• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Overview of python   misec - 2-2012
 

Overview of python misec - 2-2012

on

  • 1,104 views

 

Statistics

Views

Total Views
1,104
Views on SlideShare
832
Embed Views
272

Actions

Likes
0
Downloads
9
Comments
0

2 Embeds 272

http://tazdrumm3r.wordpress.com 271
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Overview of python   misec - 2-2012 Overview of python misec - 2-2012 Presentation Transcript

    • Overview of Python Flying made simple without the Nyquil hangover
    • Agenda• About me• History of Python• About Python• Python’s uses• Python basics (Python 101)• CSAW Crypto Redux• Extra credit• Resources• Tips, tricks, observations
    • About meWho am I?• Husband/father/geek/gets distracted by shiny objects easy• Career path switched to IT in 1999, professionally an IT guy since 2001 – Started the infosec career path switch in 2009, officially an infosec professional since 2012(?)• Vbscript – 2007• Python – 2011
    • History of Python• Conceived in the late 1980’s by Guido van Rossum at CWI. • Was designed to be a successor to the ABC programming language • Benevolent Dictator for Life (BDFL) • Currently employed by Google where he spends half his time working on Python development• Python 2.0 was release on October 16th, 2000 • Contained many major new features • Full garbage collector (automatic memory management) • Unicode support • Biggest change – development process with a shift towards more transparent and community-backed process• Python 3.0 was released on December 2008 • Many major features have been back ported to Python 2.6 and 2.7
    • About Python• What is Python? • Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive. Its use of indentation for block delimiters is unique among popular programming languages.• Why is it called Python? • When he began implementing Python, Guido van Rossum was also reading the published scripts from “Monty Python’s Flying Circus”, a BBC comedy series from the 1970s. Van Rossum thought he needed a name that was short, unique, and slightly mysterious, so he decided to call the language Python. • Fun fact - The built in IDE is named after Eric Idle, a member of Monty Python.
    • What is Python good for?• Python comes with a large standard library that covers areas such as; • string processing (regular expressions, Unicode, calculating differences between files) • Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming) • software engineering (unit testing, logging, profiling, parsing Python code) • operating system interfaces (system calls, file systems, TCP/IP sockets) • Artificial intelligence (because of similarities to Lisp)• Extensive use in the information security industry, including exploit development. • Network, debugging and reverse engineering, fuzzing, web, forensics, malware analysis, PDF, etc.• Easy to write short scripts for system admin work.• Python code is easy to understand. • Once the basic syntax is learned, even the most complicated scripts can make sense.• Python is cross platform!! • It will work on Linux, Windows, Mac and most every other OS.• Many, many resources and a big, friendly community
    • Python’s uses
    • Python’s uses• Applications • GUI frameworks • BitTorrent • TKInter • DropBox • PyQt• Video games • wxPython • Civilization IV • Embedded as a scripting language • Battlefield 2 • Amarok • Eve Online • GIMP • Vampire: The Masquerade – • Autodesk Maya Bloodlines • Commercial uses• Graphics • Google apps • Industrial Light & Magic • Reddit • "The Phantom Menace", "The • YouTube Mummy Returns" and other • Government productions as ones where • CIA.gov Python was used. • Python implementations • Walt Disney Feature Animation • Cpython• Science • IronPython – Python for .NET • NASA and Mono platforms • National Weather Service • Jython – Python coded in Java
    • Python basics• Indentation does matter This will work But this won’t if True: if True: print "True" print "Answer" else: print "True" print "False“ else: print "Answer" print "False"• If, If.. Else, If… Elif (no Then) If Else Elif statement • Syntax is easy statement statement if expression: if expression: if expression1: statement(s) statement(s) statement(s) else: elif expression2: statement(s) statement(s) else: statement(s)• All scripts are considered Entire module Partial method modules import sys from sys import argv • All functions inside module can be used or only certain methods can be used inside script
    • Python basics• Help is built in Help on modules Help on methods >>> Import sys, hashlib >>> Import sys, hashlib >>> help(sys) >>> help(sys.argv) >>> help(hashlib) >>> help(hashlib.sha512) >>> pydoc sys >>> pydoc sys.argv >>> pydoc hashlib >>> pydoc hashlib.sha512• It can be ran interactively Via command Via IDLE or prompt DreamPie python • IDLE is built in to Python installs Python 2.72 • DreamPie is a Python Type “help”, “copyright”.. shell (best used on Linux) >>>
    • Inspiration for the idea?
    • Post CSAW CTF
    • My approach – Post CSAWcrypto challengesEach challenge1. Encrypted message inside script – Output is decrypted2. Encrypted message can be used as an argument when calling script – Output is decrypted3. Encrypted message can be read from a file for decryptingOverall1. One module for all decrypting, each decryption style is a method
    • My overall scoreboard Challenge 1- Challenge 2 – Challenge 3 – Challenge 4 – Challenge 5 – Challenge 6 - Unicode Hex Binary Base64 ROT13Script option 1 - Done Done Done * Done Done Incompleteinside scriptScript option 2 – Done Done Done* Done Done IncompleteargumentScript option 3 – Done Done Done* Done Done Incompletefrom fileScript option 4 – n/a n/a n/a n/a n/a Incompletefrom input(scrapped, 255character limit)Overall – module Success Success Success Success Success Incompletewith methods(CSAW_Crypto.py) * Found the code excerpt online
    • CSAW Crypto ReduxCrypto challenge # 1Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 10132 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 6784 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46
    • AnswerWelcome to the 2011 NYU Poly CSAW CTFevent. We have planned many challenges foryou and we hope you have fun solving themall. The key for this challenge is cryptography.
    • Wolfgang’s code private static string AsciiToString(string encodedString) { string[] encodedChars = encodedString.Split( ); char[] decodedChars = new char[encodedChars.Length]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-10 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 10); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); }
    • Matt’s code$string=$null[int[]]$array = ("87 101 108 99 111 109 101 32 116 11132 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110116 46 32 87 101 32 104 97 118 101 32 112 108 97 110110 101 100 32 109 97 110 121 32 99 104 97 108 108101 110 103 101 115 32 102 111 114 32 121 111 117 3297 110 100 32 119 101 32 104 111 112 101 32 121 111117 32 104 97 118 101 32 102 117 110 32 115 111 108118 105 110 103 32 116 104 101 109 32 97 108 108 4632 84 104 101 32 107 101 121 32 102 111 114 32 116104 105 115 32 99 104 97 108 108 101 110 103 101 32105 115 32 99 114 121 112 116 111 103 114 97 112 104121 46").Split(" ")foreach($l in $array) { $string += [char]$l}$string
    • My codeOption # 1 – Encrypted message inside script – Output is decrypted#!/usr/bin/pythonImport syscode1 =(87,101,108,99,111,109,101,32,116,111,32,116,104,101,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,101,32,104,97,118,101,32,112,108,97,110,110,101,100,32,109,97,110,121,32,99,104,97,108,108,101,110,103,101,115,32,102,111,114,32,121,111,117,32,97,110,100,32,119,101,32,104,111,112,101,32,121,111,117,32,104,97,118,101,32,102,117,110,32,115,111,108,118,105,110,103,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32,107,101,121,32,102,111,114,32,116,104,105,115,32,99,104,97,108,108,101,110,103,101,32,105,115,32,99,114,121,112,116,111,103,114,97,112,104,121,46)for i in code1: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)
    • My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>n") code1 = (sys.argv[1]) code_split = code1.split(:) for i in code_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)
    • My code Option # 3 - Encrypted message can be read from a file for decrypting#!/usr/bin/pythonimport binascii, sysf = open (unicode.txt, r)file = f.read()code_split = file.split(:)for decode in code_split: decode1 = int(decode) codefinal = chr(decode1) sys.stdout.write(codefinal)f.close ( )
    • CSAW Crypto ReduxCrypto challenge # 2Cipher text:54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2e
    • AnswerLast weeks meeting was a great success. Weseem to be generating a lot of buzz about themovement. The key for next weeks meeting isresistance. If there is anyone else you know ofthat may be interested in joining bring them tothe meeting this week. It will be held sametime, same place.
    • Wolfgang’s code private static string AsciiHexToString(string encodedString) { string[] encodedChars = encodedString.Split(:); char[] decodedChars = new char[encodedChars.Length]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-16 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 16); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); }
    • Matt’s code$string = $null$text ="54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2e"$text.Split(:) | ForEach-Object {[Convert]::ToInt32($_,16)} |ForEach-Object {$string = $string + [Convert]::ToChar($_)}$string
    • My codeOption # 1 – Encrypted message insidescript – Output is decrypted#!/usr/bin/pythonimport binascii, syshex = 54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2ehex_split = hex.split(:)for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)
    • My codeOption # 2 – Encrypted message can be used as anargument when calling script – Output is decrypted#!/usr/bin/pythonimport sys, binasciiif len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>n")code1 = (sys.argv[1])hex_split = code1.split(:)for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)
    • My codeOption # 3 - Encrypted message can beread from a file for decrypting#!/usr/bin/pythonimport binascii, sysf = open (hex.txt, r)file = f.read()hex_split = file.split(:)for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)f.close ( )
    • CSAW Crypto ReduxCrypto challenge # 3Cipher text:0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110
    • AnswerLast weeks meeting was a great success. Weseem to be generating a lot of buzz about themovement. The key for next weeks meeting isresistance. If there is anyone else you know ofthat may be interested in joining bring them tothe meeting this week. It will be held same time,same place.
    • Wolfgang’s code private static string BinaryToString(string encodedString) { char[] decodedChars = new char[encodedString.Length / 8]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number in binary (base-2) to an integer int codeNum = Convert.ToInt32(encodedString.Substring(i * 8, 8), 2); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); }
    • $test ="0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110 Matt’s code111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110"$string = $null$chars = while ($test.Length) { $byte = $test.Substring(0,8) $test = $test.Substring(8) $([Convert]::ToChar([Convert]::ToByte($byte, 2)))}$chars -join ""
    • #!/usr/bin/pythonimport math, sys My code# v = value to split, l = size of each chunkf = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]basecode = f (0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110,8)for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) Option # 1 – Encrypted message inside sys.stdout.write(decodeb) script – Output is decrypted
    • My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted import sys, math if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <binary code you wish to decode>n") f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f(sys.argv[1],8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)
    • My codeOption # 3 - Encrypted message can beread from a file for decrypting#!/usr/bin/pythonimport math, sysf = open (binary.txt, r)file = f.read()f1 = lambda v, l: [v[i*l:(i+1)*l] for i inrange(int(math.ceil(len(v)/float(l))))]basecode = f1(file,8)for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)f.close ( )
    • CSAW Crypto ReduxCrypto challenge # 4Cipher text:VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==
    • AnswerThat meeting was a little crazy. We haveno idea where those guys in the blacksuits came from, but we are looking intoit. Use the key infiltration for next week’smeeting. Stay with the cause and we willsucceed.
    • Wolfgang’s code private static string DecodeBase64ToString(string encodedString) { byte[] encodedAsBytes = System.Convert.FromBase64String(e ncodedString); return System.Text.UTF8Encoding.UTF8 .GetString(encodedAsBytes); }
    • Matt’s code$text ="VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==“$bytes =[System.Convert]::FromBase64String($text)$string =[System.Text.Encoding]::UTF8.GetString($bytes)$string
    • My codeOption # 1 – Encrypted message insidescript – Output is decrypted#!/usr/bin/pythoncode3 =("VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==")answer=code3.decode(base64,strict)print answer
    • My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Base64 code you wish to decode>n") basecode = sys.argv[1] answer=basecode.decode(base64,strict) print "This is the encoded message : " + sys.argv[1] print "This is the decoded message : " + answer
    • My codeOption # 3 - Encrypted message can beread from a file for decrypting#!/usr/bin/pythonf = open (base64.txt, r)file = f.read()answer=file.decode(base64,strict)print answerf.close ( )
    • CSAW Crypto ReduxCrypto challenge # 5Cipher text: JR UNIR QVFPBIRERQ GUNG BHE YNFGGUERR GENAFZVFFVBAF JRER RNFVYLQRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGLERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJHFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBACEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURENYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.FXRL VF BOSHFPNGRQ.
    • AnswerWe have discovered that our last threetransmissions were easily deciphered. Wehave taken care of the party responsible fortheir encoding and are now using a newmethod. Use the information provided atlast week.s meeting to decipher all newmessages. And remember, this weeks key isobfuscated.
    • Wolfgang’s code (part 1) private static string RotToString(string encodedString, int rotation) { // Boundary check because this only works for ROT1 thru ROT26 if (rotation < 0 | rotation > 26) { throw new Exception("RotToString only supports ROT1 thru ROT26."); } char[] encodedChars = encodedString.ToArray(); char[] decodedChars = new char[encodedChars.Length]; int A = Convert.ToInt32(A); // 65 int Z = Convert.ToInt32(Z); // 90 int a = Convert.ToInt32(a); // 97 int z = Convert.ToInt32(z); // 122
    • Wolfgang’s code (part 2)for (int i = 0; i < decodedChars.Length; i++) { int codeNum = Convert.ToInt32(encodedChars[i]); // Rotate capital letters A-Z 65-90 if (codeNum >= A && codeNum <= Z) { codeNum = codeNum - rotation; if (codeNum < A) { codeNum = Z - (A - codeNum) + 1; } } // Rotate lower-case letters a-z 97-122 if (codeNum >= a && codeNum <= z) { codeNum = codeNum - rotation; if (codeNum < a) { codeNum = z - (a - codeNum) + 1; } } // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum);
    • Wolfgang’s code (part 3) return new string(decodedChars); }
    • Matt’s code
    • My codeOption # 1 – Encrypted message inside script –Output is decrypted#!/usr/bin/pythonrot13 = (JR UNIR QVFPBIRERQ GUNG BHEYNFG GUERR GENAFZVFFVBAF JR ER RNFVYLQRPVCURERQ. JR UNIR GNXRA PNER BS GURCNEGL ERFCBAFVOYR SBE GURVE RAPBQVATNAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GURVASBEZNGVBA CEBIVQRQ NG YNFG JRRX.FZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF.NAQ ERZRZORE, GUVF JRRX.F XRL VFBOSHFPNGRQ.)answer=rot13.decode(rot13,strict)print answer
    • My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <ROT13 code you wish to decode>n") basecode = sys.argv[1] answer=basecode.decode(rot13,strict) print "This is the encoded message : " + sys.argv[1] print "This is the decoded message : " + answer
    • My codeOption # 3 - Encrypted message can beread from a file for decrypting#!/usr/bin/pythonf = open (rot13.txt, r)file = f.read()answer=file.decode(rot13,strict)print answerf.close ( )
    • My final one – Encrypt/decrypt module #!/usr/bin/python import sys def hexdecode(hex_key): import binascii hex_split = hex_key.split(:) for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) def uni_decode(unicode_key): unicode_split=unicode_key.split(:) for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) def base64_decode(base64_key): answer=base64_key.decode(base64,strict) print answer def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) def rot13_decode(rot13_key): answer=rot13_key.decode(rot13,strict) print answer
    • My final one – Encrypt/decrypt module
    • My final one – Encrypt/decrypt module
    • Extra credit
    • Coding for Penetration Testers book Extra creditScript Function Learned Success?Webcheck_v1.py Monitor web server – verify it 1. Script arguments Yes remains up 2. Connect to web server and run a GET requestWebcheck_v2.py Monitor web server – verify it 1. Alternate script arguments method No remains up (default to port 80)Subnetcalc.py Calculate subnet mask, broadcast 1. Parse out values programmatically Yes address, network range, and gateway 2. Math functions with variables from IP/CIDR 3. Displaying results 4. Using FOR loopsPass.py Determines if users are using the 1. Use the crypt module No original default assigned passwordRobotparser.py Retrieve the paths from the robot.txt Noroot_check.py Checks to see what permissions 1. Using IF and ELIF conditional statements Yes logged in account has (normal user, root or system account)Readshadow.py Checks to see if you have permission 1. Tests permissions on files to see if current Yes to read /etc/shadow credentials can read fileNetwork_socket. Connect to website, pull contents 1. Network socket creation Yespy (hard coded) 2. Spaces will bite you in the ass where you least expect it.
    • Coding for Penetration Testers book Extra creditScript Function Learned Success?network_socket_argum Connect to website, pull contents 1. Network socket creation Yesent.py (site specified by argument) 2. Spaces will bite you in the ass where you least expect it.Server_connect.py Once a connection is made, send 1. Network socket creation Yes back a string 2. Allow incoming connections.server_shell.py NoreceiveICMP.py To receive a file from another 1. Python script using Scapy Yes system via ICMP (in conjunction with sendICMP.py)sendICMP.py To send a file to another system 1. Python script using Scapy Yes via ICMP (in conjunction with receiveICMP.py)
    • All the scripts Extra credit Category Script CSAW Crypto Redux – Challenge 1 to 5 Extra credit Coding for Penetration Testers – part 1 Coding for Penetration Testers – part 2 Coding for Penetration Testers – part 3 Extra extra credit
    • Coding for Pentesters - Exploitation Extra extra credit
    • Scapy Extra extra credit• Packet creation • Classic attacks• Read PCAP files • Malformed packets• Create graphical dumps • Ping of death • Must have appropriate supporting • Nestea attack tools installed • ARP cache poisoning• Fuzzing • Scans• Send and receive packets • SYN scan• TCP traceroute (can do graphical dump • ACK scan as well) • XMAS scan• Sniffing • IP scan• Send and receive files through • TCP port scan alternate data channels (ICMP) • IKE scan• Ping • Advanced traceroute • ARP ping • TCP SYN traceroute • ICMP ping • UDP traceroute • TCP ping • DNS traceroute • UDP ping • VLAN hopping• Wireless frame injection • Wireless sniffing• OS Fingerprinting • Firewalking
    • Scripts I created Extra extra extra creditScript Function URL deobfuscator – To read the shortened URL website and tell you the title. Word list creator
    • Little gems I found Extra extra creditDescription Function SitePython-nmap It’s a Python library which helps in http://xael.org/norman/python/python- using nmap. nmap/Python API to the VirtualBox Allowing you to control every http://download.virtualbox.org/virtualboxVM aspect of virtual machine /SDKRef.pdf configuration and executionPy2Exe py2exe is http://www.py2exe.org/ a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation.Chrome Various extensions/applications • https://chrome.google.com/webstore/extensions/applications found in the Chrome Webstore detail/gdiimmpmdoofmahingpgabiikim jgcia <-- Python shell (browser button) • https://chrome.google.com/webstore/ detail/cmlchnlmkdcpelgmkebknjgjgdd ncelc - Python shell (Chrome application) • https://chrome.google.com/webstore/ detail/nckbgikkpbjdliigbhgjfgfcahhona kp <-- Online Python development environment
    • Little gems I found Extra extra creditDescription Function SiteTweepy It’s the best working Python http://tweepy.github.com/ library to interface with Twitter (so far)
    • Tweepyhttp://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth
    • Additional resourcesBeginners guides from Python• http://wiki.python.org/moin/BeginnersGuide/NonProgrammers• http://wiki.python.org/moin/BeginnersGuide/ProgrammersExtra tools• http://mashable.com/2007/10/02/python-toolbox/Online exercises• http://codingbat.com/python• http://homepage.mac.com/s_lott/books/python.html• http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html• http://anh.cs.luc.edu/python/hands-on/• http://code.google.com/edu/languages/google-python-class/index.html• http://www.cdf.toronto.edu/~csc148h/winter/• http://www.cdf.toronto.edu/~csc108h/fall/• http://projecteuler.net/• http://www.upriss.org.uk/python/PythonCourse.html• http://www.pythonchallenge.com/• http://learnpythonthehardway.org/• http://www.awaretek.com/tutorials.html• http://www.checkio.org/• http://www.pyschools.com/
    • Additional resourcesFree online videos• http://freevideolectures.com/Course/2512/Python-Programming• http://showmedo.com/videotutorials/python• http://www.python.org/doc/av/Online books• http://en.wikibooks.org/wiki/Python_ProgrammingOnline interactive tutorial/interpreter• http://www.trypython.org• http://www.learnpython.org/• https://languageshells.appspot.com/Forums• http://www.python-forum.org• http://stackoverflow.com/questions/tagged/python• http://www.daniweb.com/software-development/python/114Module/package repositories• http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python programming language. There are currently 17409 packages here.• http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to learn from and use.Python tools for penetration testers• http://www.dirk-loss.de/python-tools.htm
    • Additional resources
    • Tips, tricks, etc.IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments)• Windows • PyScripter • Aptana Studio • IDLE • Ninja • Pycrust (it’s actually a shell) • Part of wxPython• Linux • IDLE • Geany • Python Toolkit • SPE • ERIC (supposed to have auto-complete of code…) • Pycrust (it’s actually a shell) • Part of wxPython • DreamPie (it’s actually a shell)Editors (http://wiki.python.org/moin/PythonEditors)• Windows • Notepad++• Linux • Gedit • SCiTE
    • Tips, tricks, etc. Linux vs. Windows Linux • Linux scripts can be ran via terminal • calling python <script name> • by putting #!/usr/bin/python at the top (path to interpreter) and typing ./<script name> • Common problem on PyScripter (awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python Windows • Windows scripts don’t need the #! but need to have .py associated with Python interepreter. • Scripts can be double clicked or ran from command prompt python <script name> • If the script is double clicked, without having raw_input("Press ENTER to exit") you may not see the output of the script.
    • Portable Python (Windows only)• Portable Python is a Python® programming Tips, tricks, etc. language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application. • Portable Python 2.7.2.1 package contains following applications/libraries: • PyScripter v2.4.1 • NymPy 1.6.0 • SciPy 0.90 • Matplotlib 1.0.1 • PyWin32 216 • Django 1.3 • PIL 1.1.7 • Py2Exe 0.6.9 • wxPython 2.8.12.0 • Portable Python 3.2.1.1 package contains following applications/libraries (alphabetical order): • NetworkX v1.4 • PySerial 2.5 • PyScripter v2.4.1 • PyWin32 v.216 • RPyC-3.0.7
    • Etc.Antigravity• When you open up ModulesDocs and click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck.Zen of Python• To start the path of finding Zen of Python, remember these two key words… IMPORT THIS . • From an IDE (IDLE) or a Python shell, run import this and the Zen of Python will be revealed.
    • Etc.
    • Final thoughts
    • Up next?
    • Questions?Keith Dixon@Tazdrumm3r#misec – Tazdrumm3rtazdrummer@gmail.comhttp://tazdrumm3r.wordpress.com