Proj 5: HTTP Scanning with Python (15 pts. + 35 extra credit)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Purpose

Learn Python HTTP Methods.

Using HEAD to Grab HTTP Banners

In Kali Linux, in a Terminal window, execute this command:
nano http1.py
In nano, enter the code shown below:

Save the file with Ctrl+X, Y, Enter.

Explanation

This code connects on TCP port 80 just like the scanner you made in a previous project, but once it connects, it sends an HTTP request like this:
HEAD / HTTP/1.1
Host: www.ccsf.edu


The HEAD method grabs only the banner, without getting any pages from the server.

Running the Grabber

In a Terminal window, execute this command:
python http1.py
Enter a target host of www.ccsf.edu.

You should see the banner, as shown below:

Grabbing the Attack Server Banner

Use your program to grab the banner from attack.samsclass.info. It should show a banner like that shown below:

Capturing a Screen Image

Make sure the Server: string is visible, as grayed out in the image above.

Click on the host system's taskbar, at the bottom of the screen.

Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.

Save the image as "Proj 5a from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Simple POST Login

This is a simple login form. Test it with any username and password you like.

Username:      

Password:      

Now run Wireshark, and start it sniffing traffic. At the top left of the Wireshark window, in the Filter box, type http and press Enter.

Try to log in with a username of a and a password of b

In Wireshark, stop the capture.

Find the packet in Wireshark with an "Info" column of "POST /python/login1.php HTTP/1.1", as shown below:

Right-click the "POST /python/login1.php HTTP/1.1" line and click "Follow TCP Stream".

The POST request appears, as shown below. Notice the portions outlined in red--they are the essential lines in the request.

Making a Python Login Script

In Kali Linux, in a Terminal window, execute this command:
nano http2.py
In nano, enter the code shown below:

Save the file with Ctrl+X, Y, Enter.

Explanation

This code sends an HTTP POST request like this:
POST /python/login1.php HTTP/1.1
Host: attack.samsclass.info
Content-Type: Application/x-www-form-urlencoded
u=a&p=b

Running the Login Script

In a Terminal window, execute this command:
python http2.py
Enter a Username of a and a Password of b

You should see the message "Credentials rejected!", as shown below:

Now run the login script again, with the correct username of root and a password of password

You should see the message "Successful login!", as shown below:

Capturing a Screen Image

Make sure the "Successful login!" message is visible, as shown above.

Save a whole-desktop image as "Proj 5b from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Python Loops: String Values

In Kali Linux, in a Terminal window, execute this command:
nano loop1.py
In nano, enter the code shown below. Do NOT omit the indentation--in Python, indentation is required to indicate what code is inside a loop:

Save the file with Ctrl+X, Y, Enter.

Execute this command to run the script:

python loop1.py
As you can see below, the code loops through all the listed fruits.

Python Loops: Numerical Values

In Kali Linux, in a Terminal window, execute this command:
nano loop2.py
In nano, enter the code shown below. Do NOT omit the indentation--in Python, indentation is required to indicate what code is inside a loop:

Save the file with Ctrl+X, Y, Enter.

Execute this command to run the script:

python loop2.py
As you can see, the code loops through all the numbers to the one before the last one, that is, one through four:

Challenge 1: Brute Forcing a Login Form (15 pts. extra credit)

Write a script in Python to try all possible credentials and get into the form below.

The user name is one of these:

The PIN is a two-digit number, like this:

Username:      

PIN:      

Write a script that finds the correct credentials and logs in.

Don't forget to start by capturing a login with Wireshark, to see the correct format of the HTTP request!

When you find it, save an image showing the correct user name and PIN, and also the secret word the server sends, as shown below:

Save a whole-desktop image as "Proj 5c from YOUR NAME".

Challenge 2: Four Accounts (20 pts. extra credit)

Break into each of the four accounts below. Save an image of the successful login screen for each one.

Save the whole-desktop images as "Proj 5d", "Proj 5e", "Proj 5f", and "Proj 5g".

Username:            PIN:    

Credits

CEO: Sarah Bellum
Staff: Pete Moss, Sandy Beach
(Stolen from A Prairie Home Companion)

Hint

Turning in Your Project

Send the images to cnit.124@gmail.com with a subject of "Proj 5 from YOUR NAME".

Sources

Python Network Programming
17.2. socket -- Low-level networking interface
How can I make a time delay in Python?


Last revised: 7-27-15