High-level dynamic language developed by Guido van Rossum, particularly popular for server-side web programming and scripting.
1
vote
1answer
53 views
buffer overflow in python script
I am developing a script to perform an a buffer overflow for an assignment in school. However, I am stuck at a point where my payload works injected through the commandline, but not injected through ...
0
votes
1answer
42 views
File encryption for a storage API
I'm implementing a Dropbox-like API, and one of my requirements is to have the files stored encrypted on the server. It is not required that the files are made unreadable by the server, only that they ...
0
votes
0answers
31 views
MITM Attacks with Web GUI
I'm thinking of writing an application that communicates sensitive information (using Python, if that's relevant). Instead of using the standard GUI libraries (like GTK, Qt or wxWidgets), I was ...
0
votes
1answer
25 views
veil framework, reverse https and tcp payload differences
i'm using veil framework to bypass av, when i want to choose a payload there are many choices, there is rev_https_contained , python/meterpreter/rev_https and c/meterpreter/rev_tcp
my question is ...
3
votes
1answer
37 views
Protecting <a href='{{ my_model.some_url }}'> in Django
In my Django template, I have a link like this:
<a href='{{ my_model.some_url }}'>
The some_url bit is a Django URLField that a user can influence.
Can this be exploited in any way? (What ...
1
vote
2answers
105 views
Python exploit question?
Can someone please explain how and why this struct.pack code is used in the below exploit? I'm trying to understand how it triggers the vulnerability. I understand the buffer overflow aspect, I'm ...
0
votes
0answers
45 views
How secure is a Python Pyro daemon for storing a password?
I am using the Pyro package to create a daemon which will, upon startup, prompt for a password, and then the daemon will store that password as long as it is running. Other scripts will then make a ...
0
votes
0answers
34 views
Scapy capturing Dot11 headers windows
Is it at all possible to capture Dot11 headers under Scapy in Windows? I'm thinking Winpcap, but I'm not sure how I'm supposed to do that. Any clues?
0
votes
1answer
51 views
Using buffer overflow on word with macro injection
I know how a buffer overflow works on a local network against an application running on a TCP port, assuming it doesn't drop the connection, but I would like some advice on an "exploit" I would like ...
0
votes
1answer
234 views
I got a python script decrypted out of a pcap from a botnet [closed]
I got a python script decrypted out of a pcap file it's communication from a botnet (proberbly the c&c) but when i start the script i ain't getting login or passwords.
What does this script do?
...
2
votes
1answer
119 views
After having confirmed a computer is infected by a Botnet.
And having found a server IP that is controlling it. How can I find out the log-in credentials this client uses to log in to a IRC channel / server webpage / control panel. I have found out a python ...
0
votes
1answer
173 views
Learning to script tools in Python and general Pen Testing
I want to learn Pen Testing and already know Java and have been learning Python and am fairly comfortable with Python syntax. I also have some knowledge on Linux and TCP/IP.
My questions are:
How can ...
0
votes
1answer
2k views
Create netcat listener and execute reverse shell in the same script
I'm coding an exploit in python that exploits a command injection vulnerability for a CTF and I'm wondering how could I start a netcat listener and then send the payload to the remote host and once ...
3
votes
1answer
854 views
Hiding backdoors in Open Source code in other languages than C and C++?
I am referring to The Underhanded C Contest and Hiding Backdoors in plain sight. They demonstrate, that you can with some cleverness, write Open Source code, publish the code and hide a backdoor in ...
3
votes
1answer
340 views
How to implement client side encryption for CalDav & CardDav content?
I'm looking for a client-side encryption implementation that would be able to secure CardDav & CalDav data so that they couldn't be compromised even by the hosting provider.
Server side: PHP or ...
0
votes
1answer
75 views
Is there any reason to allow Python fetches of my Web server's pages?
I keep seeing "python-requests/1.1.0 CPython/2.7.4 Linux/3.8.0-19-generic" requests e.g. from Amazon's servers of my website.
It's kind of creepy.
Who would set up an Amazon server to scan websites? ...
3
votes
1answer
361 views
SQLMap: How to test JavaScript generated field names?
I have a pretty simple HTML page that submits a username and password to the server via POST method:
<doctype html>
<head>
<title>SQLMap dynamic parameters</title>
...
0
votes
2answers
2k views
Tor via Python - can the real IP address leak?
I was thinking about how safe it really is to use Tor as a "local proxy" to grab information from webpages anonymously. Is it possible that the real IP address can be seen?
On the official Tor ...
-1
votes
3answers
185 views
How could i totally secure a connection between two nodes?
I've posted this question on stack overflow a bit earlier and lazy functor redirected me here. Thank you !
I'm building an authentication server in python and was wondering about how i could secure ...
13
votes
2answers
1k views
Does bcrypt have a maximum password length?
I was messing around with bcrypt today and noticed something:
hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt)
Output: ...
-2
votes
1answer
348 views
What are some good user login/authentication libraries or protocols to use with Python on Google App Engine? [closed]
I've read elsewhere (http://forums.udacity.com/questions/6028436/bcrypt-not-suitable-for-pythongae) that bcrypt is not suitable for use on Google App Engine. What are some good ways to create a user ...
2
votes
1answer
416 views
Study roadmap to write a crypter / backdoor
Recently I came across a site called SecurityTube.net, which has a ton of amazing security stuff. I'm following their Python Scripting Expert videos which are totally worth it. I also came across the ...
-2
votes
1answer
103 views
w3af plugin development example [closed]
I'm new to w3af, and I would like to build my own plugin. I have searched on w3af web and googled it for some examples but no luck...
Can anyone give me an example how to start building plugins or ...
2
votes
2answers
279 views
Can clients execute my python CGI at will?
I have a site where the main database is interacted with via python scripts located in public_html\cgi-bin\. To run commands, various JavaScript scripts, located in \public_html\scripts\, use jQuery ...
6
votes
1answer
272 views
Reconstructing bittorrent data from PCAP
I am doing a CTF flag for my school project with a PCAP flag based on this CTF write-up: eindbazen.net - Plaid CTF 2012 - Torrent
I setup a local torrent file containing an .mp3 (the audio is my ...
1
vote
1answer
248 views
Custom Python Server - how to secure it?
I'm going to purchase my own dedicated server service soon and run few python server scripts on it.
Firstly, let me tell you that I am total noob when it comes to internet security and was unable to ...
3
votes
3answers
317 views
Proper Linux user authentication through PAM aware applications
Currently I'm building an authentication system using Linux PAM for a python daemon process. It will need to authenticate remote users from a variety of front-ends against the local user list. ...
0
votes
1answer
405 views
How to conduct a disguised LSA attack against OSPF?
I want to do disguised LSA attacks on OSPF network and be able to more analyze, so I do not know how it works in practice. This is a penetration test.
The attack is described in the address [+]. I ...
-4
votes
1answer
348 views
Secure Web application Password vault/manager [duplicate]
I would like to build an open source online password vault which allows users to securely store their passwords, like Keepass or roboform, but where a user can access their passwords through a ...
2
votes
1answer
344 views
Maltego transform samples
I'm playing around with Maltego for target recon and investigation, and have started writing my own transforms in Python. Unfortunately, the current developer documentation is a little light on ...
