Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python
"""
Port Knocking with scapy example.
Knock on port 42304
Knock on port 53768
Knock on port 3297
HTTP request to port 19760
Now, to get the flag, we just need to write a small scrip to implement all this logic. We will use the scapy python library to perform the port knocking and curl for the HTTP request part:
"""
from scapy.all import *
import random
import requests
conf.verb=0
base_URL = "http://87.107.123.4:"
def knock(ports):
print "[*] Knocking on ports"+str(ports)
for dport in range(0, len(ports)):
ip = IP(dst = "87.107.123.4")
SYN = ip/TCP(dport=ports[dport], flags="S", window=14600, options=[('MSS',1460)])
send(SYN)
def get_flag_part(port,part):
command = ["curl", "-s" ,base_URL+str(port)+"/"+part+"_part_of_flag"]
p = subprocess.Popen(command, stdout=subprocess.PIPE)
result = p.communicate()[0]
return result.strip()
flag=''
ports = [9264,11780,2059,8334]
port = 24931
knock(ports)
flag_part = get_flag_part(port,"first")
flag = ''.join([flag,flag_part])
print flag_part
ports = [42304,53768,3297]
port = 19760
knock(ports)
flag_part = get_flag_part(port,"second")
flag = ''.join([flag,flag_part])
print flag_part
ports= [23106,4250,62532,11655,33844]
port=3695
knock(ports)
flag_part = get_flag_part(port,"third")
flag = ''.join([flag,flag_part])
print flag_part
ports= [49377,48116,54900,8149]
port=31054
knock(ports)
flag_part = get_flag_part(port,"fourth")
flag = ''.join([flag,flag_part])
print flag_part
ports= [16340,59991,37429,60012,15397,21864,12923]
port=8799
knock(ports)
flag_part = get_flag_part(port,"last")
flag = ''.join([flag,flag_part])
print flag_part
print "Flag: %s" % flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.