I have been writing python for quite a while about 2 years to be exact and mostly I am writing network related scripts or API calling scripts, but I have never used the python statement exec before, according to the help the exec is to execute the python statements. So supposed I need to print … Continue reading [security] File descriptor connecting to nix system and danger of using exec() in python
So I was doing hackthebox.eu and realize there the target used a vulnerable web application, the exploit was developed and can be downloaded from exploitdb, but it was not updated in msfconsole when I do a search openadmin I could only see an outdated exploit that was disclosed on the 2017. The ruby script that … Continue reading [security]Update new exploitdb script to metasploit
The lab uses metasploitable. This lab gives awareness of file upload vulnerability, there are three levels of security - low, medium and high, the objective is to try to upload a forward shell code then connect to it to gain the server access. Low security This is the php code of low security file upload: … Continue reading [security] File upload
I do not like to write a python cli that accepts argument as I am an advocate of using wizard style to guide user on how to configure things easily. But it seems the time has come for me to write a CLI script in python, and in order to provide usage guide and data … Continue reading [python]Argparser
There is a chance when you need to verify all params in the dictionary are present before submitting a post request to an API server. This is one of the solution which I am using: The use of all function evaluates an iterable and returns true if all elements are true.
I noticed I did not have enough testing on my code for getting directories under base project directory. This is part of the code snippet of my SSHClient subclass: The problem The method gets all things under the base directory that is files and directories, that is because I have sliced and diced too much … Continue reading [python] Improving get_project_dirs method of SSHClient subclass
Paramiko SSH client I wrote a sub class from paramiko in order add on functionality to assist myself to work with Ansible AWX 9.2.0 (dockerless version). The subclass works with my CentOS which hosts the Ansible AWX, the purpose is to use the SSHClient class to download and upload playbooks, check the existence of project … Continue reading [python]Paramiko’s SSHClient