = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        print('Listening at {}'.format(server.getsockname()))
        while True:
                data, address = server.recvfrom(1024)
                text = data.decode('ascii')
                print('Client says {}'.format(text))
                text = 'Your data was {} bytes long'.format(len(data))
                data = text.encode('ascii')
                server.sendto(data, address)

def client(port):
        client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

[ + ] Create an ARP Spoofer in Python

I should say that all the knowledge I gained from creating this is from a very good instructor name Zaid Sabih, owner of Zsecurity you can check out his website and support him by purchasing his course at some point, he goes into better detail than I do and has more then 180,000 students to date here and here

ARP Spoofing is very simple to understand, the essential concept is that you become a man in the middle so that you are able to sniff and redirect packets between a target and the local router within a private network. While there are software such as Wireshark that allow you to do this, this is more just to gain an understanding of how things work:

Image Concept of ARP Spoofing

The first thing to note if you are a Linux user, is that to route or forward packets to anywhere the way a router does you need to place a 1 in the ip_forward file to do this you can use the find program:

$find proc/sys/ -name ip_forward
$echo 1 > /proc/sys/net/ipv4/ip_forward

What you are exploiting when you perform this attack is that a nic will accept any ARP response that is incoming into it. Meaning that by sending any ARP response the victim will take it, accept it, and put the response's MAC address into its ARP table. To construct this attack we once again use scapy for the job; we can start by determining what attributes of the packet it is were going to modify to construct this response:
$ python3
Python 3.6.6 (default, Sep 12 2018, 18:26:19)
[GCC 8.0.1 20180414 (experimental) [trunk revision 259383]] on linux
Type "help", "copyright", "credits" or "license" for more information.

[ + ] Creating an ARP Based Scanner on Python

I should say that all the knowledge I gained from creating this is from a very good instructor named Zaid Sabih, owner of Zsecurity you can check out his website and support him by purchasing his course at some point, he goes into better detail than I do and has more then 180,000 students to date here and here

Often times you may want to identify hosts on a LAN and maybe you want to say for example dos a target or perform some sort of ARP spoofing to do something related to capture traffic. To understand this you obviously should know how to program in python, and should know a little bit about what the scapy module is used for, you can refer to its documentation here:

To start off, everything I'm about to explain can simply be done in the three following lines:

import scapy.all as scapy

But for the sake of understanding how things work, I've put together a script to help curb your understanding here is a simplified version to start you off:

import scapy.all as scapy

def scan(ip):
        arp_packet= scapy.ARP(pdst=ip)  ##create ARP packet object with its pdst field having the ip
        ##can also do arp_packet.pdst = ip
        #print(arp_packet.summary())            ##print summary for ARP request                   ##print out the contents of the arp packet
        #to send the packet to the entire network you'll need to
        #set the destination mac to the broadcast mac address ff.ff.ff.ff.ff.ff
        broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")        #create ethernet broadcast frame
        #print(broadcast.summary())                                                     #print summary                                                            #examine broadcast packet contents

        #then combine the packet together using / because scapy allows you to do so

[ + ] Repost of Shellcode Programming

Due to the lack of availability of info on the topic I've decided to re-post this on my blog, I feel it's something I'd like to look back to if I need it:

Initially before writing this I thought to myself that because I had worked really hard on this matter (give or take about two weeks or so of constant hammering), I have just opened doors that were previously closed to me due to the passage of time and how things change. But I was convinced that what this community stands for, and how without it and someone there to guide me on this journey I'd be lost as hell. So I figured I'd give back by sharing what I've learned recently, which is creating shellcode for a portbind attack... however, the difference between what is commonly used to make it and my version of doing so, is that I use a more logical and concise method of doing it. To preface this I'm going to assume that you know x64 ASM, C network programming, and the basics of using Linux. I am also trusting that this post stays within the Soldierx community, I strongly support this community and hope to see its members cherish from this information.

If you don't know x64 ASM, I would recommend using Ray Seyfarth's Intro to x64 on Linux (and Windows for future projects):
If you don't know C network programming I highly recommend Linux Socket Programming By Example by Warren Gay:


Rather than post about everything I learn on forum threads, I figure it would be best to start my own blog in SX so don't have to flood threads! Laughing out loud I am going to start by posting my recently learned topics over here and hope my knowledge can help the needy over time. I will still post in threads when I'm not sure about something, otherwise I'll post everything here. I chose to start this since I hated writing notes on my notebook, plus, examples don't have syntax highlighting the way SX does on a notebook anyway!

Syndicate content