Fad programming… playing around with Python

Today I tried to summon my programming ability by playing around a little bit with Python. I try to make a simple application which trying to read a login page, then try to log into the page and then try to grab some menu inside the protected page, and automatically run the menu inside. For the best guinea pigs in this trial, I’m using Squirelmail. Here are the scenario, I will try to login into the mail system, using a real user account, then try to choose the compose message menu, send a message from it to an address. To make it more interesting I will using mySQL database to store the data, like the message, mail to and subject. Lets go start it!

First will prepare the tools to help me “finish” the job, I will using burpsuite, mozilla firefox add-ons, like firebug and elite proxy, and pico as the Python editor. To make my application read the html page, I’m using urllib and urllib2, to catch the cookie, I will using cookielib. Since I will try to read the hidden tag from the login form, I will use BeautifulSoup library. Here are the full code

Non SQL queries.
import urllib, urllib2, cookielib, re
from stripogram import html2text
 from BeautifulSoup import BeautifulSoup

username = 'user'
 password = 'pass123'
 kepada = 'mrp.bpp@.gmail'
 judul = 'test'
 isi = 'test via daemon'
 tek = ''

cj = cookielib.CookieJar()
 opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
 login_data = urllib.urlencode({'login_username' : username, 'secretkey' : password})
 opener.open('http://mail.akakom/src/redirect.php', login_data)
 resp = opener.open('http://mail.akakom/src/compose.php?mailbox=INBOX&startMessage=1')
 data = resp.read()
 soup = BeautifulSoup(data)
 tokenId = soup.find('input')
 value = tokenId['value']
 email_data = urllib.urlencode({'smtoken' : value, 'send_to' : kepada, 'subject' : judul, 'body' : isi,'username' : username, 'smaction' : tek, 'send' : "Kirim"})
 opener.open('http://mail.akakom/src/compose.php',email_data)

the code above is non sql queries application. I will try to explain the code:


import urllib, urllib2, cookielib, re

from stripogram import html2text
from BeautifulSoup import BeautifulSoup

Try to import all the libraries we need. I’m using the stripogram library to extract the html page, so the application will not dump the data with all the html source code. But it is optional for you, in this case, we no need to use it.
username = 'user'
password = 'pass123'
kepada = 'mada@akakom.ac.id'
judul = 'daemon'
isi = 'test via daemon'
tek = 'reply'

declare some variable in here, kepada for ‘to’, judul for ‘subject’, isi for ‘message’ and tek for action type (I will explain here more next).

cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))

save the cookies which might offered by the web page.

login_data = urllib.urlencode({'login_username</span>' : username, 'secretkey</span>' : password})
OK, now I set the variable from the login page, the red one is the name of the form variable. Where the heck I found this name? by using firebug. Just open the login page and run firebug. Or we also could use view source menu from Firefox but I’d rather to use firebug since it could minimize the messy things. So we have login_username and secretkey as the variables from the login form. urllib.urlencode is used to post our variable to the login page with urlencode type of data.
opener.open('http://mail.akakom/src/redirect.php', login_data)
try to open the login page. To get this kind of page, I’m using burpsuite. With burpsuite I could load the page per request. And when I hit the login button, the page call for another page with POST command, and it lead to a page name redirect.php. Another easy way is by looking into the page source and take a look at the html code like this
form name="login_form" method="post" action="redirect.php"

since the Squirelmail have no complicated login system , it would be enough for us using the view source menu, but in another case, on a more complex login system, you might need burpsuite to help you out.

resp = opener.open('http://mail.akakom/src/compose.php?mailbox=INBOX&startMessage=1')
data = resp.read()

Next I try to open the compose menu and grab the page then save it into a variable called data. So, now I have a full html page source from compose page inside the data variable.

soup = BeautifulSoup(data)

tokenId = soup.find('input')
 value = tokenId['value']

Squirelmail has a unique delivery system. Its using a token (unique) every time the user send a mail. Since this thing generated randomly , we need to catch the token every time we want to send an email. Using the BeautifulSoup library, I’m trying to catch the token. So every time the page generate the token, I also could read it and send it to the mail system through the urlencode data. We can knew this by using burpsuite.

email_data = urllib.urlencode({'smtoken' : value, 'send_to' : kepada, 'subject' : judul, 'body' : isi,'username' : username, 'smaction' : tek, 'send' : "Kirim"})

opener.open('http://mail.akakom/src/compose.php',email_data)

now I try to send all the data already collected. If you notice, there is a variable named smaction inside the data. Squirelmail using smaction to identify the type of composed mail, whether it is a new one or reply one.If the variable set empty or ” then the system will read it as a new mail, if you type ‘reply’ then the system will mark it as a replied message. Then using urllib2 which already save the cookie, I try to send the data through the compose.php page. That’s all, when I tried to run the application, it successfully send the data into my gmail account. Now the interesting part is to send data from mySQL server.

With SQL queries

Now lets get into the sql one. To make Python read the data from MySQL server, we need to use mysqldb library. Since I’m using Ubuntu , what I need to is apt-get python-mysqldb :). OK, here are the full code

import MySQLdb, urllib, urllib2, cookielib, re
from stripogram import html2text
 from BeautifulSoup import BeautifulSoup
username = 'username'
 password = 'pass123'
 judul = 'Query SQL Server'
 tek = ''

conn = MySQLdb.connect (host = "localhost",
                            user = "root",
                            passwd = "pass123",
                            db = "test")
 cursor = conn.cursor ()

cursor.execute ("SELECT dari, kepada, isi, status FROM email WHERE status = '1'")
 rows = cursor.fetchall ()
 for row in rows:
         kepada = row[1]
         isi = row[2]

cj = cookielib.CookieJar()
 opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
 login_data = urllib.urlencode(<span style="font-size: small;">{'login_username' : username, 'secretkey' : password})
 opener.open('http://mail.akakom/src/redirect.php', login_data)
 resp = opener.open('http://mail.akakom/src/compose.php?mailbox=INBOX&startMessage=1')
 data = resp.read()
 soup = BeautifulSoup(data)
 tokenId = soup.find('input')
 value = tokenId['value']
 email_data = urllib.urlencode({'smtoken' : value, 'send_to' : kepada, 'subject' : judul, 'body' : isi,'username' : username, 'smaction' : tek, 'send' : 'Kirim'})
 opener.open('http://mail.akakom/src/compose.php',email_data)

print "%s, %s, %s, %s" % (row[0], row[1], row[2], row[3])
 print "Jumlah data: %d" % cursor.rowcount
 cursor.close ()
 conn.close ()

The one I highlighted is the syntax which relate with the MySQL queries, while the others is the same code already explain previously.The program will query the data from MySQL server the send it into the local variable. Using for statement I try to read all the data inside the database, row by row. More information about how using MySQldb in Python , please refer to this page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Spentera

We are specializing in penetration test, vulnerability assessment, computer forensics, as well as intrusion analyst and malware analysis. Customers can contact us directly at contact[at]spentera[dot]id, or use Contact Our Team menu on the sidebar.