Hello all
I am a Cyber Sec student, working on CEH (Certified Ethical Hacker) and CCNA (Cisco networking). After several books and many many tutorials, I found that being motivated to create something is the best teacher when it comes to programming.
So I was hoping to write some scripts to personalize/automate my system and Hacking. I would like to build a script that starts while FreeBSD is booting and captures all network activity coming from the network tap (trying to detect a rootkit/boot sector malware), etc... Then a script for auto enumeration/scanning of targets and self (if that makes sense).
My question is, should I attempt to do this in my tcsh or C/python. I would like to have a program (eventually) that would act like metasploit/IDS/IPS/LiveCD all rolled into one. Mind you, I am still very new and something like this would take a career-lifetime(it feels like atm anyway) to perfect, but just like any project and learning experience, it's better to try and just see what happens. Personally I think it will be the best reality check / teacher I could find at this point.
Sorry for the blabbing, If anyone could voice an opinion(anything that comes to mind from anyone idc, just really curious to hear someone else thoughts) or post some scholarly articles I would be forever indebted. Thanks
This is my level of skill and what I have so far, at the moment I feel it's more like pseudo code for C in the future:
(can also be viewed at a popular code pasting site (don't know if I'm allowed to name it) under fcC7huZ9)
I am a Cyber Sec student, working on CEH (Certified Ethical Hacker) and CCNA (Cisco networking). After several books and many many tutorials, I found that being motivated to create something is the best teacher when it comes to programming.
So I was hoping to write some scripts to personalize/automate my system and Hacking. I would like to build a script that starts while FreeBSD is booting and captures all network activity coming from the network tap (trying to detect a rootkit/boot sector malware), etc... Then a script for auto enumeration/scanning of targets and self (if that makes sense).
My question is, should I attempt to do this in my tcsh or C/python. I would like to have a program (eventually) that would act like metasploit/IDS/IPS/LiveCD all rolled into one. Mind you, I am still very new and something like this would take a career-lifetime(it feels like atm anyway) to perfect, but just like any project and learning experience, it's better to try and just see what happens. Personally I think it will be the best reality check / teacher I could find at this point.
Sorry for the blabbing, If anyone could voice an opinion(anything that comes to mind from anyone idc, just really curious to hear someone else thoughts) or post some scholarly articles I would be forever indebted. Thanks
This is my level of skill and what I have so far, at the moment I feel it's more like pseudo code for C in the future:
(can also be viewed at a popular code pasting site (don't know if I'm allowed to name it) under fcC7huZ9)
Code:
import pcap,dpkt
import socket
import os
def capture():
dev= pcap.lookupdev()
for ts, pkt in pcap.pcap(name=dev, snaplen=65535, promisc=True, immediate=False):
eth = dpkt.ethernet.Ethernet(pkt)
if eth.type!=2048: #! if ipv6
ip = eth.data
typepack = eth.type
try:
dst_ip_6= socket.inet_ntop(socket.AF_INET6, ip.dst )
except AttributeError:
continue
else:
ip = eth.data
tcp = ip.data
typepack = eth.type
try:
src_ip = socket.inet_ntoa(ip.src)
dst_ip = socket.inet_ntoa(ip.dst)
if dst_ip == '10.0.0.2':
with open('//home//mrfree//ipLog.txt','a') as log:
log.write('Session:%s:%s,%s\n'%(src_ip,tcp.dport,ts))
if tcp.dport < 1028:
log.write('Out of bounds connection attempt, Blocking %s \n'%(src_ip))
os.popen("iptables -I INPUT -s %s -j DROP"%(src_ip))
os.popen("iptables -I OUTPUT -d %s -j DROP"%(src_ip))
with open('//home//mrfree//filters.txt','r') as filters:
filters = filters.read()
if filters in tcp.data:
log.write('Attempted Shell connection, Blocking %s \n'%(src_ip))
os.popen("iptables -I INPUT -s %s -j DROP"%(src_ip))
os.popen("iptables -I OUTPUT -d %s -j DROP"%(src_ip))
except AttributeError,TypeError:
continue
capture()