Hack Your Work Place - Turn that boring laptop into a hacking weapon!!!

Disclaimer: This article is for educational purpose only. Use the information responsibly and ensure that you have proper authorization before scanning any network or system. The author of this article is not responsible for any misuse or damage caused by its use

~Sudipt Ghatak~

Copyright ? 2024 Sudipt Ghatak (https://www.sudiptghatak.com)

If you are reading through this article and excited to know the methods to achieve, let's take a quick pause. Before delving into the solution, let's take a moment to explore the situation and the challenges it presents.

<villain> System Admin! </villain>

In the dynamic landscape of security enthusiasts, there's an insatiable quest for real-world platforms to put their acquired skills into action. However, this pursuit often leads to frustration when stumbling upon roadblocks such as administrative restrictions preventing the installation of essential tools like BurpSuite or encountering barriers imposed by endpoint protection that block nmap.exe from executing. It's a common scenario faced by many in the security community: the desire to apply learned techniques in practical settings, only to be thwarted by bureaucratic hurdles or technological constraints. The inability to access preferred tools can feel like hitting a wall, hindering progress and dampening enthusiasm.

<roadblock> XxX Access Denied XxX </roadblock>

You would always be in a situation where you have limited user privilege and installing Vulnerability Assessment and Penetration Testing (VAPT) applications is prohibited, resorting to circumventing administrators by utilizing a USB bootable Kali Linux loaded with your preferred tools can be tempting. However, this strategy comes with considerable risks. Administrators are likely to monitor such activities closely, whether through surveillance cameras or vigilant human observation. The feeling of helplessness can be overwhelming in such circumstances, leaving you scrambling for a solution.

The use of unauthorized tools or unauthorized methods to access systems is a clear violation of organizational policies and may result in severe consequences, including disciplinary action or legal repercussions. Administrators are typically vigilant in monitoring for such activities, employing various surveillance measures to detect and deter unauthorized behavior.

So no matter how efficient you may be with Nessus, Nikto, Burpsuite, Metasploit etc etc etc, all your tool oriented knowledge is a sheer waste when it can't be used / installed because you DON'T have sufficient permission!

<loophole> Python </loophole>

Yet, amidst these challenges, there exists a beacon of hope: PYTHON! available & accessible through most of the company portals or those sanctioned by accommodating administrators. Administrators, cognizant of demands around operational requirement or personal development plan, often exhibit leniency in permitting the installation and use of Python, recognizing their instrumental role towards organizational objectives.

By embracing "THIS" accessible alternative, security enthusiasts can transcend the limitations imposed by administrative constraints and technological barriers. They can channel their expertise into meaningful endeavors, contributing to the enhancement of security protocols, the fortification of digital infrastructures, and the cultivation of a robust cybersecurity culture within their respective organizations.

This not only mitigates the risk of potential repercussions but also fosters a culture of accountability and responsibility within the security community.

<solution> Tell me how ..? </solution>

Let's answer the most basic question - What is a tool ? A penetration tool is nothing but a program or a group of programs together forming an application with a user friendly interface facilitating the need within few clicks.

How about achieving the potentials of a tool using python ?

Step 1: Getting your laptop ready: As stated above, you might not have sufficient privileges to install your favorite hacking tool. Time to get off that script kiddy chair and step into the real hacking world. Python as a programming language / tool is allowed across all organizations. You might even find some great IDEs on your company portal.

A few to look up for are as follows :

• IDLE
• PyCharm
• Spyder
• Pydev

No? Well don't be disheartened, there's still more alternatives. Every windows machine has Visual Studio Code. VS Code can be a good alternative to code and test your scripts.

If the thought of "what to code" leaves you wandering, I won't keep you waiting any longer but share my codes that can be simply get copied and pasted in the form of a python file, followed by your IDE running it for you.

Step 2: Scanning your victim - Before you hack a machine you would first like to know the open ports and services running on it. In an ideal scenario a hacker would like to use "nmap" and it's list of powerful switches to gain information.

I created the below codes which are subsets of nmap and will scan your victim's machines.

Scan Multiple Ports for 1 IP :

#The below code is for single IP address but with an option to select a #range of ports
#Use It Responsibly! This is for educational purpose only and the author #of this script is no way responsible for any unauthorized activity - #Sudipt Ghatak


import socket

def scan_ports(target, start_port, end_port):
    open_ports = []
    for port in range(start_port, end_port + 1):
        try:
            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                s.settimeout(1)
                result = s.connect_ex((target, port))
                if result == 0:
                    open_ports.append(port)
        except KeyboardInterrupt:
            print("\nScan interrupted.")
            break
        except socket.error:
            pass
    return open_ports

def main():
    target = input("Enter the target IP address or hostname: ")
    start_port = int(input("Enter the start port number: "))
    end_port = int(input("Enter the end port number: "))
    
    open_ports = scan_ports(target, start_port, end_port)
    
    if open_ports:
        print("Open ports:")
        for port in open_ports:
            print(port)
    else:
        print("No open ports found.")

if __name__ == "__main__":
    main()        

Scan a subnet of IPs for a particular port :

#This script takes an IP subnet in CIDR notation (e.g., 192.168.1.0/24) #and a port number as input. It then scans all IP addresses within the #subnet for the specified port, using multithreading to speed up the #process.
#Use It Responsibly! This is for educational purpose only and the author #of this script is no way responsible for any unauthorized activity - #Sudipt Ghatak



import socket
import ipaddress
import concurrent.futures

def scan_port(ip, port):
    try:
        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
            s.settimeout(1)
            result = s.connect_ex((ip, port))
            if result == 0:
                return port
    except KeyboardInterrupt:
        pass
    except socket.error:
        pass
    return None

def scan_subnet(subnet, port):
    open_ports = {}
    with concurrent.futures.ThreadPoolExecutor() as executor:
        future_to_ip = {executor.submit(scan_port, str(ip), port): str(ip) for ip in subnet.hosts()}
        for future in concurrent.futures.as_completed(future_to_ip):
            ip = future_to_ip[future]
            try:
                open_port = future.result()
                if open_port:
                    open_ports[ip] = open_port
            except Exception as e:
                pass
    return open_ports

def main():
    subnet_str = input("Enter the IP subnet (e.g., 192.168.1.0/24): ")
    port = int(input("Enter the port number to scan: "))

    try:
        subnet = ipaddress.ip_network(subnet_str)
        open_ports = scan_subnet(subnet, port)

        if open_ports:
            print("Open ports:")
            for ip, open_port in open_ports.items():
                print(f"{ip}:{open_port}")
        else:
            print("No open ports found.")
    except ValueError:
        print("Invalid subnet format.")

if __name__ == "__main__":
    main()
        

Scans the IP & Port and returns the O/s version

#This script takes an IP and a port and returns the operating system #version of the victim machine.
#Use It Responsibly! This is for educational purpose only and the author #of this script is no way responsible for any unauthorized activity - #Sudipt Ghatak


import socket
import subprocess
import platform

def get_os_info():
    return platform.system(), platform.release()

def get_open_ports(ip_address, start_port, end_port):
    open_ports = []
    for port in range(start_port, end_port+1):
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(1)
        result = sock.connect_ex((ip_address, port))
        if result == 0:
            open_ports.append(port)
        sock.close()
    return open_ports

def get_app_version(ip_address, port):
    protocol = input("Enter the protocol (tcp/udp): ")
    if protocol == "tcp":
        result = subprocess.run(f"nmap -sT -p {port} {ip_address}", shell=True, capture_output=True, text=True)
    elif protocol == "udp":
        result = subprocess.run(f"nmap -sU -p {port} {ip_address}", shell=True, capture_output=True, text=True)
    else:
        print("Invalid protocol.")
        return None
    if "discovered open port" in result.stdout:
        for line in result.stdout.split("\n"):
            if "Service Info: OS: " in line:
                return line.split(": ")[1]
    else:
        print("No service detected on the specified port.")
        return None

def ip_scanner(ip_address, start_port, end_port):
    os_info, _ = get_os_info()
    open_ports = get_open_ports(ip_address, start_port, end_port)
    if open_ports:
        print(f"Open ports on {ip_address} ({os_info}):")
        for port in open_ports:
            app_version = get_app_version(ip_address, port)
            if app_version:
                print(f"Port {port} - {app_version}")
    else:
        print(f"No open ports found on {ip_address} ({os_info}).")

if __name__ == "__main__":
    ip_address = input("Enter the IP address: ")
    start_port = int(input("Enter the starting port: "))
    end_port = int(input("Enter the ending port: "))
    ip_scanner(ip_address, start_port, end_port)        

To be continued ... (I will continue to edit this article and add more scripts. Keep an eye ..... )