PythonPenTesting

CIS 008 Advanced Python Fall 2023
Professor Ahmed Ezzat

December 14, 2023

PENETRATION TESTING using Python

Group 2: Dave Goeke, Effrain Lopez Guevara (dropped), Ben Jiao (mia), and Kevin Henderson-Bruhn (mia)

Architecture

Purpose

Results

Cyber attacks

Reconnaissance with Python Nmap (3)

What does an attack target see?

Socket

Dictionary Attack

Gas Attack

Packet Trace and Form Update, time permitting

Lessons learned

Objectives: Learn to use Python to conduct penetration tests, aka cyber attacks

Architectures

1- Home network with four linux hosts and two MacBook Pros. Static IP addressing. Connected via switch. All hosts serve as attack targets and launch platforms. One also serves as an SMB file server.

2- Isolated network of four iMacs, one Windows 10 platform, and a MacBook Pro. iMacs are attack targets for the ‘gas attack’, Win10 system is the launch platform, and MacBook Pro is the development environment

3- MacBook Pro connected to the internet for reconnaissance attacks against google and mission college.

Reconnaissance attacks

Program output

dagmbp:Pen Test Project Scripts daveg$ sudo python3 nmapscanner-4.py
Host: 10.3.129.84
State: up
Protocol: tcp
Port: 514 State: open

One open port, #514. This port is for system logs. This is an rsyslog server. Some printers on the MC LAN send job log records to this server for storage and problem analysis, rather than store the logfile data on the printer.

Note no operating system information

This is what target recorded in syslog during probe

Nov 30 17:17:07 10.3.129.28 #000#000(r#035#023#000#000#000#000#000#000#000#002#000#001#000#001|#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000
Nov 30 17:17:12 10.3.129.28 #000#036#000#006#001#000#000#001#000#000#000#000#000#000#007version#004bind#000#000#020#000#003
Nov 30 17:17:17 10.3.129.28 #000#014#000#000#020#000#000#000#000#000#000#000#000
Nov 30 17:17:17 10.3.129.28 #015
Nov 30 17:17:17 10.3.129.28 #015
Nov 30 17:17:22 OPTIONS / HTTP/1.0#015
Nov 30 17:17:22 10.3.129.28 #015
Nov 30 17:17:27 OPTIONS / RTSP/1.0#015
Nov 30 17:17:27 10.3.129.28 #015
Nov 30 17:17:32 10.3.129.28 HELP#015
Nov 30 17:17:40 10.3.129.28 #026#003#000#000S#001#000#000O#003#000?G,`~#000{Ֆw<=o#020n#000#000(#000#026#000#023
Nov 30 17:17:45 10.3.129.28 #000f#000#005#000#004#000e#000d#000c#000b#000a#000`#000#025#000#022#000#011#000#024#000#021#000#010#000#006#000#003#001
Nov 30 17:17:45 10.3.129.28 #003#000#000*%#000#000#000#000#000Cookie: mstshash=nmap#015
Nov 30 17:17:50 10.3.129.28 #001#000#010#000#003#000#000
Nov 30 17:17:50 10.3.129.28 #026#003#000#000i#001#000#000e#003#003U#034random1random2random3random4#000#000#014#000/
Nov 30 17:17:55 10.3.129.28 #000#023#0009#000#004#000#001#000#0000#000#015#000,#000*#000#001#000#003#000#002#006#001#006#003#006#002#002#001#002#003#002#002#003#001#003#003#003#002#004#001#004#003#004#002#001#001#001#003#001#002#005#001#005#003#005#002
Nov 30 17:17:55 10.3.129.28 #000#000#000qjn0k#003#002#001#005#003#002#001
Nov 30 17:18:00 10.3.129.28 ^0\#007#003#005#000P#000#020#004#033#002NM#0270#025#003#002#001#000#0160#014#033#006krbtgt#033#002NM#021#030#01719700101000000Z#006#002#004#037#036٨#0270#025#002#001#022#002#001#021#002#001#020#002#001#027#002#001#001#002#001#003#002#001#002
Nov 30 17:18:05 10.3.129.28 #000#000#000SMBr#000#000#000#000#010#001@#000#000#000#000#000#000#000#000#000#000#000#000#000#000@#006#000#000#001#000#000#000#002PC NETWORK PROGRAM 1.0#000#002MICROSOFT NETWORKS 1.03#000#002MICROSOFT NETWORKS 3.0#000#002LANMAN1.0#000#002LM1.2X002#000#002Samba#000#002NT LANMAN 1.0#000#002NT LM 0.12
Nov 30 17:18:10 10.3.129.28 l#000#013#000#000#000#000#000#000#000#000
Nov 30 17:18:10 GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0#015
Nov 30 17:18:10 10.3.129.28 #015
Nov 30 17:18:15 10.3.129.28 #001default
Nov 30 17:18:20 10.3.129.28 #000#000#000-#002#001#007c#000#000#000$#004
Nov 30 17:18:20 10.3.129.28 #001
Nov 30 17:18:20 syslogServer rsyslogd: imtcp imtcp: Framing Error in received TCP message from peer: (hostname) 10.3.129.28, (ip) 10.3.129.28: delimiter is not SP but has ASCII value -124. [v8.2001.0]
Nov 30 17:18:20 syslogServer rsyslogd: imtcp imtcp: Framing Error in received TCP message from peer: (hostname) 10.3.129.28, (ip) 10.3.129.28: invalid octet count 0. [v8.2001.0]
Nov 30 17:18:25 10.3.129.28 #001#000#002#001#000#002#001d#001#001#000#013objectClass0#000#000#000
Nov 30 17:18:25 syslogServer rsyslogd: imtcp imtcp: Framing Error in received TCP message from peer: (hostname) 10.3.129.28, (ip) 10.3.129.28: delimiter is not SP but has ASCII value 12. [v8.2001.0]
Nov 30 17:18:25 syslogServer rsyslogd: imtcp imtcp: Framing Error in received TCP message from peer: (hostname) 10.3.129.28, (ip) 10.3.129.28: invalid octet count 0. [v8.2001.0]
Nov 30 17:18:30 10.3.129.28 #002#001#001`#007#002#001#002#004#000
Nov 30 17:18:30 OPTIONS sip: nm SIP/2.0#015
Nov 30 17:18:30 10.3.129.28 Via: SIP/2.0/TCP nm;branch=foo#015
Nov 30 17:18:30 10.3.129.28 From: <sip:nm@nm>;tag=root#015
Nov 30 17:18:30 10.3.129.28 To: <sip:nm2@nm2>#015
Nov 30 17:18:30 10.3.129.28 Call-ID: 50000#015
Nov 30 17:18:30 10.3.129.28 CSeq: 42 OPTIONS#015
Nov 30 17:18:30 10.3.129.28 Max-Forwards: 70#015
Nov 30 17:18:30 10.3.129.28 Content-Length: 0#015
Nov 30 17:18:30 10.3.129.28 Contact: <sip:nm@nm>#015
Nov 30 17:18:30 10.3.129.28 Accept: application/sdp#015
Nov 30 17:18:30 10.3.129.28 #015
Nov 30 17:18:42 10.3.129.28 TNMP#004#000#000#000TNME#000#000#004
Nov 30 17:18:47 10.3.129.28 #003#000#000#013#006#000#000#000#000
Nov 30 17:18:52 10.3.129.28 DmdT#000#000#000#027#000#000#000#001#000#000#000#000#021#021#000#001#023
Nov 30 17:18:57 10.3.129.28 : #000#000#000/#000#000#000#002#000#000@#002#017#000#001#000=#005#000#000#000#000#000#000#000#000#000#000#000#000/#000#000#000#000#000#000#000#000#000@#037#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000
Nov 30 17:19:02 10.3.129.28 JRMI#000#002K
Nov 30 17:19:07 10.3.129.28 #001#000#000#013#000#000#000MMS#024#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#022#000#000#000#001#000#003#000#013#000#004#000#034#000#003#000N#000S#000P#000l#000a#000y#000e#000r#000/#0009#000.#0000#000.#0000#000.#0002#0009#0008#0000#000;#000#000{#0000#0000#0000#0000#000A#000A#0000#0000#000-#0000#000A#0000#0000#000-#0000#0000#000a#0000#000-#000A#000A#0000#000A#000-#0000#0000#0000#0000#000A#0000#000A#000A#0000#000A#000A#0000#000}#000#000#000m_
Nov 30 17:19:12 10.3.129.28 #000Z#000#000#001#000#000#000#0016#001,#000#000#010#000#010#000#000#000#001#000#000:#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#0004#000#000#000#001#000#000#000#000#000#000#000#000(CONNECT_DATA=(COMMAND=version))
Nov 30 17:19:17 10.3.129.28 #022#001#0004#000#000#000#000#000#000#025#000#006#001#000#033#000#001#002#000#034#000#014#003#000(#000#004#010#000#001U#000#000#000MSSQLServer#000H#017#000
Nov 30 17:19:22 10.3.129.28 #000#003#000#001#000#000#000#000#000#000#000#002#000#000#000#000#017
Nov 30 17:19:27 10.3.129.28 GIOP#001#000#001#000$#000#000#000#000#000#000#000#001#000#000#000#001#000#000#000#006#000#000#000abcdef#000#000#004#000#000#000get#000#000#000#000
Nov 30 17:19:29 10.3.129.28 #026#003#000#000i#001#000#000e#003#003U#034random1random2random3random4#000#000#014#000/
Nov 30 17:19:36 10.3.129.28 #000#023#0009#000#004#000#001#000#0000#000#015#000,#000*#000#001#000#003#000#002#006#001#006#003#006#002#002#001#002#003#002#002#003#001#003#003#003#002#004#001#004#003#004#002#001#001#001#003#001#002#005#001#005#003#005#002
Nov 30 17:19:36 10.3.129.28 #026#003#000#000S#001#000#000O#003#000?G,`~#000{Ֆw<=o#020n#000#000(#000#026#000#023
Nov 30 17:19:43 10.3.129.28 #000f#000#005#000#004#000e#000d#000c#000b#000a#000`#000#025#000#022#000#011#000#024#000#021#000#010#000#006#000#003#001
Nov 30 17:19:44 10.3.129.28 #000#000(#0216#000#000#000#000#000#000#000#002#000#001#000#000#000#002#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000
^C
root@syslogServer:~#

Same probe against an SMB server triggered equally opaque messages in Apache acess, Appache error, and SMB logs:

Program output

dagmbp:Pen Test Project Scripts daveg$ sudo python3 nmapscanner-4.py
Host: 192.168.0.19
State: up
Protocol: tcp
Port: 21 State: open              (FTP)
Port: 22 State: open              (SSH)
Port: 80 State: open              (HTTP)
Port: 139 State: open            (Net BIOS)
Port: 445 State: open            (MS Active Directory)

What the target sees

Apache log

192.168.0.11 - - [06/Dec/2023:14:21:14 -0800] "GET / HTTP/1.0" 200 10977 "-" "-"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET /nmaplowercheck1701901281 HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "PROPFIND / HTTP/1.1" 405 526 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET / HTTP/1.1" 200 10977 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "POST /sdk HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET /.git/HEAD HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET /robots.txt HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "POST / HTTP/1.1" 200 10977 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "PROPFIND / HTTP/1.1" 405 526 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET / HTTP/1.0" 200 10977 "-" "-"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "JRIW / HTTP/1.1" 501 502 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET /favicon.ico HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET /HNAP1 HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "PROPFIND / HTTP/1.1" 405 526 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET /evox/about HTTP/1.1" 404 458 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "GET / HTTP/1.1" 200 10977 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:21 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:22 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:22 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:22 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:22 -0800] "OPTIONS / HTTP/1.1" 200 183 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
192.168.0.11 - - [06/Dec/2023:14:21:28 -0800] "GET / HTTP/1.0" 200 10977 "-" "-"
192.168.0.11 - - [06/Dec/2023:14:21:28 -0800] "GET / HTTP/1.1" 200 10958 "-" "-"

Apache Error Log

[Wed Dec 06 13:56:27.454053 2023] [core:error] [pid 1088:tid 1817134112] [client 192.168.0.11:51296] AH00135: Invalid method in request WUAL / HTTP/1.1
[Wed Dec 06 14:00:38.172589 2023] [core:error] [pid 1088:tid 1766777888] [client 192.168.0.11:51377] AH00135: Invalid method in request AGJU / HTTP/1.1
[Wed Dec 06 14:01:51.912579 2023] [core:error] [pid 1087:tid 1884275744] [client 192.168.0.11:51443] AH00135: Invalid method in request GZTE / HTTP/1.1
[Wed Dec 06 14:04:03.862494 2023] [core:error] [pid 1088:tid 1978659872] [client 192.168.0.11:51510] AH00135: Invalid method in request CKHJ / HTTP/1.1
[Wed Dec 06 14:17:53.784636 2023] [core:error] [pid 1088:tid 1800348704] [client 192.168.0.11:51642] AH00135: Invalid method in request BNEN / HTTP/1.1

SMB Log

[2023/12/06 13:56:25.951617, 0] ../source3/smbd/process.c:335(read_packet_remainder)
read_fd_with_timeout failed for client 192.168.0.11 read error = NT_STATUS_END_OF_FILE.
[2023/12/06 14:00:36.656086, 0] ../source3/smbd/process.c:335(read_packet_remainder)
read_fd_with_timeout failed for client 192.168.0.11 read error = NT_STATUS_END_OF_FILE.
[2023/12/06 14:01:50.383789, 0] ../source3/smbd/process.c:335(read_packet_remainder)
read_fd_with_timeout failed for client 192.168.0.11 read error = NT_STATUS_END_OF_FILE.
[2023/12/06 14:04:02.325967, 0] ../source3/smbd/process.c:335(read_packet_remainder)
read_fd_with_timeout failed for client 192.168.0.11 read error = NT_STATUS_END_OF_FILE.

NMAP Probe of a web site

Script

Probe Mission College and Google

dagmbp:Pen Test Project Scripts daveg$ python3 infoRecon.py missioncollege.edu

{'Content-Type': 'text/html; charset=UTF-8', 'Server': 'Microsoft-IIS/10.0', 'X-Powered-By': 'PHP/8.0.9', 'Date': 'Sun, 10 Dec 2023 16:52:02 GMT', 'Content-Length': '61738'}

Note this is a dictionary

Location: 37.3541,-121.9552
Region: California
City: Santa Clara
Country: US

dagmbp:Pen Test Project Scripts daveg$ python3 infoRecon.py google.com

{'Date': 'Sun, 10 Dec 2023 16:52:12 GMT', 'Expires': '-1', 'Cache-Control': 'private, max-age=0', 'Content-Type': 'text/html; charset=ISO-8859-1', 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri 'self';script-src 'nonce-PA_yz9Mg2Do8ZMeL6Z8Y2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp", 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."', 'Content-Encoding': 'gzip', 'Server': 'gws', 'X-XSS-Protection': '0', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': '1P_JAR=2023-12-10-16; expires=Tue, 09-Jan-2024 16:52:12 GMT; path=/; domain=.google.com; Secure, AEC=Ackid1RAO3l9_aSj3w7vzeGMreG1Vd1f5x1IjoMoDiNozKIKXXwLREZuCw; expires=Fri, 07-Jun-2024 16:52:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax, NID=511=Sp8o-EFWUWtvasEMVZaE70KJcfJBDOuLYW3aDqQ0Adu2tjIv3IC1hcTI2EzlMHg7Prk4UxgeR_LM2WzOg3XTKPpAeO2kBGiWqDczPDXFqt-Q0cWPZFL3BnEEuNvsiAnqu9EtZA7ndeW9L9QQ2G7amitatLw4LwPotymbENF2Rck; expires=Mon, 10-Jun-2024 16:52:12 GMT; path=/; domain=.google.com; HttpOnly', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'Transfer-Encoding': 'chunked'}

Location: 37.3394,-121.8950
Region: California
City: San Jose
Country: US

Dictionary Attack: De-crypt Linux user passwords

Hash (SHA 512) and salt entries in the dictionary, compare to hash and entry in /etc/shadow

Script

Excerpt of /etc/shadow file

root:$6$x54P4iz0n3rQ96UZ$aquALWXWVjSKGv.LywskDNgMDdcYRgSuh
AHPu77NS4iocQcSsBGMlw9fcgD/ppPEPwzEOYYvPggZajFy9gTHS1:19622:
0:99999:7:::
daemon:*:18165:0:99999:7:::
bin:*:18165:0:99999:7:::
systemd-resolve:*:18165:0:99999:7:::
_apt:*:18165:0:99999:7:::
pi:$6$AoT5QX6aUpU0Nbbg$CHGdtifUmMC8dKzEx.LAYD/xatggKLB.5bG8A
p.PzkmnLL90wTPuR9PvETBFN2FlXhV.jqZmg27jQ8IpQBh/B0:18165:
0:99999:7:::
messagebus:*:18165:0:99999:7:::

Run using Python 2. Could not get a script to work with Python 3, probably because of issues with UTF <-> Unicode.

“Gas Attack”

Using SSH login, Secure Copy, and a shell script invocation, in a Python script, plant a dozen sound files in a room full of iMacs. Trigger a script that will play the sound files at random intervals

Script to plant the files. Call SSH from Python script. Using ssh.connect and secure copy

Shell script on each target to play the sound files

Script to trigger play the files. Run from host.

import paramiko
import os
import threading

def task4():
    triggerTheFiles("10.15.44.174","student","student")
def task3():
    triggerTheFiles("10.15.45.200","student","student")
def task2():
    triggerTheFiles("10.15.44.141","user","temp")
def task1():
    triggerTheFiles("10.15.45.217","student","student")

# Create object of SSHClient and connect to SSH
def triggerTheFiles(ipAddress, userName, passWord):
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    ssh.load_host_keys(os.path.expanduser('~/.ssh/known_hosts'))
    ssh.connect(ipAddress, username=userName, password=passWord)
    print("ip, user, and pw are.....:", ipAddress, userName, passWord)
    ssh_stdin, ssh_stdout, \
    ssh_stderr = ssh.exec_command("chmod 755 playTheFiles.sh")
    ssh_stdin, ssh_stdout, \
    ssh_stderr = ssh.exec_command("nohup sh playTheFiles.sh &")
    exit_code = ssh_stdout.channel.recv_exit_status() # handles async exit error
    for line in ssh_stdout:
        print(line.strip())

thread1 = threading.Thread(target=task1)
thread2 = threading.Thread(target=task2)
thread3 = threading.Thread(target=task3)
thread4 = threading.Thread(target=task4)

thread1.start()
thread2.start()
thread3.start()
thread4.start()

thread1.join()
thread2.join()
thread3.join()
thread4.join()

Why the threads? Run asynchronously. If one fails the others run.

Play the sound files

Packet Trace

Python script

Packet Capture (pcap) file

pcap file formatted using Wireshark

Why use Python rather than Wireshark or TCP-Dump?

Form Update

Not a cyber attack. Had to do this for work. Learned a lot about using Dictionaries and using Python to create PDF documents and forms, and update PDF forms. It uses a Dictionary data structure

Form Update Script

print(" ")
print("# ------------------------------------------------------#")
print("# Read excel file with laptop ID and serial number.     #")
print("# Read a template PDF. Update the laptop ID and serial #")
print("# number on the template PDF and write it out as file   #")
print("#                                 -Dave G. October 2023 #")
print("# There is a read-me file for this script. It would be #")
print("# a good idea to read it before running this.           #")
print("#-------------------------------------------------------#")
print(" ")
import openpyxl
from pypdf import PdfReader, PdfWriter

inPutFile     = input("Please enter the Excel spreadsheet name....: ")
if inPutFile == '':
    inPutFile = 'NewLaptopInventory.xlsx'
    print("No file name furnished. Using default (NewLaptopInventory.xlsx)")
# Open the xlsx file with laptop ID and serial number
dataframe = openpyxl.load_workbook(inPutFile)

# Define variable to read sheet
dataframe1 = dataframe.active

# This is the template PDF used to make the updated forms
reader = PdfReader("inputFormTemplate.pdf")
writer = PdfWriter()
page = reader.pages[0]
fields = reader.get_fields()
writer.add_page(page)
fileCounter=0

# Iterate through rows and columns of the spreadsheet
for row in range(1, dataframe1.max_row):
    columnCounter=0
    for col in dataframe1.iter_cols(0,dataframe1.max_column-2):
        testData=(col[row].value)
        if columnCounter==0:
            laptopNumber=testData
        if columnCounter==1:
            serialNumber=testData
        columnCounter+=1

    outFileName=(laptopNumber+".pdf")
    # print(outFileName, laptopNumber, serialNumber) # diagnostic print

    writer.update_page_form_field_values(
        writer.pages[0], {"Text1": laptopNumber,
        "Asset\040SerialTag\040Row1": "\n"+serialNumber})

    # write "output"
    with open(outFileName, "wb") as output_stream:
        writer.write(output_stream)
        fileCounter+=1

print(" ")
print("# ------------------------------------------------------#")
print("# Process finished                                      #")
print("#", fileCounter, "PDF files were created                            #")
print("# Please inspect the PDFs and verify                    #")
print("# ------------------------------------------------------#")
print("\n\n")

Lessons Learned

About Python

Used what we learned in class about reading files, parsing delimited lists and strings, UTF<->Unicode conversion, dictionaries, multi-threading, sockets, hashing, and more:

Create PDF documents and forms using Python

ssh login, secure copy, and shell commands on a remote host from a python script
'random' isn't so random

Out of scope

Virtual Box
BASH shell scripting
Setting up Apache, SMB, and FTP servers
Network administration, Configuring local area networks with static IP clients
Security on a Mac
Linux, MacOS, and Windows

Python is a small part of a big picture in penetration testing

Sometimes Python is not the best solution.
Python NMAP library is feature rich. NMAP is better
Python packet capture is good. TCPDump and Wireshark are better

Python seems more suitable for cyber attacks that need scale, automation, and management