5. Why Python?
Easy to learn
Easy to use
Clean syntax and code readability
Rich set of libraries
Tons of tools already written
Rapid prototyping – POC ( proof on concept )
6. Why Python?
Easy to learn
Easy to use
Clean syntax and code readability
Rich set of libraries
Tons of tools already written
Rapid prototyping – POC ( proof on concept )
7. Why Python?
Easy to learn
Easy to use
Clean syntax and code readability
Rich set of libraries
Tons of tools already written
Rapid prototyping – POC ( proof on concept )
8. Why Python?
Easy to learn
Easy to use
Clean syntax and code readability
Rich set of libraries
Tons of tools already written
Rapid prototyping – POC ( proof on concept )
9. Why Python?
Easy to learn
Easy to use
Clean syntax and code readability
Rich set of libraries
Tons of tools already written
Rapid prototyping – POC ( proof on concept )
10. Why Python?
Easy to learn
Easy to use
Clean syntax and code readability
Rich set of libraries
Tons of tools already written
Rapid prototyping – POC ( proof on concept )
11. Who is using Python
Core Impact – Comprehensive penetration testing solution
Immunity CANVAS – Exploit development framework
W3AF – Web Application Attack and Audit Framework
Sqlmap – Automatic SQL injection tool
Immunity Debugger – Powerful Debugger
Peach – Fuzzer
Sulley – Fully automated and unattended fuzzing framework
Paimei – Reverse engineering framework
Scapy – Packet manipulation tool
18. ECHO Server
import socket
tcp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,
1)
tcp_socket.bind(('127.0.0.1', 8000))
tcp_socket.listen(2)
print 'Waiting for client ...'
(client, (ip, port)) = tcp_socket.accept()
print 'Revived connection from : ', ip
print 'Starting ECHO output...'
data = 'dummy'
while len(data):
data = client.recv(2048)
print 'Client send : ', data
client.send(data)
client.close()
19. Client
import socket
import sys
if len(sys.argv) < 3 :
print 'Please Enter address and port'
sys.exit()
tcp_socket = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
tcp_socket.connect((sys.argv[1], int(sys.argv[2])))
while True:
userInput = raw_input('Please Enter a Message! : ')
tcp_socket.send(userInput)
print 'Server Send back : ' +
str(tcp_socket.recv(2048))
tcp_socket.close()
20. -----Client----python client.py 127.0.0.1 8000
Please Enter a Message! : Salam
Server Send back : Salam
Please Enter a Message! : WELCOME TO PYCON 2013!
Server Send back : WELCOME TO PYCON 2013!
Please Enter a Message! :
-----Server----Waiting for client ...
Revived connection from : 127.0.0.1
Starting ECHO output...
Client send : Salam
Client send : WELCOME TO PYCON 2013!
Client send :
Closing Connection
21. SocketServer Framework
• Framework in Python to create TCP and UDP servers
• Does all the basic steps for you in the background
• Comes in handy if you want to create a server to lure a
client and
• analyze its behavior
22. SocketServer Framework
import SocketServer
class EchoHandler(SocketServer.BaseRequestHandler):
def handle(self):
print 'Got Connection from : ', self.client_address
data = 'dummy'
while len(data):
data = self.request.recv(1024)
print 'Client sent :' + data
self.request.send(data)
print 'client left‘
server_address = ('127.0.0.1', 9050)
server = SocketServer.TCPServer(server_address, EchoHandler)
server.serve_forever()
26. Packet Injection with Raw Sockets
import socket
import struct
rawSocket = socket.socket(socket.PF_PACKET,
socket.SOCK_RAW,
socket.htons(0x800))
rawSocket.bind(('wlan0', socket.htons(0x800)))
packet = struct.pack('!6s6s2s',
'xaaxaaxaaxaaxaaxaa',
'xbbxbbxbbxbbxbbxbb' , 'x08x00')
rawSocket.send(packet + 'Welcome to PYCON')
27. Scapy
• Interactive packet manipulation tool
• Forge or decode packets
• Wide number of protocols
• Send Packet on the wire
• Capture Packet
• Match requests and replies
28. Scapy
reza@kamalifard$ sudo scapy
WARNING: No route found for IPv6 destination :: (no
default route?)
Welcome to Scapy (2.2.0)
>>>ls()
ARP : ARP
DHCP : DHCP options
DNS : DNS
GPRS : GPRSdummy
L2TP : None
PPPoE : PPP over Ethernet
[...]
29. Sniff
>>> p = sniff(count = 5)
>>> p
<Sniffed: TCP:5 UDP:0 ICMP:0 Other:0>
>>> p.show()
0000
0001
0002
0003
0004
>>>
Ether
Ether
Ether
Ether
Ether
/
/
/
/
/
IP
IP
IP
IP
IP
/
/
/
/
/
TCP
TCP
TCP
TCP
TCP
46.165.248.173:4948 > 192.168.1.2:47981 PA/ Raw
192.168.1.2:47981 > 46.165.248.173:4948 A
127.0.0.1:mmcc > 127.0.0.1:48852 PA / Raw
127.0.0.1:mmcc > 127.0.0.1:48852 PA / Raw
127.0.0.1:48852 > 127.0.0.1:mmcc A
41. >>> ?
>>> print contact_me
Mohammad Reza Kamalifard
Kamalifard@datasec.ir
http://www.linkedin.com/in/itmard
My Python Courses :
http://www.webamooz.ir/home/courses/python-for-ethicalhackers-1/
http://www.webamooz.ir/home/courses/python-for-ethicalhackers-2/
42. This work is product of DataSec Middle East(Ammniat Dadehaa Khavare miane) and licensed
under the Creative Commons Attribution-NoDerivs 3.0 Unported License.
Copyright 2013 Mohammad Reza Kamalifard
All rights reserved.
http://kamalifard.ir
http://www.webamooz.ir/home/courses/python-for-ethical-hackers-1/
http://www.webamooz.ir/home/courses/python-for-ethical-hackers-2/