.:Computer Defense:. » Python

MySQLdb in Cygwin

jgraver — Tue, 09 Jun 2009 04:26:02 +0000

I use Windows XP on all of my 4 primary machines (work, work, laptop & home). The only reason I like Windows XP is because it holds PuTTY windows so nicely and allows me to Alt-Tab between them. No Linux distro or Window Manager has ever really had the Alt-Tab experience that Windows XP provides.

The main problem with XP is that to do anything remotely useful with it you need a decent terminal/shell. I love rxvt/bash and the best rxvt you can find for Windows is via cygwin. Out of the box cygwin is an ugly brute - bash in cmd.exe != a real term.

Install rxvt via cygwin, then add some Consolas fonts (from Windows Vista) and edit your .Xdefaults to get a much nicer term.

Download a sadistic editor. Drop in a beautiful colour-scheme (brookstream). You now have a sweet shell and editor.

Install Python via cygwin and away you go.

Perfection?

I was attempting to connect to a remote MySQL DB when my sweet setup failed me.

Nothing in cygwin's repository could help -- there is basically no support in cygwin for MySQL (odd). There is tons of support for Python and Postgres, so this MySQL FAIL surprised me.

After an entire morning of Googleing it turns out the people at Cygwin Ports have solved this problem. For the sake of your sanity follow these simple steps to get Cygwin + Python + MySQL working.

Follow the steps above to create a sweet cygwin development environment.
Follow the overly convoluted steps to enable cygwin ports in your setup.exe
Install the following package "python-mysql" including the crucial dependancy "libmysqlclient-devel"
Test your setup

Rejoice?

This process has saved you the experience of python eggs, installing gcc, compiling anything from source and best of all it just works.

Enjoy!

- Graver

One last note - if you have ever found a slick PNG that you wanted as an ICO (for Windows XP) check out this online converter site!

TwCuP

Tyler Reguly — Mon, 19 Jan 2009 07:19:59 +0000

Those of you that follow me on twitter may have noticed that yesterday I was posting quite a bit more frequently and most of them contained the word 'test'. I was playing around with twyt and decided to build a curses-based Twitter GUI. I've never done any curses programming before, so this was my way of learning the functionality. I implemented command-line support in a style I found more to my liking (even though twyt already has this) and then started buliding the curses GUI. If I go very far with this, I may eventually rewrite the API to fit in with the rest of my code, but for now I'll use twyt on the backend.

The code is very basic, but already it can do a few things:

Display latest friends list updates.
Display recent replies.
Display recent sent and received DMs.
Update your status.
Send a DM.

Unfortunately the next update is most likely a week away, but when I get around to it, I plan on splitting the screen into multiple windows with your current status always displayed, along with a regularly updated friends list. Right now everything is jammed into a single window.

I do need to figure out how to get Twitter to display my client name (apparently I need to contact them for that) but so far, so good. Anyone wishing to take a look at my (very alpha) code, can check it out here.

For those of you wondering about the name... TwCuP kinda reminds me of 'hiccup', so I found it slightly amusing at ~4am when I was trying to come up with a name.

Eventually this will (hopefully) be a client that can be left idling in a screen session... that's my goal anyways.

Playing with Python – nmap XML port frequency

Tyler Reguly — Tue, 16 Dec 2008 08:27:10 +0000

Two Python libraries have caught my attention lately, the first is lxml and the second is matplotlib. Ideally I wanted to write something short, just to get a feel for the basics of them. The goal was figuring out what I could do quickly so that I could play around with arguments and output, yet still have an actual result. I also wanted a nicely formatted useful XML file to parse. I ended up going with nmap's XML output. I also decided that I would plot the frequency of ports in the file.

Is this useful... perhaps? I could see a sys admin wanting a count of specific open ports on the network or a pen tester wanting to know the most common ports on a target network.

The python script is extremely basic and is called via nmap_port_frequency.py . The result is an image similar to this:

The above image is the output from scanning three hosts.

Python 2.6 Released

Tyler Reguly — Thu, 02 Oct 2008 05:58:10 +0000

I haven't been blogging much lately (hopefully that will change shortly). However, I wanted to make sure I mentioned this. Python 2.6 has been released. What's new in Python 2.6 can be found here.

Python: Download Heroes Graphic Novels

Tyler Reguly — Wed, 23 May 2007 06:51:40 +0000

I'm a big Heroes fan... but something I didn't do was read the graphic novels available online... I'm not sure if reading them after the season is over will have the same affect but I guess I'll find out. Anyways NBC has 34 of these novels now and I decided I wanted to grab them all... Instead of using some wget-fu (since my wget-fu isn't so good) I decided to throw together a little python script to do the job. I'm adding the result here just in case anyone else wants all of these downloaded.

getHeroes.py

Webfuzz — A series of basically useless Python Scripts

Tyler Reguly — Sat, 09 Dec 2006 20:20:13 +0000

So a while ago I wrote a few small scripts and I based them all off the same imported script. They're nothing special but I figure maybe someone, somewhere has a use for them... So I've done up a small readme (which I've included with the files) and I've put them into a package for everyone to enjoy (or laugh at ). So grab them, play with them and let me know what you think

Webfuzz Scripts

Peace,
HT

From the Readme:
-------

headerfuzz.py: This script takes a host and a max string size
as it's two arguments. It then iterates through
various Methods and Headers... The data for each
header will grow until max string size is reached.

mimefuzz.py: This script takes two headers (Accept and
Content-Type) and iterates through them.
Various mime types are appended to these
fields. The only input for this script is
a host.

randheader.py: This script takes host, max string size, headers
per send, and max times to run as it's arguments.
Randon headers are paired together (to the
supplied max) and each is populated with a
string of characters (to max string size).

randmime.py: This script takes a host, a number of iterations,
and a max mimetype count. It loops through each
iteration, appending random mimetypes.

webfuzz.py: My original intent was that this could be used
to fingerprint devices which speak http. Certain
"allowed" values are populated for various
headers. This is iterated through.

PyPy

Tyler Reguly — Tue, 10 Oct 2006 16:16:13 +0000

Hey Hey,

I just came across this today and felt I should share it... PyPy allows the translation of python into other languages... Currently it supports C, .Net, LLVM and a mimimal setup of Javascript (to be worked on during the next Google Summer of Code).

I was able to download and grab pypy 0.9 using svn by running the command:

svn co http://codespeak.net/svn/pypy/release/0.9.x pypy-0.9.x

I used their example... it worked quite well I had a small functional .NET application that executed under mono but didn't work under .NET quite yet (Edit: This was due to user stupidity... I forgot to copy over the associated dll) ...

Check it out @ http://pypy.org/

Peace,
HT

Developing a Port Scanner in Python

Tyler Reguly — Thu, 28 Sep 2006 03:58:56 +0000

Another in my line of tutorial reposts.... I really need to finish up some stuff on this... it was just a small thing I played with... there are problems with it... but it will introduce the basics..
The original (with the code) can be found here

I will also attempt to add the code here in the next day or two.... (I've also got a couple smaller code releases planned)...

Due to errors with code formatting and my inability to get wordpress to display html without rendering it I'm going to attach the tutorial as a text file.

Download the Tutorial

Python Modules – Tar, Sys & String — Python Tutorial

Tyler Reguly — Thu, 21 Sep 2006 06:02:09 +0000

Yet another repost... I have nothing new to post at the moment... but all in due time.

Original (Remember even this one is over two years old... the others are three years.... I was still learning when I wrote these... but they're good for introducing the basics)
********************
Step-by-Step Process
********************
1. Open your favourite editor (Vi, Pico, Notepad, Wordpad, Textpad, DOS Edit).
2. Type (indentation lost -- email me if you need help)

code:
 """
Python Script to Deal with Tarballs Flags: c(ompress), d(compress), g(zip)
"""
import tarfile
import string
import sys
try : strFlags = sys.argv[1]
except :
strFlags = "-h"
decompress = "yes"
compress = "yes"
gzip = "yes"
if string.find(strFlags, "-") == 0 :
if string.find(strFlags, "h") != -1 :
print "Usage: %s -  " % sys.argv[0]
print "Flags: d[ecompress]n       c[ompress]n       g[zip]"
sys.exit(0)
try :
strArchive = sys.argv[2]
except :
print "Error Argument Missing"
sys.exit(0)
if string.find(strFlags, "d") == -1 :
decompress = "no"
if string.find(strFlags, "c") == -1 :
compress = "no"
if string.find(strFlags, "g") == -1 :
gzip = "no"
if compress == "yes" and decompress == "yes" :
print "ERROR - CANNOT DECOMPRESS AND COMPRESS"
sys.exit(0)
elif compress == "yes" and gzip == "no" :
try : strFile = sys.argv[3]
except :
print "Error Argument Missing"
sys.exit(0)
tarball = tarfile.open(strArchive, "w")
tarball.add(strFile)
tarball.close()
elif compress == "yes" and gzip == "yes" :
try : strFile = sys.argv[3]
except :
print "Error Argument Missing"
sys.exit(0)
tarball = tarfile.open(strArchive, "w:gz")
tarball.add(strFile)
tarball.close()
elif decompress == "yes" and gzip == "no" :
try:
tarball = tarfile.open(strArchive, "r")
except :
print "ERROR - FILE MISSING"
sys.exit(0)
for tarfile.tarinfo in tarball :
tarball.extract(tarfile.tarinfo)
tarball.close()
elif decompress == "yes" and gzip == "yes" :
try :
tarball = tarfile.open(strArchive, "r:gz")
except :
print "Error - File Missing"
sys.exit(0)
for tarfile.tarinfo in tarball :
tarball.extract(tarfile.tarinfo)
tarball.close()
else :
print "ERROR NO FLAGS GIVEN"
sys.exit(0)

3. Save the script as tar.py
4. Open a command prompt and type python tar.py -h
5. Now for the walk through.

We start off with a comment which is signified by 3 quotation marks

code:
 """

This is also how a comment is ended.
Following this we import the 3 modules we are going to use (tarfile, sys and string). We do so using the import statement. In previous tutorials we used import * from . This was done so that we wouldn't have to reference the module. However I now feel that you can keep up and reference the correct module, this is a more proper way of programming.

I have used a fair amount of error checking in this, so I will cover all those lines right no. While the error checking and the cod are by no means complete, I decided to cover some of it. I mentioned error checking in Introduction to Python #3 if you need to go back and look at it. Basically what it does is it tries to execute the code following try : and if it is successful it carries on with the rest of the program, however if the code fails (if the argument isn't present for example) then it runs the except : code, which prints and error and then uses sys.exit(0) to tell the program to exit cleanly.

Next I set a few variables equal to yes. I suppose I could have used 1/0 but yes/no worked easier for simplicity I wanted. Basically these three variables will store the values of our flags (on or off)

Now we'll check to see if we have a - to signify our flags. The code is slightly redundant here, it has already checked for the present argument and if it didn't exist it set it to -h (the first try and except). This is just making sure the - exists to be picky, if it doesn't the program will exit.
If the flag is set to -h (help) which as you can see makes use of %s to allow us to include the value of a variable in our string, as well as \n which represents a new line (for more info on either of these see Introduction to Python #2 and Introduction to Python #3.
The string.find(strFlags, -) command, simply checks to where the hyphen exists in the strFlags variable. If the - didn't exist a -1 would be returned, since it is in the first position the index of 0 is returned.
Next comes a collection of if statements (I explored if statements in the original Python Introduction

We are now into our tarfile module code. This is what we really want to explore. I have used three options since they will be most recognized, tar, untar, and gzip. The first thing we do every time is open the file we want to work with (this could be creation or an already existing file). We open a file by creating a variable to "store the file" (sorry, I'm a networking guy, not a programmer.. I'm not up on all the lingo).We use the tarfile.open to reference the file.. The first value passed to tarfile.open is the name of the archive we wish to open/create (in this case stored as strArchive), The second value is the mode (r[ead] or w[rite]). If we are dealing with gzip compression we add :gz to tell the module about the compression.
If we are compressing the file, it is rather simple we just access the file by referencing it's variable (tarball) and use the add function, which we pass the name of the file we are compressing, We then close our file stream (Hey I remember the word.. I think.. but i'm not changing it in case I'm wrong) and we close it by referencing the variable/stream (tarball) with the .close function.
If we are decompressing the file, we must decompress once for each file in the tar. We use a For statement (addressed in a previous tutorial i believe), if not it simple says for each file name in this file. We access the module fuction tarfile.tarinfo to find the names of the files in the archive. Then we use that name to extract it using the extract function on the filestream. Passing it the tarinfo function which stores the name of the current file in the archive.
We then close the filestream in the same way we did while compressing a file.

The only thing I didn't touch on was arguments. For you C/C++ programs, this should seem fairly familiar (at least based on my basic knowledge of those languages). sys.argv is an array that stores all the arguments. The first argument would be sys.argv[0], which would be the name of the script being executed, sys.argv[1] would be the name of the first argument following the script name. There is however no sys.argc function, to get the equivalent of argc in C/C++ you would have to use len(sys.argv).

Peace,
HT

Simplistic SMTP “HoneyPot” – Python Tutorial

Tyler Reguly — Wed, 20 Sep 2006 05:57:34 +0000

Here's another tutorial repost

Original
***********************
Step-by-Step Process
***********************
1. Open your favourite editor(Vi, Pico, Notepad, Wordpad, Textpad, DOS Edit).
2. Type

code:
 # Demonstrates various methods of importing modules.

from socket import *
import string
import time
# create a socket of the basic type.
s = socket(AF_INET, SOCK_STREAM)
# define our banner.
senddata1 = "220 desktop Microsoft ESMTP MAIL Service, Version 6.0.2600.1106 ready at" + time.strftime("%a, %d %b %Y %H:%M:%S %Z")
# Query the user for their IP Address and set that and the port
HOST = raw_input("Enter IP Address to bind socket to: ")
PORT = 25 s.bind((HOST, PORT))
# Bind the socket to an IP Address and Port
s.listen(1)
# Have the socket listen for a connection
(incomingsocket, address) = s.accept()
# Accept an incoming connection
incomingsocket.send(senddata1)
# Send our banner
straddress = str(address)
# Convert incoming address to a string
testlist = string.split(straddress, ",")
# Split the tuple into lists
gethost = string.split(testlist[0], "'")
# Split the host portion of the list
getaddr = string.split(testlist[1], ")")
# Split the port portion of the list
host = gethost[1]
# Remove just the address from the list
incomingport = int(getaddr[0])
# Remove just the port from the list
# define our Warning
senddata2 = "Illegal Access of this server, your IP [" + host +"] has been logged."
# Print connection information to the stdout
print "Connection attempt on port", PORT, "from", host, ":", incomingport
# Listen for incoming data
data = incomingsocket.recv(1024)
# Send the Warning
incomingsocket.send(senddata2)
# Close the socket incomingsocket.close

3. Save the script as honeypot.py
4. Open the command prompt and type python honeypot.py (If you get an error, you may already have port 25 in use, simply edit the file to change the port number.)
5. You will be prompted with Enter IP Address to bind socket to: Enter the IP address you wish to have the honey pot listen on. This could be 127.0.0.1 if you simply with to test it, or your outgoing IP if you wish to actually listen for connection attempts.You will now notice nothing, however you can telnet or nc to the IP you entered on port 25. Your connection will display the defined banner 220 desktop Microsoft ESMTP MAIL Service, Version 6.0.2600.1106 ready at followed by the current time (the %

This is only a single connect server and very basic, no complex commands. As time goes on I will post another tutorial on this same honey pot, only expanded to actually convince the user they are connected to the mail server.

The new commands in this tutorial include various socket commands, the time.strftime command and a few string commands.

time.strftime("format") - This command returns a string containing the time and date in the specified format.
str(non-string) - Converts a non-string to a string (there are also int() and tuple() commands).
string.split(string, delimitor) - Splits a string into a list at every delimitor. The list is then referenced by listname[list object number] (numbering begins at 0).

This script contains similar starting socket commands as my first Python Tutorial, however it includes a few extras. After accepting the connection, this script sends the banner using the incomingsocket.send command. This takes the variable we defined on the s.accept (socket accept command) and tells the computer to send data back to it. It then lists for data (incomingsocket.recv) with a maximum buffer size of 1024. Upon recieving this data it again transmits data to the connecting PC and closes the connect with incomingsocket.close.

Source: http://www.python.org/doc/lib/module-time.html
time.strftime format flags

%a Locale's abbreviated weekday name.
%A Locale's full weekday name.
%b Locale's abbreviated month name.
%B Locale's full month name.
%c Locale's appropriate date and time representation.
%d Day of the month as a decimal number [01,31].
%H Hour (24-hour clock) as a decimal number [00,23].
%I Hour (12-hour clock) as a decimal number [01,12].
%j Day of the year as a decimal number [001,366].
%m Month as a decimal number [01,12].
%M Minute as a decimal number [00,59].
%p Locale's equivalent of either AM or PM.
%S Second as a decimal number [00,61].
%U Week number of the year (Sunday as the first day of the week) as a decimal number [00,53]. All days in a new year preceding the first Sunday are considered to be in week 0.
%w Weekday as a decimal number [0(Sunday),6].
%W Week number of the year (Monday as the first day of the week) as a decimal number [00,53]. All days in a new year preceding the first Monday are considered to be in week 0.
%x Locale's appropriate date representation.
%X Locale's appropriate time representation.
%y Year without century as a decimal number [00,99].
%Y Year with century as a decimal number.
%Z Time zone name (no characters if no time zone exists).
%% A literal "%" character.

Peace,
HT