snj/Port Knocking with Scapy Example

## Port Knocking with Scapy Example
#!/usr/bin/python

"""
Port Knocking with scapy example.

Knock on port 42304
Knock on port 53768
Knock on port 3297
HTTP request to port 19760
Now, to get the flag, we just need to write a small scrip to implement all this logic. We will use the scapy python library to perform the port knocking and curl for the HTTP request part:
"""

from scapy.all import *
import random
import requests

conf.verb=0

base_URL = "http://87.107.123.4:"

def knock(ports):
    print "[*] Knocking on ports"+str(ports)
    for dport in range(0, len(ports)):
        ip = IP(dst = "87.107.123.4")
        SYN = ip/TCP(dport=ports[dport], flags="S", window=14600, options=[('MSS',1460)])
        send(SYN)

def get_flag_part(port,part):
    command = ["curl", "-s" ,base_URL+str(port)+"/"+part+"_part_of_flag"]
    p = subprocess.Popen(command, stdout=subprocess.PIPE)
    result = p.communicate()[0]
    return result.strip()

flag=''

ports = [9264,11780,2059,8334]
port = 24931
knock(ports)
flag_part = get_flag_part(port,"first")
flag = ''.join([flag,flag_part])
print flag_part

ports = [42304,53768,3297]
port = 19760
knock(ports)
flag_part = get_flag_part(port,"second")
flag = ''.join([flag,flag_part])
print flag_part

ports= [23106,4250,62532,11655,33844]
port=3695
knock(ports)
flag_part = get_flag_part(port,"third")
flag = ''.join([flag,flag_part])
print flag_part

ports= [49377,48116,54900,8149]
port=31054
knock(ports)
flag_part = get_flag_part(port,"fourth")
flag = ''.join([flag,flag_part])
print flag_part

ports= [16340,59991,37429,60012,15397,21864,12923]
port=8799
knock(ports)
flag_part = get_flag_part(port,"last")
flag = ''.join([flag,flag_part])
print flag_part
print "Flag: %s" % flag
	#!/usr/bin/python

	"""
	Port Knocking with scapy example.

	Knock on port 42304
	Knock on port 53768
	Knock on port 3297
	HTTP request to port 19760
	Now, to get the flag, we just need to write a small scrip to implement all this logic. We will use the scapy python library to perform the port knocking and curl for the HTTP request part:
	"""

	from scapy.all import *
	import random
	import requests

	conf.verb=0

	base_URL = "http://87.107.123.4:"

	def knock(ports):
	print "[*] Knocking on ports"+str(ports)
	for dport in range(0, len(ports)):
	ip = IP(dst = "87.107.123.4")
	SYN = ip/TCP(dport=ports[dport], flags="S", window=14600, options=[('MSS',1460)])
	send(SYN)

	def get_flag_part(port,part):
	command = ["curl", "-s" ,base_URL+str(port)+"/"+part+"_part_of_flag"]
	p = subprocess.Popen(command, stdout=subprocess.PIPE)
	result = p.communicate()[0]
	return result.strip()

	flag=''

	ports = [9264,11780,2059,8334]
	port = 24931
	knock(ports)
	flag_part = get_flag_part(port,"first")
	flag = ''.join([flag,flag_part])
	print flag_part

	ports = [42304,53768,3297]
	port = 19760
	knock(ports)
	flag_part = get_flag_part(port,"second")
	flag = ''.join([flag,flag_part])
	print flag_part

	ports= [23106,4250,62532,11655,33844]
	port=3695
	knock(ports)
	flag_part = get_flag_part(port,"third")
	flag = ''.join([flag,flag_part])
	print flag_part

	ports= [49377,48116,54900,8149]
	port=31054
	knock(ports)
	flag_part = get_flag_part(port,"fourth")
	flag = ''.join([flag,flag_part])
	print flag_part

	ports= [16340,59991,37429,60012,15397,21864,12923]
	port=8799
	knock(ports)
	flag_part = get_flag_part(port,"last")
	flag = ''.join([flag,flag_part])
	print flag_part
	print "Flag: %s" % flag