Archive for the 'Python' Category
PoC of Denial of Service in SSH Daemons
This is a proof of concept of a DOS in misconfigured SSH daemons (which is default in some distros), an example is the OpenSSH (any version, any plataform) with no definition of MaxStartups in sshd_config, to read about problem, see my post on:
http://archive.netbsd.se/?ml=secureshell&a=2006-08&t=2257506
or
http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2006-08/msg00030.html
Well, with this DOS, you can block any user to login on remote machine, a big problem for some admins which are isolated from machine =)
To use the PoC:
~# python poc.py –help
Screenshot
Download PoC: SSHD PoC
Requirements: Python 2.3+ / Linux or Windows
Yours,
- Perone
No commentsA MSN Python BOT
Hello, the screenshot says everything:
To install:
~# apt-get install python-msn
~# ./mon.py or python mon.py
Enter your account and enjoy.
The source is a mess, but it’s just a PoC; the idea is to use this bot to show linux alerts.
Yours,
- Perone
No commentsPyevolve - A Python Genetic Algorithms Framework
Hello, this is my redemption post since the long time without activity on the blog. I’m working on complete Python genetic algorithms framework with many features, for a while is still under development, but there is an alpha version and some examples at the Google project hosting.
I’m doing the best efforts to release new versions soon as possible; I hope that this project will be used, since there are not good frameworks of GAs with easy use fashion in languages like Python.
http://code.google.com/p/pyevolve/
- Perone
No commentsJavascript 1.7 (or Pythonscript ?)
Hello! This topic will explain some of the new features of JavaScript 1.7 which are
embedded in Firefox 2.0 Beta1+ versions and probably in IE (I'm not sure).
The most interesting point in the new features is the "apparently" correlation
with the Python same features, which I will cite.
Well, let's prepare to use our new features. First of all, we need to declare some
special string in the script type attribute like that:
-
<script type="application/javascript;version=1.7"></script>
With this tag, we enable the v.1.7 features on our scripts.
This is needed because some new reserved keywords of 1.7 version may
interfere in the old code, the words are: "yield", "let", etc...
Let's begin.
Generators
Generator are like interactive functions with state variables.
-
/* The function */
-
function gen()
-
{
-
var i = 0;
-
while(true)
-
{
-
yield i;
-
i++;
-
}
-
}
-
-
/* The "g" var isn't a simple function,
-
is a instance of an generator */
-
var g = gen()
-
-
/* This for loop show 3 alerts with
-
respective values: 0, 1, 2 */
-
for (var i=0; i<3; i++)
-
{
-
alert(g.next())
-
}
-
-
g.close();
This is a powerful new feature of JavaScript 1.7, and have the same
syntax of Python Generators as you see here.
I will post about other new features in next posts, cause now I'm busy
with the Distributed Rainbow Tables project.
Farewell,
Christian S. Perone
PSP mod_python abort/quit/exit statement
psp.py patch: patch_psp_py.diff
Hello, there is an native handler to use PSP on Mod_python, unfortunately there is no abort statement which you can use like that:
-
req.write("one")
-
abort/cancel/quit/exit statement
-
# the string "two" cannot appear, cause the abort
-
# statement causes PSP flow stop
-
req.write("two")
So, I have made a temporary patch to add this feature in mod_python, the patch simples adds a fake exception out of the running scope and a function called "abort" (exposed to running scope of PSP), so you can apply the patch and use the feature:
-
req.write("one")
-
abort()
-
# the string "two" will not appear, the abort() function
-
#(enabled after patch apply) will stop the flow of program
-
req.write("two")
The patch is for the windows version of mod_python, but you can easy look at the diff and apply to any other version of mod_python, any suggestion or help you can contact me.
In some other post I will talk about PSP with more explanations.
psp.py patch: patch_psp_py.diff
- Christian S. Perone
1 commentPython implicit zipimport
Hello ! This is my first post on this blog, so I hope you enjoy =) This post is about an feature called zipimporter who easy helps you in distribution or organization of modules and packages.
Well, since 2.3 version of Python, there is a module called zipimporter, the main objective of this module is:
" This module adds the ability to import Python modules (*.py, *.py[co]) and packages from ZIP-format archives."
As you see, it's not Java which only have .jar (very slow) compression of packages.
So, we let's code and stop talking:
First, we create a simple module called test.py with this simple code (do not forget the indentation):
-
def func_test():
-
"Simple function"
-
print "Function test, pythowned !"
Later, we save that test.py and compress it inside pymod.zip, now we can use the .zip with compressed module, let's see:
-
# importing the zipimport
-
import zipimport
-
-
# create the zipimporter object
-
zip = zipimport.zipimporter("pymod.zip")
-
# load the module
-
mod = zip.load_module("test")
-
-
# and now, the magic:
-
test.func_test()
-
-
"Function test, pythowned !"
There is another way which you can do that, and python will use the zipimport implicitly:
-
import sys
-
-
sys.path.insert(0, "pymod.zip")
-
-
import test
-
-
test.func_test()
-
-
"Function test, pythowned !"
Some python modules are really small and imperceptible, but can help you a lot in the distribution of a huge project.
- Christian S. Perone
No comments
