Thursday, September 27, 2012

Be Safe...well at least try

I wanted to do this post after I saw a video on the Internet. The video shows just how much information there is about an individual and how it can used. It reminds me of my very first post and the article I wanted to make.  I wanted to explain that the threat of computer hacking is real and you should protect yourself "THE BEST YOU CAN".  I understand it can be daunting, but to completely ignore the threats is foolish.  You cannot just put your head in the sand.  I try to tell people that you should try your best to protect yourself.  The first thing that is asked, how do I do that?  Well, to begin, realize that you can guard your laptop/computer/yourself like Fort Knox and still get hacked.  People will relax in their protection, like leave their laptop unlocked/unguarded or execute the wrong file.  It is what it is.  However, you still want to make it as hard as you possibly can.  I made a list of do's and don't's from my experiences and articles on the Internet.

1. Create safe passwords which have significant length and are not from the dictionary.
2. Do not overuse passwords.
3.  Limit whatever information you can from the Internet (Facebook, Twitter, MySpace, Google+, LinkedIn, Flickr, Instagram, etc)
4. Update/patch your OS, antivirus and software applications as often as possible. (Come on, patch ms08-067)
5.  Keep your firewall on especially when you have your computer on someone else's network.
6.  Check your URL's! Ensure that the website you are logging into begins with "HTTPS://" (SSL)!!
7.  In addition, if you have the "HTTPS://" connection, but it is showing an untrusted certificate warning, do not log into the site without getting confirmation that it is safe to use.
8.  Do not download/execute files from untrusted websites!
9.  Do not open emails from unknown sources and DO NOT execute any files in the emails. 
10.  Lastly, make sure you have a strong, complex password on your home wireless network if you are using a pre-shared key and use WPA2 encryption level.
11. MAKE SURE YOUR KIDS READ 1- 10.  Just saying. 

If you still believe it never happens or it never affects anyone, ask TJ Maxx.  45 million credit cards and about 2 million dollars.  Or ask Barry Covert who had federal agents pointing guns at him in his own house.  It was all due to weak wireless practices.  You can believe that it rarely happens but is it worth it to not protect yourself as best you can. 

I do not want this to seem like a rant or a FUD but I just want to show what has happened once vulnerabilities have been exploited.  I am just hoping that this post can help someone avoid the threats that are out there. 










CREDIT:

http://www.wikihow.com/Be-Safe-on-the-Internet
http://www.stuff.co.nz/technology/digital-living/4927236/Wrongly-accused-of-porn-after-wifi-hacked
http://o.seattletimes.nwsource.com/html/nationworld/2014867387_wifi25.html
http://arstechnica.com/tech-policy/2011/04/fbi-child-porn-raid-a-strong-argument-for-locking-down-wifi-networks/
http://www.schneier.com/blog/archives/2011/04/security_risks_7.html
http://news.cnet.com/8301-13578_3-20001207-38.html

Monday, September 24, 2012

Education: HackingDojo

It has been a while since my last post as usual.  I have been working on getting my CCNA, but I am dealing with so many vendors/projects/work that I may have to do that at the end of the year.  It has been a good journey since I set up the CCNA hardware.  Next, I took the VMware ESXi course which was a fun experience.  I saw the benefit of storage vmotion which is awesome when you want to clean up your virtual machines that are on local disk of your ESX/ESXi servers.  However, you have to have the full license (ENTERPRISE) in order to use it.  Very expensive in my opinion but it is worth it.  VMware is a great company even though they have little Linux (Workstation) support. 

Next, I signed up to the HackingDojo by Thomas Wilhelm.  You can sign up for 150 dollars a month.  I think they have added a subscription where you can pay about 1000-1200 dollars for a lifetime subscription.  I subscribed for two months to keep myself sharp on my offensive skills.  I really liked the course and I think given enough time, it will be one of the best courses out there.   A little rundown of the course is that you have a 6 levels that you must reach.  You can start wherever you would like but I started at the Shodan level which is basically the 2nd level.  In order to advance to the next level you must pass an exam.   You are given about 48-hours to pass the exam.  You can schedule an attempt for the next level at any time.  However, I would suggest (and so would Thomas) that you look at the videos and read the forums to learn the lessons of the current level.  In addition to the videos, you were able to skype with a teacher who is highly qualified so he/she can answer questions and further explain any lessons you have trouble with.  Also, they would answer any personal questions you had such as career questions and suggestions.  Very helpful in my opinion.  I had a lot of experience already in a lot of the topics since I have already passed the OSCP, OSCE and GPEN courses.  However, the topic of password attacking (local and remote) was definitely an eye opener.  I thought I had a grasp however, as usual there are most aspects to learn.  It was actually stated on one my favorite sites, EthicalHacker.Net.  The url is "http://www.ethicalhacker.net/content/view/341/2/".  The short of it is that when you have hashed passwords that you want to crack, you have to take into account that you may be dealing with a password that was encoded in base64 instead of unicode before it was hashed.  

It seems that you run into that situation when you have passwords with special characters since it is based on words from different countries ( Japan, Germany, France, China, Africa, etc).  The special characters may sometimes be change to base64 substitution and then, hashed into SHA-1 or SHA384, SHA512, MD5, DES, 3DES, etc.  There is no way to tell if it was a base64 or unicode used in the hash so you have to try both.  Of course, Thomas has his students do homework assignments.  He gave a list of hashes to break and he gave you hints of the password origins such as  Germany or Africa.  I struggled a while until I setup a couple of scripts that converted wordlists I found from the Internet. 



Wordlists:
http://www.cotse.com/tools/wordlists1.htm
http://www.cotse.com/tools/wordlists2.htm
http://g0tmi1k.blogspot.gr/2011/06/dictionaries-wordlists.html?m=1
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.dicts.info/uddl.php
http://www.isdpodcast.com/resources/62k-common-passwords/
http://packetstormsecurity.org/Crackers/wordlists/

There are more wordlists on the Internet of course but I just wanted to list a few urls as examples.   Once you have collected relevant wordlists, you need to convert the words with special characters to UNICODE and BASE64.  Depending on the length of your wordlists, it will usually take a while.  Once that is done, you have to use the new "converted" wordlists against the given hashes.  You can use JTR [John the Ripper (http://www.openwall.com/john/)] or even use your own coding to test against the hashes.   In addition, to help with the wordlists, you can use programs such as cewl (http://www.digininja.org/projects/cewl.php) and rsmangler (http://www.digininja.org/projects/rsmangler.php).  I had the most success using the "cewl" tool.  It was very effective for me but I invite you to check it out for yourself. 

I also learned more about passive information gathering.  There is a lot of information about a person, group or organization on the Internet that you can find for free or a small fee.  The best tool for this kind of recon work is of course Google.  You can actually search a web cached version of a website which is helpful if you have a scope that limits your interaction with a target website.  You can use it with the url: "http://webcache.googleusercontent.com/search?q=cache:www.testtargetsite.com".  You can also use the "wayback" site: "http://archive.org/web/web.php" to find older versions of the target site if it is available.  These are some of the sites I used to find information on targets:

https://www.google.com
http://www.zabasearch.com/
http://www.dogpile.com/
http://www.zoominfo.com/
http://www.spokeo.com/
http://www.alexa.com/
http://www.zoominfo.com/


Again, there are more sites to use but I had success with those sites.  In conclusion, I have to say, the HackingDojo is a course to take if you want to learn more about hacking and penetration testing.  I was very happy with the course and I learned a lot.  I wanted to take a pause from the course, so I can sharpen my python skills.  I want to take the course from SecurityTube: "http://securitytube-training.com/certifications/securitytube-python-scripting-expert/".  It looks like I will be a better python programmer after taking a course like that.  I will try to provide info once I have started the course.  Till next time.  Oh, here are the conversion scripts.  I am sure there are better ways to script these, but again, I am a work in progress. 

Conversion Scripts

#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
# Name:          splitdictionary.py                                                                                                                    
# Original Author:        Agoonie                                                                                                                          
# The script is to pull dictionaries and grab words. Then, it converts the words to base64 if they have special character entities...           
# Created:       08/25/2012                                                                                                                               
# Last Edited:   08292012                                                                                                                               
# Version Num:   1                                                                                                                                         
# Requirements:  Written and tested in Python 2.65                                                                                    
#   CREDIT:                                                                                                                   
#      I used information from all of the following:                                                                                   
#      Author: J-rock                                                                                                             
#      J-rock Script:  base64_to_text.py                                                                                                                      
#      gomputor.wordpress.com/2008/09/27/search-replace-multiple-words-or-characters-with-python/                                       
#      http://wiki.webz.cz/dict/                                                                                                   
#      http://www.dicts.info/uddl.php                                                                                               
#      stackoverflow.com/questions/6116978/python-replace-multiple-strings                                                            
#      docs.python.org/library/stdtypes.html                                                                                       
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
'''

import re,string
import os,sys
import os.path

codes = {'"': '&#34;', '&': '&#38;', '<': '&#60;', '>': '&#62;',
                '¡': '&#161;', '¢': '&#162;', '£': '&#163;', '¤': '&#164;',
                '¥': '&#165;', '¦': '&#166;', '§': '&#167;', '¨': '&#168;',
                '©': '&#169;', 'ª': '&#170;', '«': '&#171;', '¬': '&#172;',
                '­': '&#173;', '®': '&#174;', '¯': '&#175;', '°': '&#176;',
                '±': '&#177;', '²': '&#178;', '³': '&#179;', '´': '&#180;',
                'µ': '&#181;', '¶': '&#182;', '·': '&#183;', '¸': '&#184;',
                '¹': '&#185;', 'º': '&#186;', '»': '&#187;', '¼': '&#188;',
                '½': '&#189;', '¾': '&#190;', '¿': '&#191;', 'À': '&#192;',
                'Á': '&#193;', 'Â': '&#194;', 'Ã': '&#195;', 'Ä': '&#196;',
                'Å': '&#197;', 'Æ': '&#198;', 'Ç': '&#199;', 'È': '&#200;',
                'É': '&#201;', 'Ê': '&#202;', 'Ë': '&#203;', 'Ì': '&#204;',
                'Í': '&#205;', 'Î': '&#206;', 'Ï': '&#207;', 'Ð': '&#208;',
                'Ñ': '&#209;', 'Ò': '&#210;', 'Ó': '&#211;', 'Ô': '&#212;',
                'Õ': '&#213;', 'Ö': '&#214;', '×': '&#215;', 'Ø': '&#216;',
                'Ù': '&#217;', 'Ú': '&#218;', 'Û': '&#219;', 'Ü': '&#220;',
                'Ý': '&#221;', 'Þ': '&#222;', 'ß': '&#223;', 'à': '&#224;',
                'á': '&#225;', 'â': '&#226;', 'ã': '&#227;', 'ä': '&#228;',
                'å': '&#229;', 'æ': '&#230;', 'ç': '&#231;', 'è': '&#232;',
                'é': '&#233;', 'ê': '&#234;', 'ë': '&#235;', 'ì': '&#236;',
                'í': '&#237;', 'î': '&#238;', 'ï': '&#239;', 'ð': '&#240;',
                'ñ': '&#241;', 'ò': '&#242;', 'ó': '&#243;', 'ô': '&#244;',
                'õ': '&#245;', 'ö': '&#246;', '÷': '&#247;', 'ø': '&#248;',
                'ù': '&#249;', 'ú': '&#250;', 'û': '&#251;', 'ü': '&#252;',
                'ý': '&#253;', 'þ': '&#254;', 'ÿ': '&#255;', 'Œ': '&#338;',
                'œ': '&#339;', 'Š': '&#352;', 'š': '&#353;', 'Ÿ': '&#376;',
                'ƒ': '&#402;', 'ˆ': '&#710;', '˜': '&#732;', 'Α': '&#913;',
                'Β': '&#914;', 'Γ': '&#915;', 'Δ': '&#916;', 'Ε': '&#917;',
                'Ζ': '&#918;', 'Η': '&#919;', 'Θ': '&#920;', 'Ι': '&#921;',
                'Κ': '&#922;', 'Λ': '&#923;', 'Μ': '&#924;', 'Ν': '&#925;',
                'Ξ': '&#926;', 'Ο': '&#927;', 'Π': '&#928;', 'Ρ': '&#929;',
                'Σ': '&#931;', 'Τ': '&#932;', 'Υ': '&#933;', 'Φ': '&#934;',
                'Χ': '&#935;', 'Ψ': '&#936;', 'Ω': '&#937;', 'α': '&#945;',
                'β': '&#946;', 'γ': '&#947;', 'δ': '&#948;', 'ε': '&#949;',
                'ζ': '&#950;', 'η': '&#951;', 'θ': '&#952;', 'ι': '&#953;',
                'κ': '&#954;', 'λ': '&#955;', 'μ': '&#956;', 'ν': '&#957;',
                'ξ': '&#958;', 'ο': '&#959;', 'π': '&#960;', 'ρ': '&#961;',
                'ς': '&#962;', 'σ': '&#963;', 'τ': '&#964;', 'υ': '&#965;',
                'φ': '&#966;', 'χ': '&#967;', 'ψ': '&#968;', 'ω': '&#969;',
                'ϑ': '&#977;', 'ϒ': '&#978;', 'ϖ': '&#982;', '–': '&#8211;',
                '—': '&#8212;', '‘': '&#8216;', '’': '&#8217;', '‚': '&#8218;',
                '“': '&#8220;', '”': '&#8221;', '„': '&#8222;', '†': '&#8224;',
                '‡': '&#8225;', '•': '&#8226;', '…': '&#8230;', '‰': '&#8240;',
                '′': '&#8242;', '″': '&#8243;', '‹': '&#8249;', '›': '&#8250;',
                '‾': '&#8254;', '⁄': '&#8260;', '€': '&#8364;', 'ℑ': '&#8465;',
                '℘': '&#8472;', 'ℜ': '&#8476;', '™': '&#8482;', 'ℵ': '&#8501;',
                '←': '&#8592;', '↑': '&#8593;', '→': '&#8594;', '↓': '&#8595;',
                '↔': '&#8596;', '↵': '&#8629;', '⇐': '&#8656;', '⇑': '&#8657;',
                '⇒': '&#8658;', '⇓': '&#8659;', '⇔': '&#8660;', '∀': '&#8704;',
                '∂': '&#8706;', '∃': '&#8707;', '∅': '&#8709;', '∇': '&#8711;',
                '∈': '&#8712;', '∉': '&#8713;', '∋': '&#8715;', '∏': '&#8719;',
                '∑': '&#8721;', '−': '&#8722;', '∗': '&#8727;', '√': '&#8730;',
                '∝': '&#8733;', '∞': '&#8734;', '∠': '&#8736;', '∧': '&#8743;',
                '∨': '&#8744;', '∩': '&#8745;', '∪': '&#8746;', '∫': '&#8747;',
                '∴': '&#8756;', '∼': '&#8764;', '≅': '&#8773;', '≈': '&#8776;',
               '≠': '&#8800;', '≡': '&#8801;', '≤': '&#8804;', '≥': '&#8805;',
                '⊂': '&#8834;', '⊃': '&#8835;', '⊄': '&#8836;', '⊆': '&#8838;',
                '⊇': '&#8839;', '⊕': '&#8853;', '⊗': '&#8855;', '⊥': '&#8869;',
                '⋅': '&#8901;', '⌈': '&#8968;', '⌉': '&#8969;', '⌊': '&#8970;',
                '⌋': '&#8971;', '〈': '&#9001;', '〉': '&#9002;'}

def replace_all(text,dic):
    for k,v in dic.items():
        text = text.replace(k,v)
    return text

if len(sys.argv) != 3:
    print "[+] Usage: ./filename [wordlist-to-split] [newwordlist]"
    sys.exit(1)

wordlist= sys.argv[1]
finallist = sys.argv[2]
mywordlist = []
finalwordlist = []

if os.path.exists(wordlist):
    print "I have found your wordlist!\n\n" + wordlist + "\n\n"
    file = open(wordlist,'r').read()
    words = re.split(r'[\t,\n,\s]', file)
    for word in words:
        mywordlist.append(word)
else:
    print "I cannot find the file! "

mywordlist = list(set(mywordlist))
mywordlist.sort()

filename = "tempname.txt"
f = open(filename,'w')
f.write("\n".join(mywordlist))
f.close

akey =[]
for key,value in codes.iteritems():
    akey.append(key)

for line in mywordlist:
    finalwordlist.append(replace_all(line,codes))
    for char in akey:
        if char in line:
            finalwordlist.append(line)

finalwordlist = list(set(finalwordlist))
finalwordlist.sort()
g = open(finallist,'w')
g.write("\n".join(finalwordlist))
g.close

os.remove("tempname.txt")
print "Your new file is done and it is called " + finallist



#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
# Name:          splitdictionary.py                                                                                                                    
# Original Author:        Agoonie                                                                                                                          
# The script is to pull dictionaries, grab words from docs in a directory. Then, it converts the words to base64 if they have special character entities...           
# Created:       08/25/2012                                                                                                                               
# Last Edited:   08292012                                                                                                                               
# Version Num:   1                                                                                                                                         
# Requirements:  Written and tested in Python 2.65                                                                                    
#   CREDIT:                                                                                                                   
#      I used information from all of the following:                                                                                   
#      Author: J-rock                                                                                                             
#      J-rock Script:  base64_to_text.py                                                                                                                      
#      gomputor.wordpress.com/2008/09/27/search-replace-multiple-words-or-characters-with-python/                                       
#      http://wiki.webz.cz/dict/                                                                                                   
#      http://www.dicts.info/uddl.php                                                                                               
#      stackoverflow.com/questions/6116978/python-replace-multiple-strings                                                            
#      docs.python.org/library/stdtypes.html                                                                                       
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
'''

import re,string
import os,sys
import os.path
import glob

codes = {'"': '&#34;', '&': '&#38;', '<': '&#60;', '>': '&#62;',
                '¡': '&#161;', '¢': '&#162;', '£': '&#163;', '¤': '&#164;',
                '¥': '&#165;', '¦': '&#166;', '§': '&#167;', '¨': '&#168;',
                '©': '&#169;', 'ª': '&#170;', '«': '&#171;', '¬': '&#172;',
                '­': '&#173;', '®': '&#174;', '¯': '&#175;', '°': '&#176;',
                '±': '&#177;', '²': '&#178;', '³': '&#179;', '´': '&#180;',
                'µ': '&#181;', '¶': '&#182;', '·': '&#183;', '¸': '&#184;',
                '¹': '&#185;', 'º': '&#186;', '»': '&#187;', '¼': '&#188;',
                '½': '&#189;', '¾': '&#190;', '¿': '&#191;', 'À': '&#192;',
                'Á': '&#193;', 'Â': '&#194;', 'Ã': '&#195;', 'Ä': '&#196;',
                'Å': '&#197;', 'Æ': '&#198;', 'Ç': '&#199;', 'È': '&#200;',
                'É': '&#201;', 'Ê': '&#202;', 'Ë': '&#203;', 'Ì': '&#204;',
                'Í': '&#205;', 'Î': '&#206;', 'Ï': '&#207;', 'Ð': '&#208;',
                'Ñ': '&#209;', 'Ò': '&#210;', 'Ó': '&#211;', 'Ô': '&#212;',
                'Õ': '&#213;', 'Ö': '&#214;', '×': '&#215;', 'Ø': '&#216;',
                'Ù': '&#217;', 'Ú': '&#218;', 'Û': '&#219;', 'Ü': '&#220;',
                'Ý': '&#221;', 'Þ': '&#222;', 'ß': '&#223;', 'à': '&#224;',
                'á': '&#225;', 'â': '&#226;', 'ã': '&#227;', 'ä': '&#228;',
                'å': '&#229;', 'æ': '&#230;', 'ç': '&#231;', 'è': '&#232;',
                'é': '&#233;', 'ê': '&#234;', 'ë': '&#235;', 'ì': '&#236;',
                'í': '&#237;', 'î': '&#238;', 'ï': '&#239;', 'ð': '&#240;',
                'ñ': '&#241;', 'ò': '&#242;', 'ó': '&#243;', 'ô': '&#244;',
                'õ': '&#245;', 'ö': '&#246;', '÷': '&#247;', 'ø': '&#248;',
                'ù': '&#249;', 'ú': '&#250;', 'û': '&#251;', 'ü': '&#252;',
                'ý': '&#253;', 'þ': '&#254;', 'ÿ': '&#255;', 'Œ': '&#338;',
                'œ': '&#339;', 'Š': '&#352;', 'š': '&#353;', 'Ÿ': '&#376;',
                'ƒ': '&#402;', 'ˆ': '&#710;', '˜': '&#732;', 'Α': '&#913;',
                'Β': '&#914;', 'Γ': '&#915;', 'Δ': '&#916;', 'Ε': '&#917;',
                'Ζ': '&#918;', 'Η': '&#919;', 'Θ': '&#920;', 'Ι': '&#921;',
                'Κ': '&#922;', 'Λ': '&#923;', 'Μ': '&#924;', 'Ν': '&#925;',
                'Ξ': '&#926;', 'Ο': '&#927;', 'Π': '&#928;', 'Ρ': '&#929;',
                'Σ': '&#931;', 'Τ': '&#932;', 'Υ': '&#933;', 'Φ': '&#934;',
                'Χ': '&#935;', 'Ψ': '&#936;', 'Ω': '&#937;', 'α': '&#945;',
                'β': '&#946;', 'γ': '&#947;', 'δ': '&#948;', 'ε': '&#949;',
                'ζ': '&#950;', 'η': '&#951;', 'θ': '&#952;', 'ι': '&#953;',
                'κ': '&#954;', 'λ': '&#955;', 'μ': '&#956;', 'ν': '&#957;',
                'ξ': '&#958;', 'ο': '&#959;', 'π': '&#960;', 'ρ': '&#961;',
                'ς': '&#962;', 'σ': '&#963;', 'τ': '&#964;', 'υ': '&#965;',
                'φ': '&#966;', 'χ': '&#967;', 'ψ': '&#968;', 'ω': '&#969;',
                'ϑ': '&#977;', 'ϒ': '&#978;', 'ϖ': '&#982;', '–': '&#8211;',
                '—': '&#8212;', '‘': '&#8216;', '’': '&#8217;', '‚': '&#8218;',
                '“': '&#8220;', '”': '&#8221;', '„': '&#8222;', '†': '&#8224;',
                '‡': '&#8225;', '•': '&#8226;', '…': '&#8230;', '‰': '&#8240;',
                '′': '&#8242;', '″': '&#8243;', '‹': '&#8249;', '›': '&#8250;',
                '‾': '&#8254;', '⁄': '&#8260;', '€': '&#8364;', 'ℑ': '&#8465;',
                '℘': '&#8472;', 'ℜ': '&#8476;', '™': '&#8482;', 'ℵ': '&#8501;',
                '←': '&#8592;', '↑': '&#8593;', '→': '&#8594;', '↓': '&#8595;',
                '↔': '&#8596;', '↵': '&#8629;', '⇐': '&#8656;', '⇑': '&#8657;',
                '⇒': '&#8658;', '⇓': '&#8659;', '⇔': '&#8660;', '∀': '&#8704;',
                '∂': '&#8706;', '∃': '&#8707;', '∅': '&#8709;', '∇': '&#8711;',
                '∈': '&#8712;', '∉': '&#8713;', '∋': '&#8715;', '∏': '&#8719;',
                '∑': '&#8721;', '−': '&#8722;', '∗': '&#8727;', '√': '&#8730;',
                '∝': '&#8733;', '∞': '&#8734;', '∠': '&#8736;', '∧': '&#8743;',
                '∨': '&#8744;', '∩': '&#8745;', '∪': '&#8746;', '∫': '&#8747;',
                '∴': '&#8756;', '∼': '&#8764;', '≅': '&#8773;', '≈': '&#8776;',
               '≠': '&#8800;', '≡': '&#8801;', '≤': '&#8804;', '≥': '&#8805;',
                '⊂': '&#8834;', '⊃': '&#8835;', '⊄': '&#8836;', '⊆': '&#8838;',
                '⊇': '&#8839;', '⊕': '&#8853;', '⊗': '&#8855;', '⊥': '&#8869;',
                '⋅': '&#8901;', '⌈': '&#8968;', '⌉': '&#8969;', '⌊': '&#8970;',
                '⌋': '&#8971;', '〈': '&#9001;', '〉': '&#9002;'}

def replace_all(text,dic):
    for k,v in dic.items():
        text = text.replace(k,v)
    return text

if len(sys.argv) != 2:
    print "[+] Usage: ./filename directory"
    sys.exit(1)

path = sys.argv[1]
mywordlist = []
finalwordlist = []

for wordlist in glob.glob(os.path.join(path,'*.txt')):
    file = open(wordlist,'r').read()
    words = re.split(r'[\t,\n,\s]', file)
    for word in words:
        mywordlist.append(word)
    (filepath, ffilename) = os.path.split(wordlist)
    finallist = "c_"+ffilename
    mywordlist = list(set(mywordlist))
    mywordlist.sort()
    filename = "tempname.txt"
    f = open(filename,'w')
    f.write("\n".join(mywordlist))
    f.close
    akey =[]
    for key,value in codes.iteritems():
            akey.append(key)
    for line in mywordlist:
        finalwordlist.append(replace_all(line,codes))
        for char in akey:
            if char in line:
                finalwordlist.append(line)
    finalwordlist = list(set(finalwordlist))
    finalwordlist.sort()
    g = open(finallist,'w')
    g.write("\n".join(finalwordlist))
    g.close
    os.remove("tempname.txt")
    print "Your new file is done and it is called " + finallist