To check all devices connected to our network, there are 2 ways which are to use nmap and / or netdiscover command. Remember I have no idea what I am looking for all I know is that I was asked to conduct penetration test and assuming I already have gained entry to the network which I just did in part 1, all I have to do is to wait for every employee go home so that only the server will be up and running so basically, if I scan the network, only the server and my pc will be connected and the way to find this device is to use nmap and netdiscover and I will compare the results of these command lines.
Thursday, July 7, 2022
Download Router System Logs using Selenium to Check Intrusions
I have noticed lately that several hacking attempts is being logged by my Globe Home Prepaid Wifi Router. I need to check this every once in a while and thinking that I must record the logs at least once a day and save it to a CSV file for discovering any network intrusions or perhaps discover patterns on the behavior of the attacker.
I prepared a very short python program to automate the downloading process and since I am using windows, I will have to create a scheduled task. If you want to run for yourself, you will need to download the chrodedriver.exe and save it to the directory where the python file is located.
The code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | from selenium import webdriver from selenium.webdriver.support.ui import WebDriverWait from selenium.webdriver.common.by import By from selenium.webdriver.support import expected_conditions as EC import pandas as pd driver = webdriver.Chrome("chromedriver") driver.get("http://192.168.254.254/html/overview.html") driver.find_element(by=By.ID, value="logout_span").click() # find username/email field and send the username itself to the input field driver.find_element(by=By.ID, value="username").send_keys('user') # find password input field and insert password as well driver.find_element(by=By.ID, value="password").send_keys('########') # click login button driver.find_element(by=By.ID, value="pop_login").click() #driver.find_element(By.LINK_TEXT,'Advance').click() WebDriverWait(driver, 20).until(EC.element_to_be_clickable((By.LINK_TEXT,'Advance'))).click() #driver.find_element(By.LINK_TEXT,'Advance').click() WebDriverWait(driver, 20).until(EC.element_to_be_clickable((By.LINK_TEXT,'System Logs'))).click() tbl = driver.find_element(by=By.ID, value="show_log_table").get_attribute('outerHTML') df = pd.read_html(tbl) print(df) |
Wednesday, July 6, 2022
Python Machine Learning Threat Hunting with Wireshark
Wireshark is an app that captures live network traffic. All activities in a pc that is connected to a network has to send and receive data over the network. Viruses nowadays often originates from websites. but wireshark does not only scans network traffic, it can also check USB traffic. To understand the network traffic, a solid understanding of the OSI model is a must.
As a beginning, malwares are often get downloaded using the HTTP protocol, So to analyze the packets inside it, it should be downloaded from wireshark and upload this file at Virustotal.com for further analysis.
This project will be a python program to gather network packets and save it to a pcap file and submit this file to virustotal.com using their api for virus detection, this will be our raw data to discover patterns using keras/tensorflow(this still on R&D stage so I am still not sure what will be the type of machine learning problem it will be).
Capturing Network Packets
I used TSHARK(an application that gets installed when Wireshark is installed) to capture network packets from the command line, and for example, I need to capture packets in 10 seconds over the wifi network and save the captured packets to file, I would use the following python code:
import os
os.system('cmd /c "tshark -i 3 -w packet_log.pcap -a duration:10"')
....(to be continued)
Tuesday, July 5, 2022
Mr Robot 1 from Vulhub
Mr Robot 1 is a virtual machine which can be downloaded from Vulhub. This virtual machine has linux installed on it and intentionally with unknown username and password. It is intentional because cybersecurity practitioners use this to practice their skills by guessing the username and passwords using the industry's best practices.
To start with the process, I used Kali Linux on Virtualbox because Kali Linux already has all the tools that a cyber security practitioner needs. The next step is to make my Kali Linux and Mr Robot 1 connect on the same network. In VirtualBox, there is a Network Settings for each installed Virtual Machine(VM). I made the setting on both VM(Kali and Mr Robot) the same(see figure 1).
Monday, June 20, 2022
Titanic Dataset: Predict who survived and who died in the disaster
The Titanic Dataset found in kaggle is a good way to use my python program I posted earlier which you can read it here. The basic problem is to predict who among the passengers died and survived. And surpringly I got 100% accuracy.
The dataset link: Titanic Kaggle Dataset
The output:
The code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 | import numpy as np import pandas as pd from sklearn.metrics import accuracy_score from sklearn.metrics import ConfusionMatrixDisplay, classification_report, confusion_matrix from matplotlib import style style.use('classic') df = pd.read_csv('tested.csv') df['Sex'] = df['Sex'].apply(lambda x: 1 if x=='female' else 0) df['Embarked'] = df['Embarked'].apply(lambda x : 1 if x=='Q' else (0 if x=='S' else 2)) df['Age'] = df['Age'].fillna(0) df['Fare'] = df['Fare'].fillna(0) X = df.drop(['PassengerId', 's', 'Name', 'Ticket', 'Cabin'], axis=1) y = df['s'].apply(lambda x: 1 if x==1 else 0) y = np.array([[y]]) y =np.reshape(y, (-1, 1)) Xxx = X.to_numpy() alphas = [0.001] hiddenSize = 80 batches = 128 # compute sigmoid nonlinearity def sigmoid(x): if x.any() < 0.0: output = 0.0 elif x.any() > 20.0: output = 1.0 else: #return 1.0 / (1.0 + np.exp(-x)) output = 1/(1+np.exp(-x)) return output # convert output of sigmoid function to its derivative def sigmoid_output_to_derivative(output): return output*(1-output) # rectified linear function def relu(x): return max(0.0, x.all()) for alpha in alphas: print("\nTraining With Alpha:" + str(alpha)) np.random.seed(1) # randomly initialize our weights with mean 0 synapse_0 = 2*np.random.random((7,hiddenSize)) - 1 #print(synapse_0.shape) synapse_1 = 2*np.random.random((hiddenSize,hiddenSize)) - 1 #print(synapse_1.shape) synapse_2 = 2*np.random.random((hiddenSize,1)) - 1 #print(synapse_2.shape) for j in range(10000): # Feed forward through layers 0, 1, and 2 layer_0 = Xxx #print(layer_0.shape) layer_1 = sigmoid(np.dot(layer_0,synapse_0)) #print(layer_1.shape) layer_2 = sigmoid(np.dot(layer_1,synapse_1)) #print(layer_2.shape) layer_3 = sigmoid(np.dot(layer_2,synapse_2)) #print(layer_3.shape) # how much did we miss the target value? layer_3_error = layer_3 - y #print(layer_3.shape) if (j% 1000) == 0: print( "Error after "+str(j)+" iterations:" + str(np.mean(np.abs(layer_3_error)))) # in what direction is the target value? # were we really sure? if so, don't change too much. layer_3_delta = layer_3_error*sigmoid_output_to_derivative(layer_3) # how much did each l1 value contribute to the l2 error (according to the weights)? layer_2_error = layer_3_delta.dot(synapse_2.T) # in what direction is the target l1? # were we really sure? if so, don't change too much. layer_2_delta = layer_2_error * sigmoid_output_to_derivative(layer_2) layer_1_error = layer_2_delta.dot(synapse_1.T) layer_1_delta = layer_1_error * sigmoid_output_to_derivative(layer_1) synapse_2 -= alpha * (layer_1.T.dot(layer_3_delta)) synapse_1 -= alpha * (layer_2.T.dot(layer_2_delta)) synapse_0 -= alpha * (layer_0.T.dot(layer_1_delta)) y_hat = [0 if val < 0.5 else 1 for val in layer_3] print(accuracy_score(y, y_hat)) y_hat = pd.DataFrame(y_hat) y = pd.DataFrame(y) cm = confusion_matrix(y, y_hat) print(cm) |
Monday, June 6, 2022
PyQt6: Open only one MDI Child Window at a time with subclassing
This demo program shows how to create a custom event(close event for an MDI Child Window) by using the subclassing approach.
The output:
The code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | import sys from PyQt6.QtCore import * from PyQt6.QtGui import * from PyQt6.QtWidgets import * sub_open = False class MainW(QMainWindow): count = 0 def __init__(self, parent=None): super(MainW, self).__init__(parent) self.mdi = QMdiArea() self.setCentralWidget(self.mdi) bar = self.menuBar() nsub = bar.addMenu("New") nsub.addAction("New") nsub.triggered[QAction].connect(self.waction) self.setWindowTitle("Post 40") #@f.pyqtSlot(str) def wclosed(self, text): global sub_open sub_open = False def waction(self, q): global sub_open if sub_open == True: return None sub_open = True if q.text() == "New": MainW.count = MainW.count + 1 sub = CustomSubWindow() # not QMdiSubWindow sub.setWidget(QTextEdit()) #sub.setAttribute(Qt.WA_DeleteOnClose) sub.setWindowTitle("subwindow" + str(MainW.count)) sub.subClosed.connect(self.wclosed) self.mdi.addSubWindow(sub) sub.show() class CustomSubWindow(QMdiSubWindow): subClosed = pyqtSignal(str) def closeEvent(self, event): self.subClosed.emit("") QMdiSubWindow.closeEvent(self, event) def main(): app = QApplication(sys.argv) ex = MainW() ex.show() sys.exit(app.exec()) if __name__ == '__main__': main() |
Sunday, June 5, 2022
Upgrade 05: PyQt6 Desktop App Template
I have added CRUD(create/read/update/delete) for users with search function which is similar to SAP's search help. It can be accessed from the Admin pull-down menu.
The latest version can be downloaded in this github repository: python_desktop_app_template
The Output:
Subscribe to:
Comments (Atom)