HackSheet

---

• Base64
• Execute Command
• Hash
• Pwn
• Requests
• Server
• Socket
• Thread
• Urlencode

Requests

import requests

GET

r = requests.get('http://example.com')

Session

# Replace requests by `s` in your future requests to use session.
s = requests.session()

Proxies

s.proxies = {
  "http": "localhost:8080",
  "https": "localhost:8080",
}

POST

# Classic Post
r = requests.post('http://example.com/submit',
    headers={
        'Content-type': 'application/x-www-form-urlencoded',
    },
    data={'user': 'guest'},
    verify=False # Check Certificate
)

• Example Script

Response Objects

r.url
r.status_code
r.headers
r.cookies
r.raw
r.content # Byte
r.text    # String
r.request

• Docs

Example

• Example script

Server

Handler

from http.server import HTTPServer, BaseHTTPRequestHandler

class httpHandler(BaseHTTPRequestHandler):
	def do_GET(self):
		self.send_response(200)
		self.end_headers()
		self.wfile.write(b'Hello World')

	def do_POST():
		pass

httpd = HTTPServer(('0.0.0.0', 8000), httpHandler)
httpd.serve_forever()

• http.server doc

Base64

import base64

Decode

encodedStr = "VGVzdCBSYW5kb20gU3RyaW5n"
text = base64.b64decode(encodedStr).decode() # 'Test Random String'

Encode

data = "Test Random String"
encodedBytes = base64.b64encode(data.encode()).decode() # 'VGVzdCBSYW5kb20gU3RyaW5n'

Urlencode

import urllib.parse

Encode

urllib.parse.quote('/Tést Rä') # '/T%C3%A9st%20R%C3%A4'
urllib.parse.quote('/', safe='') # '%2F'

Interpret newlines as char

my_string = 'hello\nworld'
my_string = my_string.encode().decode('unicode_escape')
urllib.parse.quote(my_string) # 'hello%0Aworld'

Decode

urllib.parse.unquote('lol+lol') # 'lol+lol'
urllib.parse.unquote_plus('lol+lol') # 'lol lol'

• How to encode URLs in Python

Socket

import socket

Server

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as server:
    server.bind(('', 4444))
    server.listen()
    sock, addr = server.accept()

Client

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
    sock.connect(('127.0.0.1', 4444))

Common

# Set Timeout
sock.settimeout(5)
# Receive
sock.recv(1024) # b'Random content'
# Send
sock.send(b'Random content')
# Close
sock.close()

Execute Command

Os

import os

os.system('echo desbarres') # Exit Code

os.popen('echo desbarres').read() # 'desbarres'

Subprocess

import subprocess

subprocess.call('echo desbarres', shell=True) # Exit Code

subprocess.check_output('echo desbarres', shell=True) # b'desbarres'

Thread

from threading import Thread

Run function

thr = Thread(target=func, args=(1,))
thr.start()
thr.join()

Run class

class ExampleClass(Thread):
	def __init__(self, *args, **kwargs):
		super().__init__(*args, **kwargs)

	def run(self):
		do_stuff

thr = ExampleClass()
thr.start()

Run with a max of thread

from concurrent.futures import ThreadPoolExecutor

# Run 1000 time func with a max of 25 threads simultaneously
with ThreadPoolExecutor(max_workers=min(25, 1000)) as tp:
    for arg in range(1000):
        tp.submit(func, arg)

Hash

import hashlib

MD5

hashlib.md5(b'password').hexdigest() # '5f4dcc3b5aa765d61d8327deb882cf99'

Sha256

hashlib.sha256(b'password').hexdigest() # '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'

Pwn

• Example script
• Shellcode

This site is open source. Improve this page.