Why a custom scripting framework?<\/strong><\/p>\n babel-sf has been created for testing minimal installations, locked down and\/or hardened environments e.g.<\/p>\n But crucially, you still have access to one or more scripting languages e.g. Python<\/p>\n Its development was also partially driven by my own needs:<\/p>\n But really Why?<\/strong><\/p>\n To solve reoccurring problems encountered during my testing:<\/p>\n I expect\u00a0 babel-sf to be used when you don’t have any tools or Operating System utilities available e.g.<\/p>\n In this scenario you simply download babel-sf\u00a0 onto the target box via a short one liner (in whichever scripting language is available to you).<\/p>\n Aims?<\/strong><\/p>\n babel-sf “aspires” to be identical in each scripting language:<\/p>\n Functionality?<\/strong><\/p>\n As it stands, babel-sf provides scripts for the following functions:<\/p>\n 1. Portscanner (see examples below)<\/strong> 2. Arpscanner (see examples below):<\/strong> So you get the idea, replicated tools in multiple scripting languages…From now on I’ll just show one example screenshot per utility (but they are all there!)<\/p>\n 3. FTP client (crude)<\/strong> 4. WGET client<\/strong> 5. HTTP Server<\/strong> 6. Bind Metasploit Payload<\/strong> 7. Reverse Metasploit Payload<\/strong> Initial Download?<\/strong><\/p>\n Assuming that at least one scripting language is supported on the target system, an initial single line script (which provides wget type functionality) will be run to download babel-sf to the target host.<\/p>\n In practice to download babel-sf to our target system we run the relevant script, for our available programming language.\u00a0 This will have to be typed in manually (but thankfully these scripts short and succinct).<\/p>\n Perl:<\/strong><\/p>\n Create ‘download.pl’ containing the following code and execute via: ‘perl download.pl’<\/p>\n Python:<\/strong><\/p>\n Create ‘download.py’ containing the following code and execture via: ‘python download.py’<\/p>\n Ruby:<\/strong><\/p>\n Create ‘download.rb’ containing the following code and execture via: ‘ruby download.rb’<\/p>\n PowerShell:<\/strong><\/p>\n Create ‘download.ps1’ containing the following code and execture via: ‘powershell .\\download.ps1’<\/p>\n Obviously, if you were located on a closed network you would download from your own host, rather than from github.<\/p>\n Script Uniformity?<\/strong><\/p>\n The scripts offer uniform functionality to a point, some exceptions are:<\/p>\n Ruby has a socket limit (approx 1024):<\/strong>\u00a0 This limits the maximum number of ports that can be scanned at once<\/p>\n I had to be flexible with the type of metasploit shells included:<\/strong>\u00a0 Whilst, bind and reverse shells are included for each scripting language, one language may provide tcp_shells whlilst another may provide meterpreter shells<\/p>\n Whilst the underlying functionality is similar for all of the different HTTP servers:<\/strong> It proved tricky getting HTTP servers to provide a uniform look\/feel:<\/p>\n Arpscanner usage varies a little between languages: <\/strong>The interface switch (e.g. eth0) is not currently supported in all languages<\/p>\n Confessions!<\/strong><\/p>\n Testing!<\/strong><\/p>\n babel-sf has been tested on the following target Operating Systems:<\/p>\n Perl, Python and Ruby (Currently only targeting Nix systems)<\/p>\n PowerShell (Windows)<\/p>\n Future Additions?<\/strong><\/p>\n Addition of further scripting languages:<\/p>\n Links:<\/strong> Babel-sf is not wholly new code by any means; large snipets, small snipets and great ideas have been borrowed from many other open source repositories (hopefully, I’ve remembered to reference them all!):<\/p>\n References:<\/strong> The Babel Scripting Framework (babel-sf) is a collection of custom scripts to facilitate useful pentest related functions via scripting languages. All of the following tools are replicated in the following languages \u2013 PowerShell, Perl, Ruby and Python: Portscanner ARPscanner FTP Client WGET Client Bind Metasploit Payload Reverse Metasploit Payload Why a custom scripting framework? babel-sf … <\/p>\n\n
\n
\n
\n
\n
\nperl:
\n![\"perl-portscan\"](\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2014\/05\/perl-portscan.jpg\")
<\/a><\/strong>
\npython:
\n![\"portscan-py\"](\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2014\/05\/portscan-py.jpg\")
<\/a>
\nruby:
\n![\"ruby-portscan\"](\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2014\/05\/ruby-portscan.jpg\")
<\/a>
\nPowerShell:
\n![\"powershell_portscan\"](\"https:\/\/www.attackdebris.com\/wp-content\/uploads\/2014\/05\/powershell_portscan.jpg\")
<\/a><\/p>\n
\nperl:
\n<\/a>
\npython:
\n<\/a>
\nruby:
\n<\/a>
\nPowerShell:
\n<\/a><\/p>\n
\nruby (example):
\n<\/a><\/strong><\/p>\n
\nperl (example):
\n<\/a><\/p>\n
\nPowerShell (example):
\n<\/a><\/p>\n
\npython (example):
\n<\/a><\/p>\n
\nruby (example):
\n<\/a><\/p>\nuse LWP::Simple; mirror('https:\/\/github.com\/attackdebris\/babel-sf\/archive\/master.zip', 'babel-sf.zip');<\/pre>\nimport urllib; urllib.urlretrieve('https:\/\/github.com\/attackdebris\/babel-sf\/archive\/master.zip', 'babel-sf.zip')<\/pre>\nrequire 'open-uri'; File.open(\"babel-sf.zip\", \"wb\").write(open(\"https:\/\/github.com\/attackdebris\/babel-sf\/archive\/master.zip\", \"rb\").read)<\/pre>\n
(new-object System.Net.WebClient).Downloadfile(\"https:\/\/github.com\/attackdebris\/babel-sf\/archive\/master.zip\",\"babel-sf.zip\")<\/pre>\n
\n
\n
\n
\n
\n
\nGithub – https:\/\/github.com\/attackdebris\/babel-sf\/<\/a>
\nBlog – https:\/\/www.attackdebris.com\/?p=182<\/a><\/p>\n
\n http:\/\/pentestmonkey.net\/cheat-sheet\/shells\/reverse-shell-cheat-sheet<\/a>
\nhttp:\/\/www.phillips321.co.uk\/2013\/10\/22\/one-line-python-meterpreter-reverse-shell\/<\/a>
\nhttp:\/\/obscuresecurity.blogspot.co.uk\/2014\/05\/dirty-powershell-webserver<\/a>
\nhttp:\/\/gist.github.com\/wagnerandrade\/5424431<\/a>
\nhttp:\/\/hacknotes.wikidot.com\/useful-scripts<\/a>
\nhttp:\/\/www.jnthn.net\/perlportscanner.shtml<\/a>
\nhttp:\/\/search.cpan.org\/~ingy\/IO-All\/lib\/IO\/All.pod<\/a>
\nhttps:\/\/docs.python.org\/2\/library\/simplehttpserver<\/a>
\nhttp:\/\/stackoverflow.com\/users\/464744\/blender<\/a>
\nhttp:\/\/www.ruby-doc.org\/stdlib-2.0\/libdoc\/webrick\/rdoc\/WEBrick<\/a>
\nhttp:\/\/www.rapid7.com\/db\/modules\/payload\/ruby\/shell_reverse_tcp<\/a>
\nhttp:\/\/gist.github.com\/jstorimer\/3522068<\/a>
\nCoding for penetration testers (Syngress Press)<\/a>
\nhttp:\/\/snipplr.com\/view\/46170\/<\/a>
\nhttp:\/\/code.activestate.com\/recipes\/439094-get-the-ip-address-associated-with-a-network-inter\/<\/a>
\nhttp:\/\/ijdc.blogspot.co.uk\/2011\/12\/powershell-script-to-get-mac-address<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"