HackingwithPython

TheUltimateBeginner’sGuide

IntroductionThisbookwillshowyouhowtousePython,createyourownhackingtools,andmakethemostoutofavailableresourcesthataremadeusingthisprogramminglanguage.Ifyoudonothaveexperienceinprogramming,don’tworry–thisbookwillshowguideyouthroughunderstandingthebasicconceptsofprogrammingandnavigatingPythoncodes.Thisbookwillalsoserveasyourguideinunderstandingcommonhackingmethodologiesandinlearninghowdifferenthackersusethemforexploitingvulnerabilitiesorimprovingsecurity.YouwillalsobeabletocreateyourownhackingscriptsusingPython,usemodulesandlibrariesthatareavailablefromthird-partysources,andlearnhowtotweakexistinghackingscriptstoaddressyourowncomputingneeds.ThankyouandIhopeyouenjoyit!

Copyright2017bySteveTaleAllrightsreserved.

Thisdocumentisgearedtowardsprovidingexactandreliableinformationinregardstothetopicand issue covered. The publication is sold with the idea that the publisher is not required torenderaccounting,officiallypermitted,orotherwise,qualifiedservices. Ifadvice isnecessary,legalorprofessional,a21practicedindividualintheprofessionshouldbeordered.-FromaDeclarationofPrincipleswhichwasacceptedandapprovedequallybyaCommitteeoftheAmericanBarAssociationandaCommitteeofPublishersandAssociations.In no way is it legal to reproduce, duplicate, or transmit any part of this document in eitherelectronicmeansorinprintedformat.Recordingofthispublicationisstrictlyprohibitedandanystorageof thisdocument isnot allowedunlesswithwrittenpermission from thepublisher.Allrightsreserved.The information provided herein is stated to be truthful and consistent, in that any liability, intermsofinattentionorotherwise,byanyusageorabuseofanypolicies,processes,ordirectionscontained within is the solitary and utter responsibility of the recipient reader. Under nocircumstances will any legal responsibility or blame be held against the publisher for anyreparation,damages,ormonetarylossduetotheinformationherein,eitherdirectlyorindirectly.Respectiveauthorsownallcopyrightsnotheldbythepublisher.Theinformationhereinisofferedforinformationalpurposessolely,andisuniversalasso.Thepresentationoftheinformationiswithoutcontractoranytypeofguaranteeassurance.The trademarks that are used arewithout any consent, and the publication of the trademark iswithout permission or backing by the trademark owner.All trademarks and brandswithin thisbookareforclarifyingpurposesonlyandaretheownedbytheownersthemselves,notaffiliatedwiththisdocument.

TableofcontentsChapter1:PreparationForHacking

Chapter2:PythonBasics

Chapter3:WritingPythonPrograms

Chapter5:OperatorsandExpressions

Chapter6:FunctionsandModules

Chapter7:SettingUpforHacking

Chapter8:NetworkHacking

Chapter9:HacksfortheWeb

Chapter10:UnderstandingAttacksUsingPython

Chapter11:OtherNiftyHackstoTry

Conclusion

Bonus:PreviewOf‘IntroductiontoPython3

Chapter1:PreparationforhackingEveryaspiringhackershouldlearnhowtouseaprogramminglanguageinordertodiscoverandexploitweaknessesinacomputer.Whilethereisnothingwrongwithusingresourcesthatarealreadymadeavailable,youwillwanttodevelopbettertoolsthatcanallowyoutomakebetteruseofyourowncomputer.Becauseyouarethebestjudgewhenitcomestounderstandingyourownneeds,youareawarethatmanyoftheexistingtoolsavailableonlineorinthemarketlacksomeofthefeaturesthatyoumayneedtomakeyourcomputerperformjustthewayyouwantit.

Thecomputingworldchangeseveryday–newhacksaredevelopedbythehourandyoucanalsoexpectthatdifferentsecurityexpertsdiscoverthem.Ifyouarestuckonusingoldhackingtoolstoeitherperformreconnaissanceorprotectyourselffromapossibilityofanattack,thenyouarelikelytorunintosometrouble.Forexample,launchingamalwareonatargetedmachinethathasalreadyimproveditssecuritysystemwillnotonlycauseyourattacktofail–thelikelihoodoftheattackbeingtracedbacktoyouisalsohigh.

LearningaprogramminglanguagewillalsoallowyoutoincreaseyourprobabilityofhackingsuccessanddecreasethelikelihoodofgettingdetectedbyIDS(intrusiondetectionsystems),antivirussoftware,ortoolsthatareusedbylawenforcement.Ifyouarelearninghowtobeawhitehathackerbylearninghowcriminalhackersactanddeveloptheirowntoolsforsystemexploitationandmanipulation,thenyouwilldefinitelybeabletouseupdatedsecuritycodestocombatnewcrackingprogramsthataredevelopedeveryday.Bybeingabletocodeprogramsonthego,youwillalsobeabletodetectandpreventattacksastheyhappen.

Beingabletocodeyourownhackingtoolswillalsoallowyoutocontributetothecommunityofhackersthataresharingtheirresourceswithyou–bydiscoveringabetterwaytoperformanattack,doacountermeasureagainstanillegalhack,orupdatesecurityprotocolsorabilitiesofaknowntool,youwillbeabletodoyourshareinmakingthecomputingworldamoresecureplacetobein.

WhatisPython?Pythonisconsideredanopensourcelanguage,whichmeansthatyoucandownloaditfromthepython.org’swebsitefreeofcharge.Thishigh-levellanguagehasbeenaroundsincethelate‘80s,buthasdefinitelysurvivedthetestoftime–itisstillusedtodaytocreateGUIs,webapps,games,andmoreimportantly,hackingexploitsandintrusionmitigation.

Ifyouaremigratingfromanotherprogramminglanguage,youwillbeabletoeasilylearnPythonthankstoitseasyreadability.MostofthecommandsusetypicalEnglishstatementswhichwillallowyoutoimmediatelyunderstandtheirpurposeevenifitisthefirsttimethatyouhaveencounteredthislanguage.Pythoncodesarealsosomuchshorterandsimplercomparedtootherhigh-levellanguagessuchasJava,andcomeswithalibraryandfeaturesthatarealreadybuilt-in,aswellasaccesstothird-partymodulesandlibraries.Itsrobustintegratedlibrariesandtheavailabilityofresourcesthatarecompiledbyotherusersmakeitoneofthefavoriteprogramminglanguagesofhackers.

Here’sanexample:ifyouwanttoperformtheclassicPrintcommandtotypeout“Hello,World!”usingJava,youwillhavetotypeoutthefollowing:

However,Pythonwilljustrequireyoutokeyinthefollowing:

Atthispoint,yougettheideathatacompletehackingscriptwillbemuchsimplerandshorterusingPython,comparedtootherhigh-levellanguagesthataretypicallyusedforcreatingprograms.

Ifyouareafirst-timeprogrammer,youwillfindPythontoberelativelyeasytolearn,thankstoitssimplercodesandsyntax.Youwillalsobeabletorunyourcodesondifferenttypesofdevicesandoperatingsystems,suchasAndroid,Windows,Linux,andMacOSX.Ifyouareinterestedinjumpingrightintohacking,youwilldefinitelyhaveendlessfundiscoveringwhatyoucanmanipulatewithyourownprograms–Pythondoesnotonlyallowyoutoexploitandmanipulatelaptops,smartphones,anddesktops,butalsoallowyoutorunyourprogramsonmicrocontrollersthatarefoundintoys,remotecontrols,appliances,andvirtuallyanydevicethathasacomputerinit.

StartingwithPythonIfyouareusingarecentLinuxorUNIXdistribution,youprobablyhavethePythoninstalledalready.SomeWindowsusers,particularlyHPcomputerowners,mayalsohaveitinstalledintheircomputers.However,ifyouneedafreshinstallofthepackage,youcandownloaditfromwww.python.org.

Normally,youwouldwanttogetthelatestversion,whichis3.5.2,butyoumayalsowanttogetthelatestreleaseofPython2,whichis2.7.11,ifitismorecompatiblewiththehackingprojectsthatyouhaveinmind.WhilePython3maybethefutureofthisprogramminglanguage,certainfactorssuchascompatibilitywithyourcomputerorusingthirdpartyservicesmaymakeyoudownloadPython2instead.

WindowsInstallationAfteryouhavedownloadedtheinstallationpackagefromtheLinuxwebsite,decompressitandrunthe.exefiletoproceedwiththesetup.Youshouldbeabletogetpip,documentation,andIDLEwhenyougowiththestandardinstallation.

Note:Seetoitthatyouhavecheckedthisoption:

Ifyouwanttochangethelocationforyourinstallation,simplyclickon

andthenhitNext.Afterwards,usethepathc:\python35asyourinstalllocation.IfyouhaveinstalledPythoninthecorrectpath,goto:

YoucanalsorunPythonfromthecommandpromptifyouhavecorrectlysetthePATHvariableuponinstallation.IfyouarerunningPythonforthefirsttimeinWindows,typecmdintheRundialogbox(clickonStartbuttontolocatethiscommand).Onceyouhavethecommandpromptpulledup,keyin“python”tolaunchtheprogram.

MacOSXInstallationYoucandownloadtheinstallerfromPython’swebsiteoryoucanuseHomebrewtogettheinstallpackage.IfyoudonothaveHomebrewinstalledyet,pullupaterminal(presstheCommandkey+SpacebartolaunchSpotlightsearch,andthenkeyinTerminal)andenterthiscommand:

/usr/bin/ruby-e"$(curl-fsSLhttps://raw.githubusercontent.com/Homebrew/install/master/install)"

AfterHomebrewisinstalled,itwillpromptyouabouthowitwillproceedwiththeinstallation.HitEnterandthenprovideyouruserpasswordinordertoproceed.Onceinstalled,youcannowusethe“brew”commandfromtheterminaltoinstallpackagesforOSX.

ToinstallthePythonpackage,pullupafreshTerminalandkeyin:

InstallingonLinuxIfyouroperatingsystemisGNU/Linux,youcanuseUbuntuorDebiandistributionmanagertoinstallPython.Todothat,simplykeyinthiscommand:

Onceyouareabletoinstalltheprogram,runitbytyping“python”ontheterminal.

InteractingwiththePythonLanguageNowthatyouhaveinstalledPython,thenextthingthatyouneedtodoistolearnhowyoucanuseittoexplorefeaturesortotestacode.YoucanusePythonusingthescriptmodeifyouwanttoseehowentirefilesorapplicationsareinterpreted.

TointeractusingPython,youcanusetheIDLE(IntegratedDevelopmentEnvironment),whichwillpullupthePythonshellwindow,orthecommandlineinWindows.

InteractingUsingtheCommandPromptTheWindowscommandline(ortheTerminalinLinuxandMacOSX)isthesimplestandstraightforwardwaytostartusingPython.Withthistool,youwillbeabletoseehowPythonoperatesbasedonhowitreactstoeverycommandthatyouenteronthe>>>prompt,whichisalsoknownastheinterpreterprompt.

Takenotethatthismightnotbethemostpreferredwaybyhackerswhenitcomestointeractingwiththisprogramminglanguage,butthismethodwillallowyoutoeasilyexplorePython’sfeatures.

ToexplorehowPythonoperates,takealookathowtheprintcommandcanbeusedtodisplay“Pythonisforhacking.”

PullupthePythoncommandline.

Onceyouseethe>>>prompt,keyin:

print(“Pythonisforhacking.”)

HitEntertoendthecommand.Rightafterthat,Pythonwilldisplayyourrequestedtextonthefollowingline.

Whatwillhappenifyoudidsomethingwrongwithyourcommand?Ifyouusedafaultysyntax,suchasanincompletestatementoramisspelledcommand,youwillgetadisplayerrorthatlookslikethis:

HowtoExitPythonIfyouwanttoquitthePythonprompt,useanyofthesecommands:

Ctrl+Z,andthenhitEnter

Keyin“quit()”

Keyin“exit()”

InteractingUsingtheIDLE

Whenyouareusingaprogramminglanguage,suchasPython,youwillneedtodevelopyourcodeusinganintegrateddevelopmentenvironmentorIDE.AnIDEisanapplicationthatwillprovideyouallthetoolsthatyouneedtodevelopasoftware.Usually,thesetoolsareatexteditorthatwillhelpyoutweakthesourcecodethatyouareworkingon,adebugger,andasetoftoolsforbuildautomationwhichyoucanusethroughaGUI(graphicaluserinterface).IDEswillalsoallowyoutouseintegrationwithversioncontrollibrariesthatyoucansourcefromthirdparties,whichmeansthatyoucanpullupcodesthatarecreatedbyothersandthenmixandmatchthemwithyourowncodetogettheresultsthatyouwant.

YoucangetyourpreferredIDEfromathird-partysource,suchaseducationalsitesforprogramminglanguages,orfromthedevelopersofthelanguagethemselves.Python.org,forexample,providesyouafreeIDEthatyoucanuseasastartingpointtodevelopment,ifyouarenotsurewhichIDEwillworkbestwithyourcodingstyle.

TheIDLEtoolthatcomeswithyourinstallationpackageservesasaplatformwhereyoucanefficientlykeyinyourcodesandinteractwithPython.YoucaneasilypullupIDLEbyclickingonitsicononyourdesktop,theStartMenuorlocatingitontheinstallfolder.

IDLEallowsyoutousethesefeatures:

ThePythonshellwindowwhichallowsyoutomakeuseofcolor-codedcodeinputandoutputandgeterrormessagesifyouinputawrongstatement.

Adebuggerthatcomeswithstepping,localandglobalnamespaceviewing,andpersistentbreakpoints

Browsersandconfiguration

Atexteditorthatallowsyoutousemultiplewindows,colorizingforPython,auto-completion,undo,andotherfeatures

UsingIDLEwillallowyoutousetwowindows(theShellandtheEditor)whichyoucanusesimultaneously.Youcanalsohaveoutputwindowsthathaveadifferentcontextmenuandtitle.

ThemenusthatyoucanuseinIDLEwillchangedependingonthewindowthatyouhaveselected.Theoptionsthatbelongtoeachmenuarestraightforward,whichmeansthatyouwillnothaveahardtimeunderstandingwhateachofthemdoevenifyouarenewtoprogramming.

Herearethemenusandthewindowthattheyareassociatedwith.

File(forEditorandShellwindows)

Thismenucontainsthefollowingoptions:

1. New

2. Open

3. RecentFiles

4. OpenModule

5. ClassBrowser

6. PathBrowser

7. Save

8. SaveAs

9. SaveCopyAs

10. PrintWindow

11. Close

12. Exit

Edit(forEditorandShell)

Thismenucontainsthefollowingoptions:

1. Undo

2. Redo

3. Cut

4. Copy

5. Paste

6. SelectAll

7. Find

8. FindAgain

9. FindSelection

10. FindinFiles

11. Replace

12. GotoLine

13. ShowCompletions

14. ExpandWord

15. ShowCallTip

16. ShowSurroundingParens

Format(EditorWindow)

1. IndentRegion

2. DedentRegion

3. CommentOutRegion

4. UncommentRegion

5. TabifyRegion

6. UntabifyRegion

7. ToggleTabs

8. NewIndentWidth

9. FormatParagraph

10. StripTrailingWhitespace

Run(Editorwindow)

1. PythonShell

2. CheckModule

3. RunModule

ShellMenu(Shellwindow)ViewLastRestart

RestartShell

InterruptExecution

Debug(Shellwindow)

1. GotoFile/Lie

2. Debugger

3. StackViewer

4. Auto-OpenStackViewer

Options(EditorandShellwindows)

1. ConfigureIDLE

2. CodeContext(availableonlyinEditor)

Windows

1. ZoomHeight

Help

1. AboutIDLE

2. IDLEHelp

3. PythonDocs

4. TurtleDemo

OtherThingsYouCanUseYoucanwriteyourcodesinotherIDEsortexteditorsotherthanIDLE,dependingonyourneeds.Thereisnorealguidelineinchoosingwhereyoushouldtypeoutandsaveyourcodes–aslongastheeditorthatyouareusinghelpsyoucodecomfortablyandcomeswithsyntaxhighlightingwhichwillhelpyouvisualizeyourcode,thenyouwillbeabletoachieveyourhackinggoalsandcreatethecodethatyouwanttouseinthefuture.

Hereareothereditorsandtheirfeaturesthatyoumightwanttocheckout:

PyCharmEducationalEdition

IfyouwanttofocusonlearningPythoninsteadofconcentratingonhowyoushouldbenavigatingyourwindows,thenthisistheeditorforyou.Youcanpullupexistingcodesintheeditortolearnhowcertainprogramsarewritten,orlearnusingthetutorialthatcomeswithit.

Youcandownloadthisfreeeditorfromwww.jetbrains.com.

SublimeText

SublimeTextallowsyoutouseapackagemanager,whichessentiallyworksforanypersonthatisusedtotypinginwordprocessors.Italsocomeswithfeaturessuchascodefolding,whichhideslinesofcodesthatyouarenotworkingon.

Takenotethatthisisnotafreesoftware,butitdoescomewithatrialperiodthatdoesnothaveatimelimit.

VIM

Thisfreesoftwarewillallowyoutodolotsofcustomizing,whichisgreatifyouareanexperiencedprogrammerthatwantstoworkusingsettingsthatyouaremostcomfortablewith.Anotherplusfactortothissoftwareisthatithasanextendedhistoryofusage,whichmeansthatyouhaveacommunityofusersthatyoucaneasilytapwhenyouneedsomehelp.

Ifyouarenewtoprogramming,thismightfeellikeadauntingtexteditortouse,butthesteeplearningcurvewillpayoffintheend.Bylearninghowtocodethroughhackingrightaway,youwillbeabletogetagoodgraspofPythonasyouexperienceitusingdifferenttoolsthatwerealreadymadebyotherhackers.

Coda

Thissoftwarecomeswithafreetrialforaweekandthenwillcost$99afterwards.Coda

isnotatexteditorthatisdevoidofbellsandwhistles–itcomeswithfeatureslikeSSHconnectivity,codecontrolstoconnectautomaticallytoahub,andaTerminalinterface.Ifyouaregunningtodevelopawebappforyourhacks,thenthisisprobablytheIDEthatwillworkbestforyou.

Nowthatyouhaveyourdevelopmentenvironmentsetup,it’stimeforyoutostartlearningaboutPython’sbasicconcepts.

Chapter2:PythonBasicsYourgoal,ofcourse,istomakePythongobeyondprintingatext.Todothat,youwillneedtolearnotherconceptsthatareessentialinaPythonscript.Youwillalsowanttocreateascriptthatiseasyforyoutounderstandandreviewinthefuture,justinanycaseyouwanttoimproveitandturnitintoaworkingtoolforyourhacks.

Inordertotakeinputsandmanipulatetheminordertogetcertainresults,youwillfirstneedtolearnhowvariablesandconstantsworkinthisprogramminglanguage.

CommentsThesearestatementsthatcomeafterthe#symbol.Thesepiecesoftextsallowyouto:

Explaintheproblemsthatyouareaimingtoovercomeorsolveinyourprogram

Takenoteoftheimportantassumptions,details,anddecisionsthatyouwanttoperforminthecode

Makingnotesinyourcodedoesnotonlyremindyouwhatyouwanttoachieveinyourcode,butalsohelpreadersthatwillbeusingyourprogramunderstandwhatlinesofcodearesupposedtodo.

LiteralConstantsLiteralconstantsarenamedassuchbecauseyoutakethesepiecesoftextfortheirliteralvalue.Theseconstantscanbe:

Numbers

Theycanbeintegers(plainwholenumbers)orfloats(numbersthathavedecimalpoints)

Strings

Thesearesequencesofcharacters,whichyoucanspecifyusingsinglequote,doublequotes,ortriplequotes.TakenotethatsingleanddoublequotesfunctionsimilarlyinPython,andthatyoucanexpressthemfreelyinsidetriplequotes.Hereisanexample:

Stringsarealsoimmutable,whichmeansthatyoucannotchangeastringonceyouhavecreatedit.

HowtoFormatStringsThereareinstancesinwhichyouwillwanttoconstructstringsfromadifferentpieceofinformation.Todothis,youwillneedtousethe method.Takealookatthisexample:

Onceyouaredone,savethispieceofcodeasstr_format.py.Thisishowit’sgoingtolooklikewhenyouruntheprogram:

Theformatmethodallowsyoutouseanargumentvaluetotaketheplaceofaparticularspecification.Takealookatthisexample:

Thispieceofcodewillgiveyouthisresult:

VariablesBecausetherewillbemultipleinstancewhereinyouwillneedtostoreinformationinyourcodeandthenmanipulatethem,youwillneedtohavesomevariables.Justlikewhatthenamemeans,variableshavevaryingvalues,suchasrealnumbers,strings,Booleans,dictionaries,orlists,whichyoucanaccessthroughcertainmethods.Takealookatthissamplecode:

Inthisexample,youareabletodefinethevariablenamedport,whichisgoingtobeusedtostoretheinteger21,andthevariablenamedbanner,whichisgoingtoholdastring.Inordertocombinethesevariablestogetherasasinglestring,youwillneedtousethevariableportthroughtheuseofthestr()function.

Sinceyouneedtoquicklyaccessthedatayoustored,youneedtoassignnamestovariables.Thisiswhereidentifierscometoplay.Identifiersworklikecodenamesthatyouusetopointouttosomethingthatyouhaveusedinyourcodeorprogram.Herearesomerulesthatyouneedtofollowwhenassigningthem:

Theinitialcharactershouldbealetterofthealphabetoranunderscore.

Theremainingcharactersshouldconsistofunderscores,letters,ordigits

Theyarecase-sensitive,whichmeansthatmycodeandmyCodedonotcalloutthesamevalueandnotinterchangeablewhenyouassignthemasanidentifier.

ObjectsThingsthatarereferredtoasanythinginthecodethatexistsinPythonarecalledobjects.IfyouaremigratingtoPythonfromanotherprogramminglanguage,youneedtotakenotethateverythinginPython,includingstring,numbers,andfunctions,isclassifiedasanobject.

ListsPythonallowsyoutomakeuseofalistdatastructurewhichisextremelyusefulwhenitcomestostoringcollectionsofobjects.Asaprogrammer,youcancreateliststhatcontaindifferenttypesofdata.Atthesametime,youcanalsomakeuseofseveralbuilt-intechniquesinPythonthatwillallowyoutoinsert,index,count,sort,append,remove,pop,andevenreverseitemsinalist.Takealookatthisexample:

Usingtheabovecode,youwereabletocreatealistthroughthemethodappend(),printallthespecifieditems,andthenmanagetosorttheitemsbeforeyouaskedtheprogramtoprintthemagain.Youwerealsoabletofindanitem’sindexandalsoremoveparticularitems.

DictionariesPython’sdictionarystructureallowsyoutomakeuseofahashtablethatcanbeusedtostorevirtuallyanyamountofobjects.Theprogram’sdictionarycontainsapairofitemswhichconsistsofakeyanditscorrespondingvalue.

Dictionariesareextremelyhelpfulincreatinghackingscripts.Forexample,youcancreateascannerthatisdesignedtoexploitvulnerabilitiesofaparticularsystem,suchasopenTCPports.Ifyouhaveadictionarythatwilldisplayservicenamesforcorrespondingportsthatyouwanttoexploit.Forexample,youcancreateadictionarythatwillallowyoutolookuptheftpkey,andthenprovideyouanoutputof21,whichcorrespondstoaportthatyoumaywanttotest.Youcanalsousedictionariestoperformbruteforceattackstocrackanencryptedpassword.WhatmakesPythonevenbetteristhatyoucancodeyourowndictionariesandusetheminotherscriptsthatyoumaywanttodevelopinthefuture.

Whenyoucreateadictionary,keysshouldbeseparatedfromtheircorrespondingvaluewithacolon,andtheitemsshouldbeseparatedusingcommas.Inthefollowingexample,youwillbeabletousethe.keys()methodtogiveyoualistofalltheavailablekeysinthedictionary,andthe.items()methodthatwillprovideyoualltheitemsthatthedictionarycontains.Takealookatthisexample:

NowthatyouknowthebasicconceptsthatmakePythonscriptsperformtasks,youarenowreadytostartusingtheminyourownscript.Inthenextchapter,youwilllearnhowareadablePythonscriptshouldlooklike.

Chapter3:WritingPythonProgramsNowthatyouareawareofsomebasicconceptsthatyouneedtograspinPython,it’stimetolearnsomeguidelinesthatyouneedtorememberwhenitcomestowritingaPythonprogram.Inthischapter,youwilllearnhowtousesomeofthemostbasicconceptstorunsimplecommandsandformatyourPythoncodesinsuchawaythatitwillbeeasierforyoutounderstandanddocumentthemlater.

HowtoUseLiteralConstantsandVariables

Pullupyourtexteditorandrunthefollowing:

Youroutputshouldlooklikethis:

Whathappenedinthisprogramisthatyouassignedaliteralvalueof5tothegivenvariableithroughanassignmentoperator,whichisthe=sign.Thatentirelineisconsideredastatementbecauseitindicatedthatsomethingshouldbedone,whichisconnectingthesaidvariabletoanumericalvalue.Afterwards,youprintedoutthevalueofibyusingtheprintcommand.

Afterwards,youadded1tothegivenvaluethatyoustoredinthevariablei,andthenyousavedit.Whenyouusetheprintstatementagain,yougetthevalueof6.

Atthesametime,youalsoassignedaliteralstringtothevariablesandthenproceededtousetheprintstatement.

PhysicalandLogicalLinesWhatyouseewhenyoutypeoutaprogramiscalledaphysicalline.WhatPythongetswhenyoutypeastatementiscalledthelogicalline.Withthissaid,thisprogramminglanguageassumesthateveryphysicallinethatyouseecorrespondstoagivenlogicalline.

Whileyoucanusemorethanonelogicallineonaphysicallinebyusingthesemicolon(;)symbol,Pythonencouragesthatprogrammerslikeyouinputasinglestatementinordertomakeyourcodesmorereadable.Thisway,youwillbeabletoseelinesthatyouareworkingonandavoidpossibleconfusionwhenyouareworkingontwodifferentlogicallinesandgetlostonwhatyouaresupposedtoworkon.

IndentationPythonisoneoftheprogramminglanguagesouttherewherewhitespace,especiallythespaceatthebeginningofeachlineofcodeisimportant.Byusingindentation,youcangrouptogetherblocks,orstatementsthatbelongtogether.Asaruleofthumb,seetoitthatyouareusingthesameindentationwhenyouareworkingonsimilarstatements.Alsorememberthatusingthewrongindentationcanmakeyourcodepronetoerror.Takealookatthisexample:

Whenyourunthiscode,youwillgetthisresult:

Pythonrecommendthatyouusefourspacesforyourindentations.Typicalgoodtexteditorswilldothisforyou.Aslongasyouareconsistentwiththespacesthatyouareusing,youwillbeabletoavoidunexpectedresultsinyourcode.

Nowthatyouknowthebasics,youcannowstartlearningthemoreinterestingstuff!

Chapter5:OperatorsandExpressionsMostofthestatements(alsocalledlogicallines)thatyouwillbewritinginyourcodewillincludeexpressions.Expressionsaredividedintooperandsandoperators.

Operatorsareessentiallyfunctionsthatdosomethinginyourcode,whicharerepresentedbysymbolsorkeywords.Theyusuallyrequirepiecesoninformationthattheycanworkon,whicharecalledoperands.Forexample,ifyouhavetheexpression4+5,theplus(+)signistheoperator,andthenumbers4and5areoperands.

PythonOperatorsTakealookathowexpressionslooklikeinaninterpreterprompt:

Whenyouevaluateexpressionsinaninterpreterpromptandyouusedtherightsyntax,youwillbeabletoseetheresultthatyouareexpectingrightafterthelogicalline.Sinceyouwillbeproducingcodesforyourownhackingtools,youwillneedtomemorizehowoperatorsareusedinacode.

AlsotakenotethatPythonusestheoperatorsaccordingtoprecedence.Thatmeansthatwhenyouaskyourcodetoperformcertainoperationsthathavehigherprecedence.Forexample,Pythonwillalwaysperformoperationsthatrequireittodivideormultiplyvariablesoveroperationsthatrequireittoaddorsubtract.Iftwooperatorshavethesamevalueofprecedence,thenPythonwillevaluatethemfromlefttoright.

HereisalistoftheoperatorsthatareavailableinPython.

Plus(+)

Addstwoobjects.

Forexample:

4+5willgiveyou9,and‘e’+‘j’givesyou‘ab’

Minus(-)

Subtractsonenumberfromanothernumber.Incasethatthefirstoperandintheequationisabsent,Pythonassumesthatitiszero.

Forexample:

-87willgiveyouanegativenumber,and80–40givesyou40.

Multiply(8)

Multipliestonumbersorrepeatsastringacertainnumberoftimes.

Forexample:

2*5givesyou10,and‘ha’*3willgiveyou‘hahaha’

Power(**)

Raisesacertainnumbertothepowerofthenextoperand.

Forexample:

3**3willgiveyou9(thisiscomputedas3*3*3)

Divide(/)

Dividesthefirstoperandwiththenextone.

Forexample:

4/2gives2

Divideandfloor(//)

Dividesthefirstoperandwiththenextone,andthenroundstheresulttothenearestnumber.

Forexample:

5//2givesyou2

Modulo(%)

Givesyoutheremainderofadivision

Forexample:

13%3willgiveyou1

Lessthan(<)

Givesyouaresultofwhetherthefirstoperandislessthanthenextone.ThecomparisonoperatorwillsaywhetheritisTRUEorFALSE.

Forexample:

3<9returnsgivesyouTRUE

Greaterthan(>)

Givesyouaresultofwhetherthefirstoperandisgreaterthanthenextone.TheoperatorwillalsosaywhetheritisTRUEorFALSE.

Forexample:

9>3givesyouTRUE

Lessthanorequalto(<=)

Givesyouaresultofwhetherthefirstoperandislessthanorequaltothenextone.

Forexample:

x=6;y=9;x<=ygivesyouTRUE

Greaterthanorequalto(>=)

Givesyouaresultofwhetherthefirstoperandisgreaterthanorequalthenextone

Forexample:

x=6;y=3;x>=ygivesyouTRUE

Equalto(==)

Tellsyouiftooperandsareequal.

Forexample:

x=3;y=3;x==ygivesyouTRUE

Notequalto(!=)

Tellsyouiftheoperandsarenotequal

Forexample:

x=3;y=4;x!=ygivesyouTRUE

ExpressionsExpressionsarecombinationsofoperatorsandvaluesinyourcode.Youcanthinkofitasanythingthat“expresses”somethingthathasavalue.Forexample,ifyouusethefunctioneval(1+1),youwillgetaresultthatprovidesyouthevalueofthesetwonumbersaddedtogether.

Takealookatthisexample:

Savethisasexpression.pyandthenrunitattheinterpreterprompt.Youshouldbeabletogetthisoutput:

Asyoumayhavenoticed,Pythonstoredvaluesinthevariables‘length’and‘breadth’,andyouareabletocalculatetheperimeterandtheareaofarectangleusingtheseexpressions.Youarealsoabletostorethevalueoftheexpressionlength*breadthinanothervariable,whichisnamedarea,andthendisplayeditusingtheprintfunction.

Nowthatyouareawareofhowyoucanusethebuildingblocksofaprogramminglanguage,youcannowreadytolearnhowyoucanusetheminacode!

Chapter6:FunctionsandModulesWritingacodeforhackingcanbetediouswhenyouarelimitedtousingoperations–justimaginehavingtowriteanoperationandthenrepeatthatoverandoveragainthroughoutyourscriptinorderforyourcodetodosomething.ItisagoodthingthatPythonallowsyoutomakeuseoffunctionsandmodulesthatwillallowyoutorepeatcertainactionswithinyourcodeandinotherscriptsthatyouwillbebuildinginthefuture.

Inthischapter,youwilllearnhowtocreateandmakeuseoffunctionsandmodules.Youwillalsolearnhowtoiteratecommandsthatyouhaveissuedinyourscriptinordertorepeatcertainactionsfordifferentelements,andhandleerrorsthatyoumayencounterinyourscript.

FunctionsInPython,afunctionallowsyoutocreateablockofcodethatwillbeabletodoanaction.Theyarealsoreusable,whichmeansthatyoucanprovideanametothatstatementblockandthenrunthisblockusingthenamethatyouassigneditanywhereintheprogramthatyouarebuildingwithoutanylimit.InPythonterms,thisiscalled“callingthefunction”.

Functionsareprobablythemostimportantcomponentofaprogramminglanguage.InPython,theyareusuallydefinedusingthekeyworddef,followedbyanidentifiernameforthefunctionthatyouwanttouse.Takealookatthisexample:

Savethisasfunction1.py,andthenrunitattheinterpreterprompt.Youshouldseethisoutputafterdoingso:

Whathappenedhereisthatyouareabletodefinethefunctionsay_hello,whichhasnoparameters,whichisthereasonwhythereisnovaluestatedinsidetheparentheses.Parametersareindicatedinfunctionsinordertoincludeaninputthatyoucanusetopassdifferentvaluestothefunctionandgetaspecificresultthatyouhaveinmind.

Alsonoticethatyouhavemanagedtocallthefunctiontwotimesinthisexercise,whichmeansthatyoudidnothavetowritetheentirecodeagainforPythontorepeataparticularaction.

FunctionParametersFunctionsareabletotakeinvaluesthattheywillbeabletouse,whicharecalledparameters.Parametersactsimilarlytovariables,exceptthatyouaredefiningtheirvalueswheneveryoucallthefunctionandthatyouhavealreadyassignedvaluestothemonceyourunthefunction.

Parametersarespecifiedwithinapairofparentheseswhenyouaredefiningthefunctionandareseparatedusingcommas.Ifyouneedtocallthefunctioninyourcode,youwillneedtosupplythevaluesinthesameway.Alsotakenotethatwhenyouaresupplyingvaluetoyourfunctionwhileyouarenamingit,thesevaluesarecalledparameters;butwhenyouaresupplyingvaluesasyoucallthefunction,thesevaluesarecalledarguments.Takealookatthisexample:

Savethisasfunction_param.pyandthenrunitattheinterpreterprompt.Youshouldgetthisoutput:

KeywordArgumentsTherewillbeinstancesasyoucodewhereinyouhavetoomanyparametersinyourfunction–ifyouwanttospecifysomeofthem,thenyoucanusekeywordargumentsinordertogivevaluesforsomeoftheparameters.Doingsowillgiveyoutheadvantageofeasilyusingthefunctionwithouthavingtoworryaboutthearguments’order,andthatyoucanassignvaluestotheparametersthatyouwanttouse,especiallywhentheotherparametersthatareavailablealreadycontainsargumentvaluesthataresetindefault.

Takealookatthissamplecode:

Savethiscodeasfunction_keyword.py,andthenrunitattheinterpreterprompt.Youshouldgetthefollowingoutput:

ThereturnStatementIfyouwanttobreakoutofthefunction,orifyouwanttoreturnavaluefromthefunction,thenthisstatementwillprovetobehelpful.Takealookatthisexample:

Savethiscodeasfunction_return.pyandthenrunitattheinterpreterprompt.Youshouldgetthefollowingoutput:

DocStringsPythoncomeswithacoolfeaturecalleddocstrings,whichisatoolthatyoucanusetodocumentthecodethatyouarecreatingandmakeiteasiertounderstand.Youcanalsogetadocstringfromafunctionwhilethecodeisalreadyrunning.Takealookatthisexample:

Savethiscodeasfunction_docstring.pyandthenrunitontheinterpreterprompt.Youshouldgetthefollowingoutput:

Whathappenedhereisthatyouareabletoviewthedocstringforthefunctionthatyouhaveused,whichisthefirststringontheinitiallogicalline.Takenotethatdocstringscanalsobeusedinclassesandmodules.

IterationTherearesomeinstanceswhereinyoumayfindittoredundanttowritethesamecodemultipletimestodoasimilarfunction,suchascheckingdifferentIPaddressesoranalyzedifferentports.Forthisreason,youmaywanttouseafor-loopinsteadtoiteratethesamecodefordifferentelements.Forexample,ifyouwishtoiterateacodeforthesubnetofIPaddressesfrom192.168.0.1through192.168.0.254,youcanuseafor-loopthatcontainsarangeof1to255todisplaytheentiresubnet.Takealookatthissamplecodetoseehowitisdone:

Ifyouwanttoiteratethesamecodethroughalistofknownportstoanalyzeasystem’svulnerabilities,youcaniteratethroughalistofelementsthatyouwanttocheckinstead.Takealookatthisexample:

ExceptionHandlingEvenifyouarealreadyabletowriteaprogramwithcorrectsyntax,youmaystillgothroughsomeerrorsuponexecutionorruntime.Forexample,whenyoudivideanythingbyzero,youarelikelytoexperiencearuntimeerrorbecausePythonknowsthatitisimpossibletodoso.Whenyouattempttoperformthisaction,Pythonmightreturnwiththisoutput:

Ifyouwanttofixtheerrorwhileyouarealreadyrunningyourcode,Python’sabilitytoperformexceptionhandlingwillcomeinhandy.Usingtheexampleabove,youcanusethetryorexceptstatementinordertomakeuseoftheexceptionhandlingsothatwhentheerrorhappens,theexceptionhandlingfeaturewillcatchtheerrorandthenprintthemessageonthescreen.Takealookatthisexample:

Ifyouwanttoseewheretheerrorspecificallyhappenedinyourscript,youcanusethefollowingcodeinstead:

ModulesIfyouwanttomakeuseofthefunctionsthatyouhavealreadycreatedfromanotherprogramtoanother,insteadofhavingtorewritetheentirecode,thenyoucanuseofmodules.

Thesimplestwaytomakemodulesistocreateafilethatcontainsallthevariablesandfunctionsthatyoumayneedtouseinafutureprogramandthensaveitasa.pyfile.Alternatively,youcanalsocreateyourmodulesinalanguageinwhichthePythoninterpreteriswritten,suchastheClanguage.Youcanalsohaveamoduleimportedbyanotherprogramanduseallthefunctionalitysavedinthere,whichisthesameasyouusethestandardlibrariesthatyouuseinPython.

Takealookathowyoucanuseastandardlibrarymodulethroughthisexample:

Savethiscodeasmodule_using_sys.pyanthenrunitontheinterpreterprompt.Youshouldgetthisoutput:

Whathappenedhereisthatyoufirstimportedthesysmodule.Byusingtheimportstatement,youareabletotellpythonthatyouwanttouseamodulethatcontainsthefunctionalitythatisrelatedtothePythonenvironment.Whenthisprogramminglanguageexecutesthestatement,itwillthenlookforthe.sysmodule.Sincethisisabuilt-inmodule,Pythonknowsthelocationwhereitcanbefound.

InanycaseyouaretryingtoimportamodulewritteninPython,theinterpreterwillthensearchalldirectoriesthatarelistedinthevariablesys.path.Onceitisfound,thestatementsfoundinthatmodulewillberun,makingitavailableforyoutouse.Thisinitializationprocessonlytakesplacethefirsttimeyouimportamodule.

SysModulePythonhasabuilt-inmodulethatprovidesyouaccesstoallobjectsthattheprogramminglanguage’sinterpretermaintainsoruses.Calledthesysmodule,thismoduleincludescommandlinearguments,maximumsizeofintegersthatcanbeused,flags,pathhooks,aswellasotheravailablemodules.

Beingabletointeractwiththesysmodulewillallowyoutocreatedifferentscriptsthatyoucanusefordifferenthackingpurposes.Forexample,youmaywanttoanalyzedifferentcommandlineargumentsduringruntime.Ifyouaregoingtobuildascannertodiscoversystemvulnerabilities,youmaywanttopassafilenameasacommandlineargument,whichcanbedonebyusingthelistsys.argvwhichiscomprisedofallthecommandlinearguments.Takealookatthissamplecodetoseehowthismoduleisused:

Whenyourunthispieceofcode,youwillseethatthecommandlineargumenthasbeenanalyzedandthenPythonprintsouttheresultsonthescreen.Theoutputwilllooklikethis:

OSModulePython’sOSmoduleprovidesagreatdealofroutinesfordifferentoperatingsystems,suchasMac,Posix,andNT.Usingthismodule,youcanallowtheprogramminglanguagetointeractonitsownwiththefile-system,permissions,userdatabase,anddifferentOSenvironment.

Usingthepreviousexample,you,theuser,submittedatextfileasacommandlineargument.However,itwillalsobeofvalueifyoucancheckifthefilethatyouhavepassedexistsandthecurrentuserofthemachineyouaretargetinghavethenecessarypermissionstoreadthatfile.Todeterminethis,youcancreateacodethatwilldisplayanerrormessageifeitheroneoftheconditionisnotmet.Youcanusethiscodetodothat:

Tocheckyourcode,youcanattempttoreadafilethatisnotavailableinthesystem,whichwillcausethescriptyoujusttypedintodisplaytheerror.Afterwards,youcanenterafilenamethatwillbesuccessfullyread.Finally,youcancreatepermissionrestrictionsandseethatthescriptthatyouhavecreatedprintoutaconventionalAccessDeniedmessage:

ThePythonStandardLibraryPython’libraryisprettymuchthecollectionofalmosteveryelementthereisinthisprogramminglanguage.Thisextensivecollectioncontainsseveralbuilt-inmodulesthatallowyoutoaccessdifferentfunctionalitiesinthesystem.ThePythonsstandardlibraryisalsoresponsibleforprovidingyouaccesstomodules,whicharedesignedtoenhancePython’sinherentportability.Thismeansthatyouareabletodealawaywithplatformswhenitcomestocreatingyourcodes.

IfyouarerunningPythonfromaWindowsmachine,youarelikelytohavetheentirestandardlibraryincludedinyourinstallation.IfyouareoperatingusingUNIXoranysimilaroperatingsystem,youmayneedtousethepackagingtoolsavailableinyouroperatingsystemifyouwanttogetsomeoftheoptionalcomponents.

Atthispoint,youalreadyknowtheessentialsinPython.Asyoucreateyourowncodesforhackingorimportmodulesfromlibraries,youwillbeabletodiscovermorefunctionalitiesandlearnwhattheyarefor.

Sinceyouarelearninghowtocodeinordertohack,thebestwayforyoutopickupyourpaceistolearnasyoucreatetoolsthatyoucanuseforhacking.Thismeansthatitistimeforyoutodotheexcitingstuff!

Chapter7:SettingUpforHackingAtthispoint,youhaveabasicideaofhowPythonworksandhowprogramswerecreatedusingthis programming language. Now, you are ready to learn how you can use Python scripts tocompromisewebsites,networks,andmore.

Learninghow tohackentailsbeingable to setup the rightenvironment thatyoucanwork in inorder todevelopyourownexploitation tools.Sinceyouhavealready installedPythonand thestandard library thatcomeswith it,youareprettymuchsetup forhacking.Allyouneed todonowistoinstallothertoolsandlibrariesthatyoucanusefortheexploitsthatwillbedetailedinthisbook.

InstallingThirdPartyLibrariesThirdpartylibrariesareessentiallylibrariesthatdonotcomenativewithyourinstallationofPython.Allyouneedtodotogetthemistodownloadthemfromatargetedsource,performuncompressingonthepackagethatyoujustdownloaded,andthenchangeintothetargetdirectory.

Asyoumighthavealreadyguessed,thirdpartylibrariesareextremelyusefulwhenitcomestodevelopingyourowntoolsoutoftheresourcesthatarealreadycreatedbysomeoneelse.SincePythonisahighlycollaborativeprogramminglanguage,youcanuselibrariesthatyoumayfindfromwebsitesourcessuchasGitHuborthePythonwebsiteandincorporatethemintoyourcode.There

Onceyouareinsidethedirectory,youcaninstallthedownloadedpackageusingthecommandpythonsetup.pyinstall.Takealookatthisexampletoseehowitisdone:

Whatjusthappenedhereisthatyouwereabletoinstallapackagethatwillallowyoutoparse

nmapresultsbydownloadingthepython-nmappackage.

Tip:Ifyouwanttoestablishyourdevelopmentenvironmentfaster,youmaywanttogetacopyoftheBackTrackLinuxPenetrationDistribuion,whichessentiallyallowsyoutogetaccesstotoolsthatareusedforforensics,networkanalysis,penetrationtesting,andwirelessattacks.

YourFirstPythonProgram:APasswordCrackerPython’sstrengthliesintherobustlibrariesthatyoucanusewhencreatingyourownprograms.ThisPythonprogramwillnotonlyteachyouhowyoucancrackpasswords,butalsohelpyoulearnhowtoembedalibraryinyourcodeandgetresultsthatyouwant.

Towritethispasswordcracker,youwillneedtohaveacrypt()algorithmthatwillallowyoutohashpasswordsthatareintheUNIXformat.WhenyoulaunchthePythoninterpreter,youwillactuallyseethatthecryptlibrarythatyouneedforthiscodeisalreadyrightinthestandardlibrary.Now,tocomputeforanencryptedhashofaUNIXpassword,allyouneedtodoistocallthefunctioncrypt.crypt()andthensetpasswordandsaltasparameters.Thecodeshouldreturnwithastringthatcontainsthehashedpassword.

Hereishowitshouldbedone:

Now,youcantryhashingatarget’spasswordwiththefunctioncrypt().Onceyouareabletoimportthenecessarylibrary,youcannowsendtheparameterssalt“HX”andthepassword“egg”tothefunction.Whenyourunthecode,youwillgetahashedpasswordthatcontainsthestring“HX9LLTdc/jiDE”.Thisishowtheoutputshouldlooklike:

Whenthathappens,youcansimplywriteaprogramthatusesiterationthroughoutanentiredictionary,whichwilltryagainsteachwordthatwillbepossiblyyieldthewordusedforthepassword.

Now,youwillneedtocreatetwofunctionsthatyoucanuseintheprogramthatyouaregoingtowrite,whicharetestPassandmain.Themainfunctionwillpullupthefilethatcontainstheencryptedpassword,whichispassword.txt,andwillthenreadallthecontentsinthelinesthatthepasswordfilecontains.Afterwards,itwillthensplitthelinesintothehashedpasswordandits

correspondingusername.Afterthat,themainfunctionwillcallthetestPassfunctiontotestthehashedpasswordsagainstthedictionary.

ThetestPassfunctionwilltakethepasswordthatisstillencryptedasaparameterandthenwillreturnafterexhaustingthewordsavailableinthedictionaryorwhenithassuccessfullydecryptedthepassword.Thisishowtheprogramwilllooklike:

Whenyourunthiscode,youwillbeabletoseethisoutput:

Judgingfromtheseresults,youwillbeabletodeducethatthepasswordfortheusername‘victim’isrightinthedictionarythatyouhaveavailable.However,thepasswordfortheusername‘root’isawordthatyourdictionarydoesnotcontain.Thismeansthattheadministrator’spasswordinthesystemthatyouaretryingtoexploitismoresophisticated,butcanpossiblybecontainedinanotherdictionarytype.

Atthispoint,youarenowabletosetupanidealhackingenvironmentforPythonandlearnhowtomakeuseofavailableresourcesfromotherhackers.Nowthatyouareabletocreateyourfirsthackingtool,it’stimeforyoutodiscoverhowyoucanmakeyourownhackingscripts!

Chapter8:NetworkHacking

Anetworkattackisanyprocessortacticthatwillallowahackertocompromiseanetwork’ssecurity.Whenyouareabletoperformanetworkattack,youcanuseauser’saccountandtheprivilegesthatareattachedtoit,stealormodifystoreddata,runacodetocorruptasystemordata,orpreventanauthorizeduserfromaccessingaservice.

Inthischapter,youwilllearnhowtoattackanetworkusingsomethird-partytoolsandcodesthatyoucanwriteusingPython.Atthesametime,youwillalsogainbetterawarenessonhowhackersgaininformationabouttheirtargetandperformattacksbasedonthevulnerabilitiesthattheywereabletodiscover.

Reconaissance:TheOpeningSalvotoYourAttackHackingasystembeginswithreconnaissance,whichisthediscoveryofstrategicvulnerabilitiesinnetworkbeforelaunchinganycyber-attack.Youcanthinkofthisasahacker’sresearchabouttheirtargets–themoreinformationtheyknowaboutthenetworkthattheywanttohack,themoreideastheycangatheraboutthebesttoolsthattheycanuseinordertolaunchattacksthataremostlikelytobecomeundetectedbythetargeteduserwhilecausingthemostdamagepossible.

Takenotethateveryonecanbeahacker’starget,whichmeansthatlearninghowhackersperformreconnaissancemeansbeingabletoprotectyourownsystemaswell.Wheneveryouconnecttotheinternetandsenddataovertheweb,youareleavingbehindfootprintsthathackerscantracebacktoyou.Whenthathappens,itispossiblethathackerswillwanttostudyyouractivitiesoveryour network and discover vulnerabilities in your system that willmake it easier for them toinfiltrateandstealdatathatcanbeofvaluetothem.

Inthissection,youwilllearnhowtobuildsimplescriptsthatwillallowyoutoscanyourtarget’svulnerableTCPports.Inordertointeractwiththisopenports,youwillalsoneedtocreateTCPsockets.

PythonisoneofthemodernprogramminglanguagesthatallowsyoutogainaccesstoBSDsocketinterfaces.Ifyouarenewtothisconcept,BSDsocketsgiveyouaninterfacethatwillallowyoutowriteapplicationssothatyoucandocommunicationswithanetworkrightinbetweenhosts.BydoingaseriesofsocketAPIutilities,youwillbeabletoconnect,listen,create,bind,orsendtrafficonatarget’sTCP/IPsockets.

Whathappenswhenyouareabletoexploitatarget’sTCP?IfyouareabletoknowtheIPaddressandtheTCPportsthatareassociatedwiththeservicethatyouwanttotarget,thenyoucanbetterplanyour attack.Most of the time, this information is available to systemadministrators in anorganizationand thisdata isalsosomething thatadminsneed tohide fromanyattacker.Beforeyoucanlaunchanyattackonanynetwork,youwillneedtogainthisinformationfirst.

MakingYourPortScanner

Portscanningisamethodinwhichyoucanassesswhichoftheportsinatargetedcomputerisopen,andwhatkindofserviceisrunningonthatspecificport.Sincecomputersareoperatingtocommunicatewithotherdevicesandperformafunctionbyopeningaporttosendandreceivedata,openportscanbeavulnerabilitythathackerswillwanttoexploit.Thinkofanopenporttobesimilartoanopenwindowtoaburglar–theseopenportsserveasafreepassagetoanyhackerthatwillwanttostealdataorsetupshopinsideacomputertoexploititsweaknessesforanextendedamountoftime.

Takenotethatportscanningisnotanillegalactivitytodo–infact,networksecuritypersonnelscantheportsofclientcomputersinordertolearnabouttheirvulnerabilitiesandapplythesecurityprotocolneeded.However,portscanningisalsothebestwayforanyhackertodiscovernewvictimsandfindoutthebestwaytohacktheirsystem.Atthesametime,repetitiveportscanscanalsocauseadenialofservice,whichmeansthatalegitimateusermaynotbeabletousea

particularnetworkingserviceduetotheportsexhaustingtheirresources.

Aportscannerwillallowyoutolookatthehostsandtheservicesthatareattachedtothem.TheyessentiallyThissectionwillenabletowriteyourownprogramforaTCPportscannerthatwillbeabletodoafullconnectscantothetarget’sTCPinordertoidentifythehoststhatyoumaywanttoexploitinthefutureusingthesocketbuilt-inmodule,whichinturngivesyouaccesstotheBSDsocketinterface.

Asyoumayhavealreadyguessed,socketsarebehindmostlyanythingthatinvolvesnetworkcommunications.Whenyoupullupawebbrowser,yourcomputeropensasocketinordertocommunicatetoawebserver.Thesamethinghappenswhenyoucommunicatetoothercomputersonline,orsendarequesttoyourprinteroveryourWi-Fi.

Takealookatsomeofthesocketfunctionsthatyouaregoingtouse:

Withthisinformation,youcancreateasimpleportscannerthatwillallowyoutoconnecttoeveryportthatyouareabletodefinethatcorrespondstoaparticularhost.Pullupyourtexteditorandthensavethefollowingcodeasportscanner.py:

Whenyourunthisprogramattheinterpreterprompt,thisishowtheoutputshouldlooklike:

UsingtheMechanizeLibrarytoPerformAnonymousReconnaissanceMostcomputerusersuseawebbrowsertonavigatewebsitesandviewcontentovertheInternet.Eachwebsitehasadifferentfeatures,butwillusuallyreadaparticulartextdocument,analyzeit,andthendisplayittoauser,justlikethewayasourcefileinteractswiththePythoninterpreter.

UsingPython,youcanbrowsetheinternetbygettingandparsingtheHTMLsourcecodeofawebsite.Therearedifferentlibrariesthatcomewiththisprogramminglanguagethatcanhandlewebcontent,butforthishack,youwillbeusingMechanize,whichincludestheprimaryclasscalledBrowser.Takealookatthissamplescriptthatwillshowyouhowtogetasourcecodeofawebsite:

Whenyourunthisscript,youwillseesyngress.com’sHTMLcodefortheirindexpage,whichwilllooklikethis:

EnsuringAnonymityWhileBrowsingNowthatyouknowhowtogetawebpage,youwillwanttocreateascriptthatwillallowyoutoanonymouslyretrieveinformationfromawebsite.Asyoumayalreadyknow,webserversseetoitthattheylogtheIPaddressesofdifferentusersthatviewtheirwebsitesinordertoidentifythem.ThiscanusuallybepreventedbyusingaVPN(virtualprivatenetwork),orbyusingTor.WhathappenswhenyouuseaVPNisthatalltrafficgetsroutedtotheprivatenetworkautomatically.Withthisconcept,yougettheideathatyoucanusePythontoconnecttotheproxyserversinstead,whichwillgiveyourprogramanaddedlayerofanonymity.

YoucanusetheBrowserclasstospecifyaproxyserverthatwillbeusedbyaparticularprogram.Forthisscript,youcanusetheHTTPproxyprovidedbywww.hidemyass.com.Justinanycasethisproxyisnotavailabletobeusedanymore,youcansimplygotothewebsiteandselectanHTTPproxythatyoucanuse.Youcanalsogetothergreatproxiesforyourcodesathttp://rmccurdy.com/scripts/proxy/good.txt.

Youwillthenseethatthewebsiteyouaretryingtoaccessbelievesthatyouareusingthe216.155.139.115IPaddress,whichisactuallytheIPaddressthatyourproxyprovidedyou.Now,continuebuildingyourscript:

Atthispoint,yourbrowseralreadycontainsasinglelayerofanonymity.However,websitesdouseastringcalleduser-agentinordertoidentifyuniqueusersthatlogintotheirsite.ThisstringwillusuallyallowthewebsitetogetusefulinformationaboutauserinordertoprovideatailoredHTMLcode,whichthenprovidesabetteruserexperience.However,maliciouswebsitescanalsousethatinformationtoexploitthebrowserthatisbeingusedbyatargeteduser.Forexample,therearecertainuser-agentstringsthatsometravelwebsitesusetodetectusersthatbrowseusingMacbooks,whichthenproceedtogivetheseusersmoreexpensiveoptions.

SinceyouareusingMechanize,youcanchangetheuser-agentstringjustlikehowyouchangetheproxy.Youcanmakeuseofavailableuser-agentstringsfromhttp://www.useragentstring.com/pages/useragentstring.phpthatyoucanuseforthenextfunctionthatyouaregoingtomake.Now,youwillbecreatingascriptthatwillallowyoutotestachangeonyouruser-agentstringtotheNetscapebrowser:

Whenyourunthiscode,youwillbeabletoseethatyouareabletobrowseawebpageusingafalseuser-agentstring.ThewebsitethatyouarebrowsingnowthinksthatyouareusingaNetscape6.01browserinsteadofsimplyusingPythontofetchthepage.

Whathappensafteristhatwebsitesthatyouaregoingtovisitwillattempttopresentcookiesthattheycanuseasauniqueidentifierinordertoidentifyyouasarepeatvisitorwhenyougobacktotheirsitethenexttime.Topreventthesewebsitesfromidentifyingyou,youwillneedtoseetoitthatyouclearallthecookiesfromyourbrowserwheneveryouperformfunctionsthatyouwanttobeanonymous.Anotherbuilt-inlibraryinPython,calledtheCookelib,willallowyoutomakeuseofvariouscontainertypesthatwillallowyoutodealwithcookiesthatwebsitepresentyou.Forthisscript,youwillbeusingacontainertypethatwillallowyoutosavecookiestodisk,andthenprintoutthecookiesthatyoureceivedduringyoursession:

Whenyourunthisscript,youwillseeyoursessionIDcookieforbrowsingtheSyngresssite:

FinalizeYourAnonymousBrowserintoaPythonClassAtthispoint,youhaveanideaofallthefunctionsthatyouwanttoincludeinyouranonymousbrowser,andthatinordertomaketheentireprocessofimportingallthesefunctionstoallfilesthatyouwillbecreatinginthefuture,youwillneedtoturnthatintoaclass.Thiswillallowyoutosimplycalltheclassusingabrowserobjectinthefuture.Thisscriptwillhelpyoudothis:

Thisclassnowcontainsuser-agentslist,aswillasproxyserverlistthatyoumaywanttousewhenyoubrowse.Italsocontainsthefunctionsthatyouwereabletocreateearlier,whichyoucancallindividuallyorallatonceusingtheanonymizefunction.Theanonymizefunctionwillalsoallowyoutoselecttheoptiontowaitfor60secondswhichwillincreasethetimeofrequeststhatyousend.Whilethiswillnotchangeanythingintheinformationthatyousubmittothewebsite,thisstepwilldecreasethechancethatthewebsitesthatyouarevisitingwillrecognizethattheinformationbeingsenttothemcomesfromasinglesource.YouwillalsonoticethatthefileanonBrowser.pyincludesthisclass,andshouldbesavedinalocaldirectorycontainingscriptsthatwillcallit.

Now,youcanwriteascriptwhereyoucanusetheclassthatyouhavejustcreated.Inthisexample,youwillbeenteringvotesforanonlinecompetitiononthewebsitekittenwar.comwhereyouhavetovoteforkittensbasedontheircuteness.Becausethevotesonthewebsitewillbetabulatedaccordingtoauser’ssession,youwillneedtohaveuniquevisitstothewebsitein

orderforyourvotestobecounted.Usingthisscript,youshouldbeabletovisitthetargetedwebsiteanonymouslyfivetimes,whichwillallowyoutoenterfivevotesusingthesamecomputer:

Afterrunningthisscript,youwillbeabletofetchthetargetedwebpageusingfivedifferentuniquesessions,whichmeansthatyouareusingdifferentcookieseverytimeyouvisit.

WirelessAttack:DnspwnAttackThisattackiscreatedbyusingtheairpwntool,whichisaframeworkforpacketinjectionforwireless802.11.Thistooliscreatedtolistentoincomingpacketsandtheninjectscontenttotheaccesspointwhentheincomingdatamatchesapatternthatisspecifiedintheconfigfile.Toyourtarget,yourairpwnlooksandbehavesliketheserverthatheistryingtocommunicateto.ThistoolwasfirstcreatedtotargetHTTP,butitcanalsobeusedtoexploitDNS.

Inanessence,usingadnspwnattackentailsluringyourtargettovisitamaliciouswebpagethatwillinstallmalwaretoyourtargetthroughdownload,ortospoofaparticularwebsitetostealyourtarget’scredential.Toperformthisattack,youwillneedtohaveBacktrackorKaliLinuxinstalledinyourcomputer,aswellasawirelesscardadapter.

Followthesesteps:

1. Setupyourwirelessmonitor

Inordertosniffyourtarget’swirelessactivity,youwillneedtosetupyourwirelesscardadaptertomonitormode.Todothis,pullupairmon-ngfromKaliLinuxandthenenterthefollowingcommand.

Now,youwillbeabletocapturedatarightinthedemo_insecure(target)network.

Onceyouhaveamonitorupandrunning,youcanstartcreatingthecodeforyourattack.

2. Createyourcode.

Youwillneedtomakeuseofthescapymoduleinordertoperformthednspwnattack.Todothis,youwillneedtosniffalltheUDPpacketsthatcomeswiththeport53destinationandthensendthepackettothesend_responsefunctionthatyouwillcreatelater.

Nowthatyouhavethescapymodule,wecannowmakethefunctionthatwillallowyoutoconstruetherequestfortheneededinformationandthendoresponseinjection.Youcandothisbyworkingupthefollowinglayers:

802.11Frame–switchthe“to-ds”to“from-ds”flag,whichwillmakeitseemliketherequeststhatyouaremakingarecomingfromtheaccesspoint

802.11Frame–changetheMacaddressesofthedestinationandsource

IPlayer–changetheIPaddressesofthedestinationandsource

UDPlayer–changetheportsofthedestinationandsource

DNSlayer–Putinthe“answer”flag,andthenaddtheanswerthatyouhavespoofed.

Thescapemodulemakestheentireprocesssimplebyremovingawayalotofdetailsthatyoudonotneedtobeconcernedabout.Oncetheotherdetailshasbeenabstractedawaybyscapy,youcanusethefollowingcode:

Atthispoint,youhavealltheflagssetforyourattack.ThenextstepistomakeandaddtheDNSanswer:

Finally,injecttheresponsethatyouhavespoofed:

KickaUserOutofYourNetwork

Thishackisasolutionthatyoumighthavebeendreamingof,especiallyifyouareusinganetworkthathasalotofotherusersinit.Asyoumayhavenoticed,thereisacertainlimitwhenitcomestosendingandreceivingdatathroughthenetworkandyourownnetworkinginterfaces.Thereasonforthislimitistheamountofbandwidththatyouhave,andifotherusersarenothoggingthebandwidth,thefasteryourconnectionswillbe.

Whenallthebandwidththatshouldbeavailabletoyou,youareexperiencingaDoS(DenialofService).YoucanactuallyforceaDoStoanotheruserbysearchingandmanipulatingaremotehost’sservice.Onceyoualreadyfoundthatservice,youcanmaketheprogrambehaveinawaythatitisnotsupposedtodo,whichwillcausetheremotehosttotakeupallitsavailableresourcesandthentakeitoffline.Alternatively,youcanalsocauseaUDPflood,whichisdonebysendingahugequantityofUDPpacketstoseveralportsonyourtarget’sremotehost.ThiswillcausethehosttoignoreanyapplicationthatarelisteningtothatparticularhostandthenreplywithapacketthatsaysICMPDestinationUnreachable.

Todothis,allyouneedtodoistopullupyourtexteditorandinputthefollowingcode:

Savethiscodeasudpflood.py,andthenselectallfileoptionsuponsaving.Torunthecode,pullupIDLEandthenexecutetheprogram,whichwillpromptyoutoenteralltheotherinformationthatyouneed.Takenotethatthishackisdirectedtoonlyoneport,butifyouwanttoexploitallother65,535portsthatareavailable.

Chapter9:HacksfortheWebYoumaybewonderinghowtogetpastcertainwebsiteprotectionpoliciesinordertogetafilethatyouwant,browseanonymously,orgetmoreinformationaboutthewebsitethatyouwanttopenetrate to launchamassiveattack.Inthischapter,youwill learnhowyoucanperformCreathacksonawebsiteusingsomeprogramsthatyoucancreateusingPython.

CreatinganSSHBotnetNow that you know how to create a port scanner and you are aware of how you can findvulnerable targets,youcannowproceed toexploit theirvulnerabilities.Oneof theways todothisistoexploittheSecureShellprotocol(SSH)inordertogetlogincredentialsfromclients.

What isabotnet?Bots,as thenameimplies,are incrediblyusefulwhenitcomestoautomatingservicesinpracticallyanydevice.Botnets,ontheotherhand,isagroupofbotsthatarejoinedtogetherbyanetworkwhichallowssystemadministratorsetoefficientlydoautomatedtasksoveranentiresystemofusersthatareconnectedtogetherbyaserveroralocalnetwork.Whilebotnetsareessentiallytoolsforeasymanagingofseveralcomputers,theycanalsobetoolsthatyoucanuseforunintendedpurposes,suchascreatingaDoSorDDoS(DistributedDenialofService)thatmaycauseawebsitetoloadmultipletimesinasessionorforcommentingonsocialmediasitescontinuously.

Here is aprogram thatwill allowyou tocreateyourownbotnetusinganotherpopularPythonlibrarycalledFabric,whichwillenableyoutocreateanapplicationcalledC&C(commandandcontrol)thatwillallowyoutomanagemultipleinfectedhostsoverasecureshellhost.

CreatingtheC&CAssumingthatyou,astheattacker,alreadymanagedtocompromisetheSSHandalreadyhaveaccesstothem.Assumingthatthehostscredentialsarestoredinafilethathasthisformat:username@hostname:portpassword.

Nowthatyouhavethesecredentials,youwillneedtoconsiderthefunctionsthatyouneedtocreate.Thismaymeanthatyouneedtorunastatuschecktoseerunninghosts,makeaninteractiveshellsessiontocommunicatewithatargetedhost,andperformacommandonselectedhosts.

Tobegin,youwillneedtoimporteverymemberofthenamespacefabric.api:

Afterthat,youwillneedtohavetheenvironmentvariables,env.passwords(mapsthehoststringsandthepasswordsthatyoucanuse)andenv.hosts(managesthehosts’masterlist),tobeabletomanageallthehoststhatyouwanttotarget.Onceyouhavethesesetup,youwillnothavetoentereachpasswordforeachnewconnection.

Nowthatyouhavethissetup,youcannowproceedtorunningthecommands.Herearethefunctionsthatyoucanusetocanuse:

local(command)–runsacommandonthetargetedlocalsystem

sudo(command)–performsashellcommandremotelyusingsuperuser(oradmin)privileges

put(local_path,remote_path)–uploadsfilesremotely

open_shell()–pullsupaninteractiveshellremotely

run(command)–performsashellcommandremotely

get(remote_path,local_path)–downloadsfilesremotely

Youcannowcreateafunctionthatwillallowyoutocreateacommandstring,andthenrunit.Here’sthecodetocreatetherun_command:

Now,youcancreateataskthatwillallowyoutomakeuseoftherun_commandfunction,whichwillenableyoutocheckwhichhostsareactivebyexecutingthecommandcalleduptime:

Toperformtheothertasks,youwillwanttocheckwhichhostsyouwouldwanttogivetheothercommandsortocreateashellsessionto.Tobeabletodothis,youwillneedtocreateamenuthatwillenableyouexecutetheothertaskswiththespecifiedhostsusingtheexecutefunctionofFabric.Hereishowthispartofthecodeshouldlooklike:

Savethecodeasfabfile.pyandthenrunitontheinterpreterprompt.Thisisswhattheentirecodelookswhenyourunit:

Youwillseethatyouwereabletogaincontrolofallthemachinesthatyouhaveaccessto.

ScrapingWebsitesthatNeedsLoginCredentialsIfyouwanttominedatafromawebsite,youwillfindthatyouwillfirstneedtologinbeforebeingabletoaccessanyinformationthatyouwant.Thismeansthatinordertogetthedatathatyouneed,youwillfirstneedtoextractallthedetailsthatyouneedtologintoyourtargetedwebsite.

StudyingtheTargetWebsiteHere’sthescenario:youwanttoscrapedatafromthebitbucketsite,whichyoucanaccessbyloggingintobitbucket.org/account/signin.Sinceitispromptingyoutosupplyusercredentials,youareunabletogointothewebsiteandminetheinformationthatyouwant.Asyoumayhaveguessed,youwillhavetobuildadictionarythatwillallowyoutoputindetailsforthelogin.

Inordertofindoutwhatyouneedtoinputthecredentialsthatyouneed,youwillneedtoinspecttheelementsofthefield“usernameoremail”.Youcandothisbyright-clickingonthefieldandthenselectingon“inspectelement”.

Dothesameforthepasswordfield:

Now,youareawarethatyoushouldbebeusing“username”and“password”askeysinyourdictionary,whichshouldgiveyouthecorrespondingcredentialsasvalue.

Next,searchforaninputtagthatishiddeninthepagesourcethatislabeled“csrfmiddlewaretoken”,whichwillprovideyouthekeyandvalue:

CreateYourCodeNowthatyouknowtherequirements,youcannowcreatetheprogramthatyouneedtobuildyourdictionary:

Savethisaslogin_scraper.pyandthenrunitontheinterpreterprompttogetthecredentialsthatyouneed.

Chapter10:UnderstandingAttacksUsingPython

Hackingisnotallaboutlaunchingattacks–understandinghowblackhathackerslaunchtargetandpenetratetheirtargetsystemswillmakeyouunderstandhowyoucanuseyournewfoundknowledgetopreventyourownsystemfrombeingvulnerabletothem.

KnowingUserLocationsOutofTweetsIfyouhavebeenusingTwitter,youmaythinkthatyouaretweetingyourupdatesfromsheerrandomness;however,thetruthisthatyouarefollowinganinformalformulaforthetweetsthatyoucompose.Generally,thisformulaincludesanotherTwitteruser’snamewhichtellstowhomyourtweetisdirectedto,thetextofyourtweet,andyourchoiceofhashtag.Thereareotherdataincludedinyourtweet,whichmaynotbevisibleinthebodyofyourtweet,suchasanimagethatyouwanttoshareoralocation.Toahacker,alltheinformationinyourtweetcontainssomethingthatwillbeimportantinwritinganattack–whenyouthinkaboutit,youaregivingawayinformationaboutthepersonthatyouareinterestedin,linksthatyouandyourfriendarelikelytobeinterestedin,andtrendsthatyoumightwanttolearnabout.Thepictures,especiallyanimageofalocation,becomeaddeddetailstoauser’sprofile,whichforexamplemayindicatewhereatargetedpersonislikelytogotoeatbreakfast.

Ifyouwanttogetdetailsanonymouslytoretrievealltheseinformation,youcanusethefollowingcode:

Now,youcantestthisscriptbycreatingalistofcitiesthathostmajorleagueteams.AfterthatyoucanscrapeTwitteraccountsforWashingtonNationalsandtheBostonRedSox.Yourscriptwilllooklikethis:

Whenyourscriptreturnswiththeaboveresults,youarelikelytodeducethatthetheseteamsaretweetinglivefromwheretheyare.Fromthisoutput,youmaydeducethattheRedSoxareplayinginToronto,whiletheNationalsareinDenver.

MatchinganIPAddresstoaPhysicalLocationMostofthetime,peoplearewillingtopostwhatisontheirmindonsocialmediasites,orperformattacksthattheyfindusingonlinetoolsthattheycandownload,thinkingthattheywillneverhavetofacetheconsequencesoftheiractions.Whilemostbullheadedyetinexperiencedhackersandonlinetrollsthinkthattheycanhidebehindafakeaccounttoconcealtheiridentity,youcanprovethatthesepeoplearenotasanonymousastheythinktheyare.Infact,thereareseveralwaystouselibrariesandthird-partymodulesinPythontounmaskthelocationandidentityofauserbasedonhisorherIPaddress.

Forexample,yoususpectthatyoursystemisbeingtargetedbyanotherhackerandyounoticethatyouropenportsarebeingsniffedbyaparticularIPaddress.WhatyouwillwanttodoonceyourealizethispotentialattackistoidentifythatIPaddress’locationandreportittotheauthorities.Pythoncanhelpyoudothatusingascriptthatissimilartowhatisgoingtobediscussedinthissection.

Inthisexample,youwillbeusingthefreelyavailabledatabasethatcanbefoundinhttp://www.maxmind.com/app/geolitecity.Usingthisfreedatabase,youwillaimtowriteacodethatwillmatchtheIPaddressesfoundontheirlisttocities.Todothat,downloadthefreedatabase,decompressit,andsendittothelocation/opt/GeoIP/Geo.dat.

OnceyouareabletodownloadtheGeoCityLitedatabase,youwillbeabletoanalyzetheIPaddressesdowntolocatingthecountryname,state,postalcode,andagenerallongitudeandlatitude.Tomakethejobeasier,youcanuseaPythonlibrarycreatedtoanalyzethisdatabase.

Whenyourunthisscript,youwillbeabletoseedatathatlookslikethis:

ParsePacketswithDpktAtthispoint,youunderstandhowimportantitistoanalyzepackets–youwillnotonlywanttoanalyzethepacketsthatarecomingfromanothercomputertounderstandanotheruser’sactivities,butalsounderstandwhatotherpeoplearegoingtodowiththepacketsthattheyareobservingfromyourcomputer.Inthishack,youwilllearnhowtoanalyzeanetworkcapture,andexaminetheprotocollayerofeachpacketusingthetoolcalledDpkt.

Whenyourunthisscript,youwillbeabletofindboththesourceanddestinationIPaddresses:

ThenextthingthatyouwillwanttodoistomatchtheseIPaddresseswithaphysicallocation.YoucanimprovethescriptthatyouhavejustcreatedbycreatinganadditionalfunctionretGeoStr(),whichwillgiveyouaphysicallocationfortheIPaddressthatyourcodeisabletolocate.Forthisexample,youwillbeabletofindthethree-digitcountrycodeandthecityforeachIPaddressandthenhavethecodedisplaythisinformation.Justinanycasethefunctionpromptsyouwithanexception,handleitbyprovidingamessagethatindicatesthattheaddressisnotregistered.ThiswillallowyoutohandlealladdressesthatarenotincludedintheGeoLiteCity

databasethatyoudownloadedearlierorinstancesofprivateaddresses.

OnceyouareabletoaddthefunctionretGeostrtothescriptthatyouwereabletoproduceearlier,youwillbeabletocreateagoodpacketanalysistoolkitthatwillallowyoutoviewthephysicaldestinationsofpacketsthatyouwanttostudy.Thisishowyourfinalcodeshouldlooklike:

Thisishowyourscriptwilllooklikeinaction:

Basedontheseresults,youknowthatthetrafficthatyouareanalyzingisroutedtodifferentpartsoftheworld.Nowthatyouareawarethatyourdataispossiblybeingroutedtotoomanydifferentcomputers,yougettheideathatyouneedtoimproveyoursecuritybysecuringyourports.

ARPPoisoningUsingPythonIfyouareahacker,oneofthethingsthatyouwillwanttoensureisyouranonymity.Youwillwanttomakesurethatyourlocationisuntraceable,andthatisbecauseofagoodnumberorreasons.Forthesakeofpracticingwhitehathacking,youwillwanttolearnhowprogrammersareabletomasktheirlocationespeciallywhentheyperformreconnaissanceattacksorDoSattacks,whichmakesuseoftheInternetProtocolandseetoitthatyoucheckyourtrafficfromtimetotimetoseeifyouractivitiesarebeinglistenedtobyanunknownIPaddress.Atthesametime,youmayalsowanttoprotectyourselffrombeingtargetedbyblackhathackersbyhidingyourlocation.

Toblackhathackers,IPspoofingessentiallyletsthemconcealtheiridentityandlocationwhenevertheyperformtheirattack.DoingsowillalsoallowthemtoimpersonateanothercomputersystemanddefeatexistingsecuritymeasureswhichmayrequireauthenticationbasedontheirIPaddresses.

OneoftheattacksthatmakesuseofusingfalsifiedIPiscalledARPspoofing,whichinvolvessendingafalseAddressResolutionProtocol(ARP)messageoveratargetedlocalareanetwork.Whendonesuccessfully,anattacker’sMACaddressgainstheIPaddressofanauthorizedcomputeroverthetargetednetwork.Thiswillallowanattackertomodifyorstopalltraffic,orinterceptdatasentoverthenetwork.Usingthefollowingcode,youcancatchallpacketsthatareroutedtowardsatargetedmachine,whichentailsbeingabletoseealltheinformationthatatargetedusersendsout,whichallowsyoutoviewprivatecommunicationthatisnotprotectedbyanyformofencryption.

FindInformationAbouttheTargetedMachineTofindouthowyoucanhackyourtarget,youwillneedtochecktheARPcacheonthemachinethatyouwanttoattack.ToinspectfortheARPcacheonaWindowsmachine,takealookatthisexample:

Youwillnoticethatthetarget’sdefaultgatewayIPaddressisat172.16.1.254andhasanARPcacheentrywiththeMACaddress3c-ea-4f-2b-41-f9.TakenoteofthistochecktheARPcachewhileyouhaveanongoingattackandverifythatyouhavechangedtheMACaddressthatcorrespondstothegateway.

CodetheAttackNowthatyouknowthetarget’sIPaddressandthegateway,youcannowcreateyourcode.Yourcodeshouldlooklikethis:

CodethePoisoningThecodeabovesetsupyourattackbyinputtingthetargetIPaddressandtheMACaddressthatgoeswithitusingtheget_macfunction.Youhavealsosetupapacketsnifferthatwillcapturetrafficforyourtargetedmachine.AllthatisleftforyoutodoistowritethesepacketsouttoaPCAPfilethatyoucanpulluplaterusingtheWiresharktool,oruseanimagecarvingscript.Oncethatisdone,youcancallthefunctionrestore_target,whichwillallowyoutoputthenetworkbacktoitsoriginalformbeforetheattackhappened.

Nowthatyouareabletosetupthehack,youarenowreadytocodetheARPpoisoning.Putthefollowingcodeabovethecodeblockthatyoureadearlier:

Chapter11:OtherNiftyHackstoTry

PreventDetectionbyAntivirusAnantivirussoftwareisdesignedtodetectsuspiciousfilesinyoursystem,suchasvirusesandmalwares.However,beingabletomodifythecontentsofamalwarewillenableyoutobypassantivirusdetection.

Inthishack,youwillbeabletolearnhowtocreateamaliciouscodeusingaKaliLinuxcomponentcalledMetasploit.Thisprogramcangeneratemalware,butmostoftheantiviruscompaniescaneasilyrecognizecontentwrittenbythissoftwarewhentheyarereleasedintoacomputerastheyarewrittenoriginally.Inordertocreateanantivirus-proofmalware,youwillneedtotweakthemalwarethatyouwillcreateusingsoftware.

CreateYourMaliciousProgramPullupKaliLinuxandlaunchaterminal.Runthiscommand:

mfspayload-1|more

Doingsowilldisplayexploitsthatareavailableforyoutouse,suchasthefollowing:

Ifyouwanttobindashellinordertocreateaportlistener,executeacommandinatargetedport,andcreateyourownremotecontrol,enterthesecommandsintheKaliLinuxterminal:

msfpayloadwindows/shell_bind_tcpX>shell.exe

ls-lshell.exe

Youwillgetthefollowingoutput,whichshowsthatMetasploithascreatedanexecutablefilenamedshell.exe,whichisyourmalware:

Ofcourse,anysensibleantivirussoftwarewillrealizethatthisisaninsecurefilewhichmaycompromiseatarget’scomputer.

TestYourMalwareToseethatthe.exefilethatyouhavecreatedisrecognizedasamalware,transferittoanothercomputerthathasanantivirusprogramviaaUSB,email,ordragitontothedesktoptocopy.Almostimmediately,theantivirusinstalledwillcatchit,anddetectitlikethis:

Now,ifyouaregoingtoturnofftheantivirussoftwareandrunthemalware,thecommandlinewilldisplaysomethinglikethis:

Whenthishappens,youcanactuallycontroltheWindowsmachinewherethemalwareisinstalledusinganothercomputer.

Tostopthemalware,endtheshell.exefileinTaskManagerorrestartthePC.

EdittheMalwareUsingPythonSinceyourantivirusprogramcandetectthemalwareyoucreated,youneedtoeditthemalwarecodeinorderforittobypassyourcomputer’ssecurity.Todothat,pullupKaliLinuxandtypethiscommandstringintheterminal:

mfspayloadwindows/shell_bind_tcpC

Youwillseethecodefortheexploitthatyoupreviouslyrantobeinhexadecimalcode.Whatyouneedtodoistocompilethiscodeintoan.exefile.Todothis,allyouneedtodoisinputthiscommandstringinaKaliLinuxterminal:

mfspayloadwindows/shell_bind_tcpC>shell

ls-lshell.py

Uponenteringthiscode,KaliLinuxwillgenerateafilewhichlookslikethis:

ThiscodeisinClanguage,whichmeansthatyouwillneedtoaddsomelines.Todothat,enterthiscommandstringintheKaliLinuxterminal:

nanoshell.py

Youwillgetatexteditorwiththiscode:

Importthesystem’slibrarycodethatwillenableyoutorunCprogramsfromPython.Todothat,addthefollowinglineatthebeginningofthecode:

fromctypesimport*

Addthefollowingtothebeginningoftheinitialhecadecimalcodeline:

shellcode=(

Afterthat,removethefollowingline:

Unsignedcharbuf[]

Yourcodeinthenanotexteditorshouldappearlikethis:

Scrolldownandfindthesemicolonlocatedneartheendofthescript.Addaclosingparenthesisbeforeit.Afterdoingso,addthefollowinglinesattheendofthecode:

Youshouldseethisonyourscreenafterdoingso:

Tosaveyourfile,pressCtrl+X,andthenpressYattheprompt.Entertoproceedsavingyourmodifiedfile.

CompiletheMalwareandRunItInordertorunthemodifiedmalware,youwillneedtocompileitfirst.Todothat,pullupa

commandpromptandthenrunthiscommandstring:

pyinstaller--onefile--noconsoleshell.py

Thiswillcreateanewfolderthatisnamed“dist”.Thisfolderwillhavethemodifiedmalwareinsideitnamedasshell.exe.Torunthemalware,allyouneedistoopenthefolderanddouble-clickontheshell.exefile.

TheWindowsFirewallmightblocksomeoftheprogram’sfeaturessinceitwillattempttoconnecttoaremoteserver.BypassthatbyselectingAllowAccess.Afterdoingso,pullupthecommandpromptandthenrun:

netstat-an|findstr4444

Thiswillpullupalisteningport,whichlookslikethis:

Tostopthelistener,simplypulluptheTaskManagerandendtheprocessesnamedshell.exe.

Checkwithyourantivirusifthemalwarethatyouhavejustcreatedcanstillbedetected.Itshouldbypassmostoftheknownantivirusprogramsoutthere.

RetrieveDeletedItemsinRecycleBinAsyoualreadyknow,theRecycleBininWindowsOSisusedasaspecialfolderthatservesasstorageforfilesthatauserdeletes.Thesefilesaremarkedtobeerasedfromtheharddrive,buttheyarenotactuallyremoved.InolderWindowsoperatingsystems(Windows98andolder),thesefilesarestoredinthedirectoryC:\Recycled,andsubsequentoperatingsystemsuntilWindowsXPstorethesefilesinadirectorynamedC:\Recycler.IfyouareusingWindows7andVista,yourfilesarestoredatadirectorynamedC:\$Recycle.Bin.

IfyouemptyyourRecycleBin,youmaythinkthatallthefilesthataremovedtherearecompletelygone.However,therearesituationswhereinyoumaywanttorecoverfilesthatyouaccidentallydeletedfromtheRecycledBin,oryoumaywanttogodumpsterdivingandrecoverimportantdocumentsthatweredeletedfromatargetcomputer.Thiscodewillhelpyoudoallthesethings.

CreateaModuleToHelpFindDeletedFilesOfcourse,youwillwanttowriteascriptthatwillbeindependentoftheoperatingsystem,whichwillmakeitusefultohackadifferentoperatingsystem.Todothat,youwillwanttowriteafunctionthatwillrunatestagainstallpossibledirectoriesthatcontainsdeletefilesinanoperatingsystem,andthenreturnwiththeinformationthatcontainsthedirectorythatexistsontheoperatingsystemthatyouwishtoexploit:

OnceyoumanagetofindthetargetedRecycleBindirectory,thenextthingthatyouwanttodoistolookatthecontents.Takealookatthefounddirectory:

YouwillnoticethestringsS-1-5-21-1275210071-1715567821-725345543-whichendswitheither500or1005.Thesestringsrepresenttheuseraccountsonthetargetedmachine.Now,youwillwanttoidentifytheseuseraccountsandfindoutwhichoftheuseraccountsyouwillwanttoretrievethedeleteditemsfrom.

ChecktheUserIDTodecodetheSIDstringthatyoufoundearlier,youwillneedtoaccesstheWindowsRegistryandmatchthestringwithausername.Youwillfindtheinformationwiththisregistrykey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\<SID>\ProfileImagePath

Pullupyourcommandprompt,andtypein“regquery”.Thiswillcomeupwiththisresult:

Adterdecodingtheusername,youwillneedtocreateafunctionthatwilltranslatetheSIDintotheuser’sname.DoingsowillallowyoutogetmoreusefulinformationwhenyourecoveritemsthatweredeletedfromtheRecyleBin.

ThisfunctionwillpulluptheregistrytochecktheProfileImagePathKey,searchforthevalueandthensendbackwiththenamethatisfoundrightafterthebackslashinthetargetuserpath.

Now,it’stimetoputtheentirecodetogetherthatwillrevealallthefilesthatarestillintheRecycleBin.Thisishowthecompletecodewilllooklike:

Whenyourunthiscodeinsidethetargetedmachineintheexample,youwillnoticethatthescripthasfoundtwousers,theAdministratorandalex.Youwillalsobeabletoseesomeofthefilesthatweredeletedthatyoumaywanttoretrieve:

CreateaKeyloggerUsingPythonKeylogging,alsoknownaskeyboardcapturingorkeystrokelogging,isatrickusedbyhackerstorecordthekeysthatarepressedonakeyboardwithoutthevictimknowingthatheisbeingrecorded.Bybeingabletorecordthesekeystrokes,anyhackerwillbeabletodecipherhowthetargeteduserinteractswithhiscomputer.Thismeansthatwithakeylogger,youessentiallyhaveaccesstopracticallyeverythingthatthevictimhastypedonhiskeyboard,whichincludessensitivedatasuchasusernames,passwords,creditcardnumbers,andsoon.Creatinganefficientkeyloggerwillenableyoutoconvenientlystealsomeoneelse’sidentity,especiallywhenyourloggerremainstobeundetected.

Despitethehugedangerthatkeyloggersmayposetoanyuser,theyareremarkablyeasytomakeusingPython.Thecodethatwillbetaughtinthissectionisakeyloggerthatdoesnotrelyonhardwareandwillcontinuetoruninthebackground,whichpreventsthetargeteduserfromnoticingit.

PullupYourEditorOpenIDLE,oranytexteditorofyourchoice.Onceyouareonanewscriptwindow,inputthefollowingcode:

TesttheCreatedFileSavethecodeaskeylogger.py,andthenrunthefilebypressingCtrl+R.Thekeyloggerwillproceedrunninginthebackgroundandwilllogthekeystrokesonthekeyloggeroutput.txtfile.

Toendlogging,pullupTaskManagerandendallrunningPythontasksandprograms.

Conclusion

Atthispoint,youmayhavehadsomeideaonhowyoucanmakeyourowncomputersystemandnetworkmore secure – simplyperforming someof the codes that are given in this book as anexamplewillgiveyoutheideathattherearejusttoomanyexploitsouttherethatareavailabletocriminalhackersandareusedtocompromisetargetedcomputers.However,yournewknowledgecanpreventyoufromfallingvictimtothesehackersandallowyoutothinktenstepsahead.Sinceyoualreadyaredonereadingabeginner’sguidetohackingwithPython,theonlynextstepsthatyouneed todo is tohoneyour skillsby improvingopen-source scripts andcreatingyourownprogramsthatyoucansharetootherpeoplethatareinterestedininformationsecurity.

NowthatyouhavebetterknowledgeabouthowcriminalhackershackusingPython,youcanfinetunethatknowledgeintodevelopingprogramsthatwillmitigatetheseattacks.Takenotethatthehacking tools that were discussed here are also tools that can help you discover your ownvulnerabilities that hackers can exploit. Since you are capable of using the sameprogramminglanguage thatmany sophisticatedhackersusenowadays, youhave theopportunity to stop themwithbetterscriptsandprogramsthatyoucanalsosharetoyournetwork.

If you have enjoyed reading this book and you believe that you have become a better hackerbecauseofit,pleasetakethetimetosharethisbooktofellowhackersandtellotherreadersaboutitonAmazon.com.Iamexcitedtohearfromyousoon!

Bonus:PreviewOf‘IntroductiontoPython3Pythonisaprogramminglanguageusedfor interactive,portableandflexibleprograms.Ithasasyntax thatcaneasily interfacewithother systems. It’sobject-oriented,meaning, it focusesonobject-orienteddata,modulesandclasses.Youcanuseitforgeneralpurposesinprogramming.Ithasalsoabroadrangeofstandardlibrarythatallowsyoutoworkquicklyandmorereliably.

ThefirstversionsofPythonarethe2xseries,whichisstillveryusefulevenwiththeadventofthe3xseries,becauseitsfeaturesarecompatiblewithmoreapplicationsandsystems.Becauseofsomeupdates,thePython3seriesisstillnotacceptedbyotherdevices.TherearesomesystemsthatarenotadjustedtoPython3.

Nevertheless,Python3isthelatestseriesofthePythonprogramminglanguage.JustlikePython2,it’seasiertolearnthanmostprogramminglanguagesbecauseitssyntaxisclearandsimpleandnotdifficult,unlikethestaticallytypedlanguages.

Pythonhas also an interactive interpreter, such as IDLE to allow learners to codequickly andcheck-atthemoment-iftheirsyntaxesarecorrect.

Forthisbook,wewillbefocusingonthePython3series.

ClickheretocheckouttherestonAmazon.