Tips & Tricks

How to Route Public Python Exploit Code Through Burp Suite

When you come across public exploit code written in Python, it is sometimes easiest to just route the exploit through Burpsuite so you can understand what it’s doing — especially in cases where the code interacts with web applications.

To do this, we can simple add some code that instructs the script to use a proxy.


First, make sure that the Requests module is already being called by the script. Check for the following line of code:
import requests

As long as that is present, we can add a Proxy variable at the top of the exploit, but after the Requests module is imported. If the application uses HTTPS instead of HTTP, then you’d want to use https in the below line.
proxies = {'http': 'http://127.0.0.1:8080'}

Next, we need to look through the code for any .get or .post requests and add the following to the end of it.
, proxies=proxies

For example, let’s say you have a line of code that looks like this:
s.get(SERVER_URL, verify=False)

You will want to modify it so that it looks like this:
s.get(SERVER_URL, verify=False, proxies=proxies)

Just make sure to do this throughout the entire exploit. The easiest way to find them all may be to search for “requests” and look for any time a .get or .post is added to that.

Now you can spin up Burp Intercept and run the exploit! This will allow you to interact with the exploit through Burp and gives you much more visibility into the requests being made.

Tips & Tricks

Using ps.py To Monitor Linux Processes

While working through TheCyberMentor’s Linux Privesc course, I learned something new and wanted to place this here so I can refer to it later. There’s a box on TryHackMe called ConvertMyVideo. This post does not intend to serve as a walk-through or write-up of that box, but rather is a using it as an example for some of the tips I’m going to place here.


Setting the Stage & Using the Tool

So we have a low-level shell on the box and we’ve done our basic enumeration to try to find a path to escalate privileges. Couldn’t locate anything, but we do see that there is a cron process running after executing the following command.

ps -aux

So we know that cron is being used, but we don’t see anything in the crontab. This is where a tool like ps.py comes in handy! It will monitor the system for any commands that get executed and present them to us.

Let’s go out to grab the tool from Github. Download the necessary binary and lets transfer it over to the target machine.

Once you have it, let’s make sure its executable and run it on the system.

chmod +x pspy64

./pspy64

Now we can look through the results, and we see that the following commands are being executed on a schedule.

From here, we’d be able to continue our enumeration of the box armed with knowledge of what commands are being executed on their own.

Tips & Tricks

Upgrading Simple Shells to Interactive TTYs w/ Python

This is a quick and easy post, mainly for my own reference moving forward. It will showcase how to upgrade and improve your reverse shells so that they are more user friendly.


Once you have a reverse shell, start by running the command

python -c 'import pty;pty.spawn("/bin/bash")'

Now we’ll background the window with Ctrl + Z. We’ll be taken back to our Kali terminal window.

In the Kali terminal, type in stty raw -echo. It will appear like nothing happened, but then type in fg. Note: The text you type here will not display.

Press Enter. This will repopulate the command you ran to capture the shell, and then Enter a 2nd time. This will take you back to your reverse shell.

Now, you can run export TERM=xterm, which will allow you to do things like clear the screen.


Fixing Rows/Columns

If you need to run vi, you may find that your shell doesn’t display the editor correctly. For example, it may not fill out the entire terminal window (see image below).

To fix this, we’ll need to adjust the row and columns. From a new terminal window (on your local machine), run the following command.

stty -a

Make note of the returned rows and columns. Back in your shell, run the following command to configure the terminal with the correct number of rows/columns.

stty rows <insert> columns <insert>

Now running vi will work correctly.