Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Preparing the attacker machine


In this section, we will prepare our Kali Linux machine as the attacker. Note that we are assuming that the operating system is already set up in VMware or VirtualBox. As of now, we will be using VirtualBox for all our chapters. 

We can check the version of any Linux OS by running the following cat command to display the content from the file /etc/os-release, which contains OS distribution data. We will be using Kali Linux version 2018.1, as you can see from the following screenshot:

It doesn't matter what your Kali version is. For this book, we will be using the latest version available at the time of writing. Since, by default, Python is preinstalled in every Linux distribution, we can get the version details from either the interactive shell by running the command python or by using python -V, as shown in the following screenshot: 

We will be using Python 2.7.14+ for now, which came preinstalled with our Linux version.

So, let's go for networking a little bit. In this chapter, the Kali IP is 10.0.2.15. We can check the Kali IP by running the ifconfig eth0 command. This will return the network interface configuration as shown here: 

Setting up internet access

To set up the internet on our system, we just need to change the network mode to Network Address Translation (NAT) in VirtualBox. NAT mode will mask all network activity as if it came from your host OS, although VirtualBox can access external resources. To do this, perform the following steps:

  1. Click on the Devices menu from VirtualBox's menu bar
  2. Go to Network and select Network Settings
  3. Select the network mode as NAT and click onOK as shown in the following screenshot:

Once you perform the preceding steps, you should be able to reach the internet, as long as the VirtualBox host does. You can check internet access by running ping 8.8.8.8 from the terminal.

Now, if you don't have a GUI compiler for Python, you can just install it using the following command:

apt-get install idle

Once it's installed, let's do a quick print program using IDLE (using Python-2.7),which we installed using the previous command. Open a new Python file and type print ('hello there'). Run the program and save it on the desktop. Once you finish accessing the internet, you now need to change the network mode back to Internal Network so that we can reach out to our Windows target. This is shown in the following screenshot:

Note

Note that the Windows target globally machine is sitting on the same internal network as Kali attacker globally machine, intnet, here.

And, as a last step, we should verify that we still got the same IP address, which is 10.0.2.15 by running ifconfig in the terminal. 

Note

if the IP changes, you can change the IP back by running ifconfig eth0 10.0.2.15.