Friday 22 October 2010

Offensive security Pentesting with backtrack

I'm currently doing the Offensive security online training "Pentesting with Backtrack"

I chose this for my first course for certification due to the good things I had heard and that is a much more practical course than theory. It does, of course give a lot of theory along the way, but it teaches you how to really do them in a real life situation.
I'm currently nearly a week in and really enjoying the course (even though it has involved a few late nights as it is coinciding with a project at university. The thing I am liking most about the course so far is that it really encourages you to try extra things by making them count for something at the end.
I've learnt a lot more python already in just a week and I feel I will be using it to automate things a lot more often in the future.

I particularly liked this script I just created which scans a subnet for smtp servers (port 25 only),
but even this could easily be adapted for other things, and a more generic version could be accomplished just by using another argument that accepts a port number.

But here is the code for '' -

#!/usr/bin/python2.5 -tt

import socket, sys

if len(sys.argv) != 2:
  print "Usage    :", sys.argv[0], " "
  print "example  :", sys.argv[0], " 192.168.13."

subnet = sys.argv[1]
if not subnet.endswith('.'):
for i in range(254):
  ip = i + 1
  ip = subnet+str(ip)
    #create a socket
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    #set timeout in seconds
    #connect to a server
    connect = sock.connect((ip, 25))
    #close socket
  #if error occurs
  except socket.error:
  #carry on to the next IP
  #print the IP if you didn't catch an error
  #as this means that it connected i.e. smtp server running on machine
    print ip

and if you want to learn more about python in general (as I will be using it in my university project, I thought it would be handy to learn anyway), I've found for starters, a good source is the Google's Python class videos by Nick Parlante, which can be found here:

No comments:

Post a Comment