Skip to content

Welcome to Hack-Labs, your go-to resource for hands-on cybersecurity projects.

Notifications You must be signed in to change notification settings

afridevelopers/Hack-Labs

Repository files navigation

HackLab

A set of network tools for your hacking delight.

Often when you're connected to a server, you don't necessarily have the right tools at hand. Experienced system administrators often removes packages like netcat - and you can forget all about Wireshark. Luckily we often find the Python package to be installed on such servers, though, and that's where these tools come in handy - a replacement for typical needed network tools.

Table of Content



Host Scanner

Scan a network for hosts.

First you'd have to figure the local IP of the device you're connected to - something like ip addr for Linux, or ip config for Windows. Then edit the script (line 11 & 12) with that IP (host) and define what subnet to search (subnet) - ex, .0/24 for the whole subnet.

Run it with root privileges;

$ sudo python3 hostScanner.py

After just a few seconds you'll begin to get devices that responded to a UDP broadcast.

Host Found: 100.103.175.246
Host Found: 100.103.175.253
Host Found: 100.103.175.243
Host Found: 100.103.175.249



Netcap Replacement

Netcat (NC) is a popular network tool, which in some cases might be completly removed from remote servers. In that case might come in handy to have some simple NC functionality, such as pushing files, executing commands or initializing a shell.

Run it with -h to get a full set of option and examples;

Netcat Replacement Tool

Use with: netcatRepl.py -t target_host -p target_port
-l --listen listen on [host]:[port] for incomming connections
-e --execute=file_to_run to execute a given file on receiving a connection
-c --command initialize a command shell
-u --upload=destination to upload a file on receiving a connection


Examples: 
netcatRepl.py -t 192.168.0.1 -p 5555 -l -c
netcatRepl.py -t 192.168.0.1 -p 5555 -l -u=c:\target.exe
netcatRepl.py -t 192.168.0.1 -p 5555 -l -e="cat /etc/passwd"
echo 'Hello World' | ./netcatRepl.py -t 192.168.0.1 -p 5555

You can test it locally by first firing up a listener;

$ ./netcatRepl.py -l -p 9999 -c

The -c will initialize a command shell for the client machine. Then fire up a second replacement tool, without the listener;

$ ./netcatRepl.py -t localhost -p 9999

On your client, hit CTRL-D to interact with the "server" which initializes the command shell;

netcatRepl:#  ls ~
Desktop
Documents
Downloads
Dropbox
Music
Pictures
Projects
Public
Templates
Videos
bin
dotfiles
makepkg



SSH Command

Fire off a quick command against a SSH host, that you already have the right credentials.

This requires you to have the Paramiko package installed - do so with your package-manager (preferred) or with pip ex.

$ sudo pacman -S python3-paramiko

First define your SSH Host, Credentials and Command at the last line in this script. My test server is called serv and I'll be running the command id - Change the IP accordingly;

sshCommand('192.168.0.1','serv','PASSWORD','id');

Then run it through your glorious system;

$ ./sshCommand.py 
uid=1000(serv) gid=1000(serv) groups=1000(serv),10(wheel)



SSH Reverse

Windows doesn't come with SSH out the box, but we'd often like out communication encryption anyways. We can do this by reversing the communication, such as we'll be sending commands from our SSH server to a simple SSH client we set up on the Windows machine.

We'll be using sshServer.py and sshReverseCmd.py for this magic.

This requires you to have the Paramiko package installed - do so with your package-manager (preferred) or with pip ex.

$ sudo pacman -S python3-paramiko

Note that you'll have to pass along a SSH-Key in the server file. You could use this Paramiko test key if you feel lazy.

There's no example for this one (didn't want to be bothered firing up a Windows machine), but the idea is that you fire up a cmd window (on your Windows system), run the server file and point it to your own SSH server - Change the IP and Port accordingly;

$ sshServer.py 192.168.0.1 22

Now edit the sshReverseCmd.py (last line) with the Credentials for your own SSH server, and run it - This will be acting as our client;

$ sshReverseCmd.py



TCP Client and Server

A simple example of a TCP client/server communication. This could'nt be more fitting, since we've have just been working with socket programming in my CS class.

Define the IP and Port in the tcpServer.py on line 5 & 6 - By default it will bind to all devices (0.0.0.0) and listen on port 9999.

Now, edit the tcpClient.py on line 4 & 5 to target the listening server and port. Also edit your request on line 12. This can be done in a test our test-environment;

Now fire up the server and your client (make the request);

$ ./tcpServer.py 
[*] Listening on 0.0.0.0:9999
Connection accepted from: 127.0.0.1:49854
[*] Received: Hello World
$ ./tcpClient.py
ACK!

The server only responds with ACK!, but you can easily expand this simple concept with your own returns.



TCP Proxy

Read trafic data to get a better understanding of the applications using the protocol with the tcpProxy.py. A nice little test would be to point it at a ftp server. We'll test it on our localhost along with a FTP server that makes sense to you - Port 21 is priviledges, so run it with sudo;

$ sudo ./tcpProxy.py localhost 21 ftp.SERVER.com 21 True
[*] Listening on localhost:21

Now fire up your FTP application and point it to localhost at port 21 and connect.

[==>] Received connection from 127.0.0.1:53230
0000 32 32 30 20 57 65 6C 63 6F 6D 65 20 74 6F 20 6C  220 Welcome to l
0010 69 6E 75 78 31 34 2E 75 6E 6F 65 75 72 6F 2E 63  inux14.unoeuro.c
0020 6F 6D 2E 20 54 4C 53 20 69 73 20 73 75 70 70 6F  om. TLS is suppo
0030 72 74 65 64 2E 0D 0A                             rted...
[<==] Sending 55 bytes to localhost.
[==>] Received 10 bytes from localhost.
0000 41 55 54 48 20 54 4C 53 0D 0A                    AUTH TLS..
[==>] Sent to remote.
[<==] Received 25 bytes from remote.
0000 32 33 34 20 41 55 54 48 20 54 4C 53 20 73 75 63  234 AUTH TLS suc
0010 63 65 73 73 66 75 6C 0D 0A                       cessful..
[<==] Sent to localhost.
[*] No more data. Closing connection.



UDP Client

Just as our TCP client, the UDP client isn't much different. Define a target IP and Port at line 4 & 5. The UDP client will fire off a message defined at line 9 and wait for the reponse.

Contributor Guide

flowchart LR
    style Star fill:#444444,stroke:#000000,stroke-width:2px,stroke-dasharray:5,5,font-weight:bold
    style Fork fill:#444444,stroke:#000000,stroke-width:2px,font-weight:bold
    style branch fill:#444444,stroke:#000000,stroke-width:2px,font-weight:bold
    style Edit fill:#444444,stroke:#000000,stroke-width:2px,font-weight:bold
    style commit fill:#444444,stroke:#000000,stroke-width:2px,font-weight:bold
    style creatpr fill:#444444,stroke:#000000,stroke-width:2px,font-weight:bold
    Star["★ Star the Repository"]-->Fork
    Fork[Fork the project]-->branch[Create a New Branch]
    branch-->Edit[Edit file]
    Edit-->commit[Commit the changes]
    commit -->|Finally|creatpr((Create a Pull Request))
    
Loading

Disclaimer

Please note that the projects in HackLab are intended for ethical purposes only. Ensure that you adhere to ethical guidelines, applicable laws, and obtain proper permissions before applying any techniques or tools demonstrated in the projects. The creator of HackLab is not responsible for any misuse or illegal activities conducted using the information or code provided.