Read Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers for Free Online Page B
Authors: TJ O'Connor
thirty-five-line script!
programmer$ python unzip.py -f evil.zip -d dictionary.txt
[+] Found password secret
Chapter Wrap-Up
In this chapter, we briefly examined the standard library and a few built-in modules in Python by writing a simple vulnerability scanner. Next, we moved on and wrote our first two Python programs—a twenty-year-old UNIX password cracker and a zip-file brute-force password cracker. You now have the initial skills to write your own scripts. Hopefully, the following chapters will prove as exciting to read as they were to write. We will begin this journey by examining how to use Python to attack systems during a penetration test.
References
1. Floyd, J. (2007). Federal grand jury indicts fireman for production and possession of child pornography. John T. Floyd Law Firm Web site. Retrieved from < http://www.houston-federal-criminal-lawyer.com/news/april07/03a.htm >, April 3.
2. McCullagh, D. (2008). Child porn defendant locked up after ZIP file encryption broken.
CNET News
. Retrieved April 7, 2012, from < http://news.cnet.com/8301-13578_3-9851844-38.html >, January 16.
3. Stoll C.
The cuckoo’s egg: Tracking a spy through the maze of computer espionage
. New York: Doubleday; 1989.
4. Stoll C. Stalking the Wily Hacker.
Communications of the ACM
. 1988;31(5):484–500.
5. Zatko, P. (2012). Cyber fast track. ShmooCon 2012. Retrieved June 13, 2012. from < www.shmoocon.org/2012/videos/Mudge-CyberFastTrack.m4v >, January 27.
Chapter 2
Penetration Testing with Python
Information in this chapter:
Building a Port Scanner
Constructing an SSH Botnet
Mass Compromise with FTP
Replicate Conficker
Your Own Zero Day Attack
To be a warrior is not a simple matter of wishing to be one. It is rather an endless struggle that will go on to the very last moment of our lives. Nobody is born a warrior, in exactly the same way that nobody is born an average man. We make ourselves into one or the other
—Kokoro by Natsume Sōsek, 1914, Japan.
Building a Port Scanner
Reconnaissance serves as the first step in any good cyber assault. An attacker must discover where the vulnerabilities are before selecting and choosing exploits for a target. In the following section, we will build a small reconnaissance script that scans a target host for open TCP ports. However, in order to interact with TCP ports, we will need to first construct TCP sockets.
Python, like most modern languages, provides access to the BSD socket interface. BSD sockets provide an application-programming interface that allows coders to write applications in order to perform network communications between hosts. Through a series of socket API functions, we can create, bind, listen, connect, or send traffic on TCP/IP sockets. At this point, a greater understanding of TCP/IP and sockets are needed in order to help further develop our own attacks.
The majority of Internet accessible applications reside on the TCP. For example, in a target organization, the web server might reside on TCP port 80, the email server on TCP port 25, and the file transfer server on TCP port 21. To connect to any of these services in our target organization, an attacker must know both the Internet Protocol Address and the TCP port associated with the service. While someone familiar with our target organization would probably have access to this information, an attacker may not.
An attacker routinely performs a port scan in the opening salvo of any successful cyber assault. One type of port scan includes sending a TCP SYNpacket to a series of common ports and waiting for a TCP ACK response that will result in signaling an open port. In contrast, a TCP Connect Scan uses the full three-way handshake to determine the availability of the service or port.
TCP Full Connect Scan
So let’s begin by writing our own TCP port scanner that utilizes a TCP full connect scan to identify hosts. To begin, we will import the Python implementation of BSD socket API. The socket
programmer$ python unzip.py -f evil.zip -d dictionary.txt
[+] Found password secret
Chapter Wrap-Up
In this chapter, we briefly examined the standard library and a few built-in modules in Python by writing a simple vulnerability scanner. Next, we moved on and wrote our first two Python programs—a twenty-year-old UNIX password cracker and a zip-file brute-force password cracker. You now have the initial skills to write your own scripts. Hopefully, the following chapters will prove as exciting to read as they were to write. We will begin this journey by examining how to use Python to attack systems during a penetration test.
References
1. Floyd, J. (2007). Federal grand jury indicts fireman for production and possession of child pornography. John T. Floyd Law Firm Web site. Retrieved from < http://www.houston-federal-criminal-lawyer.com/news/april07/03a.htm >, April 3.
2. McCullagh, D. (2008). Child porn defendant locked up after ZIP file encryption broken.
CNET News
. Retrieved April 7, 2012, from < http://news.cnet.com/8301-13578_3-9851844-38.html >, January 16.
3. Stoll C.
The cuckoo’s egg: Tracking a spy through the maze of computer espionage
. New York: Doubleday; 1989.
4. Stoll C. Stalking the Wily Hacker.
Communications of the ACM
. 1988;31(5):484–500.
5. Zatko, P. (2012). Cyber fast track. ShmooCon 2012. Retrieved June 13, 2012. from < www.shmoocon.org/2012/videos/Mudge-CyberFastTrack.m4v >, January 27.
Chapter 2
Penetration Testing with Python
Information in this chapter:
Building a Port Scanner
Constructing an SSH Botnet
Mass Compromise with FTP
Replicate Conficker
Your Own Zero Day Attack
To be a warrior is not a simple matter of wishing to be one. It is rather an endless struggle that will go on to the very last moment of our lives. Nobody is born a warrior, in exactly the same way that nobody is born an average man. We make ourselves into one or the other
—Kokoro by Natsume Sōsek, 1914, Japan.
Building a Port Scanner
Reconnaissance serves as the first step in any good cyber assault. An attacker must discover where the vulnerabilities are before selecting and choosing exploits for a target. In the following section, we will build a small reconnaissance script that scans a target host for open TCP ports. However, in order to interact with TCP ports, we will need to first construct TCP sockets.
Python, like most modern languages, provides access to the BSD socket interface. BSD sockets provide an application-programming interface that allows coders to write applications in order to perform network communications between hosts. Through a series of socket API functions, we can create, bind, listen, connect, or send traffic on TCP/IP sockets. At this point, a greater understanding of TCP/IP and sockets are needed in order to help further develop our own attacks.
The majority of Internet accessible applications reside on the TCP. For example, in a target organization, the web server might reside on TCP port 80, the email server on TCP port 25, and the file transfer server on TCP port 21. To connect to any of these services in our target organization, an attacker must know both the Internet Protocol Address and the TCP port associated with the service. While someone familiar with our target organization would probably have access to this information, an attacker may not.
An attacker routinely performs a port scan in the opening salvo of any successful cyber assault. One type of port scan includes sending a TCP SYNpacket to a series of common ports and waiting for a TCP ACK response that will result in signaling an open port. In contrast, a TCP Connect Scan uses the full three-way handshake to determine the availability of the service or port.
TCP Full Connect Scan
So let’s begin by writing our own TCP port scanner that utilizes a TCP full connect scan to identify hosts. To begin, we will import the Python implementation of BSD socket API. The socket
Similar Books
Mastering the Marquess
Vanessa Kelly
Wishes
Jude Deveraux
Robert Crews
Thomas Berger
Healing Dr. Fortune
JUDY DUARTE
Quicksilver
Neal Stephenson
Comanche Dawn
Mike Blakely
That Liverpool Girl
Ruth Hamilton
The Sugar Frosted Nutsack
Mark Leyner
Expatria: The Box Set
Keith Brooke
Forbidden Paths
P. J. Belden