Kind of an interesting request that took a little bit of manipulation to get what I wanted.  Essentially, we're calling for a directory listing and we want to export that listing into a CSV file.  But we want to remove the directory path in order to get just the filenames.  In addition, instead of explicitly calling the username, I'm using the system variable.  This way, the working folder can be moved and reused on another profile or machine.  I'm also using the system date in the filename to keep the filename unique.  I'm using a .txt file because I'm lazy and I couldn't figure out how to do it in one line.  

Read more: PowerShell Directory Listing CSV Export

Sort of an odd one, I'm not exactly sure why though.  I wrote this up to exploit an LFI vulnerability in the Localize My Post plugin for WordPress.  You populate the path.txt file with your typical goodies:  /etc/passwd, /etc/hosts, etc.  Each on their own line, of course.  I also included /var/www/html/wp-config.php but for some reason, it wouldn't grab it.  I thought it was some sort of protection mechanism but as I looked around, including in the apache log file, it was getting 200 OK.  I move the file into /etc/ and it works but in place or in /tmp, no luck.  Regardless, it still grabs l00t just change the IP address.  You can just as easily use curl as well -- it's just a bit quicker if you're trying to grab multiple files at once.  

Read more: Python Script: CVE 2018-16299

I was working on a project and while looking at the randint function, I suddenly thought about blackjack.  It makes sense -- you have a function, randint, that generates a random number.  So I open a terminal and after a little side deviation, I'm generating a couple of cards.  I realize a few things I'm missing and I build it out a bit further.  Then even further.  Each time realizing that there's more to this little game project than I had anticipated.  I finally decide to stop at this version you see below.

There are a couple of things to note here -- first, my dealer cheats.  That's intentional.  The second thing to note is that I didn't take into account that an Ace can be worth one or 11.  I could go back in an assign values to variables but then this would grow further and that wasn't really my point.  

As always, my Python is pretty weak so don't critique me.  I don't use it for much other than single functions hence the very small hacky scripts you see here.  One day I'll build something... one day...

Read more: Python Script: Blackjack

I tried writing this with fewer lines of code using a list of passwords and another attempt with IGNORECASE but neither worked or worked with 100% accuracy.  Rather than spin my wheels, I just went this route with elif.  

We're recursively searching inside of Word docx files for either:  password, Password, or PASSWORD

When we get a match, we print the document location and the line containing our string match. 

Storing passwords in a Word document is a bad practice -- this script shows you why it's a bad practice and why you should use a password manager.

#!/usr/bin/python
import os
import re
import docx
document_list = []
for path, subdirs, files in os.walk(r"./"):
    for name in files:
        if os.path.splitext(os.path.join(path, name))[1] == ".docx":
            document_list.append(os.path.join(path, name))
for document_path in document_list:
    document = docx.Document(document_path)
    for paragraph in document.paragraphs:
        if "password" in paragraph.text:
            print(document_path+':'+paragraph.text)
        elif "Password" in paragraph.text:
            print(document_path+':'+paragraph.text)
        elif "PASSWORD" in paragraph.text:
            print(document_path+':'+paragraph.text)