Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Protecting your tunnel with RSA


In this section, we will be using the RSA asymmetric algorithm to protect our tunnel. Now, to review the requirements for asymmetric encryption: as we said, each entity has its own key pair; when I say key pair, I mean a public and a private key. The final key-pair distribution will be as follows. The client will hold its own private key and the server's public key. On the other side, the server or the Kali machine will hold its own private key and the target's public key. So, when we want to send a message or command to our target from the Kali side, first we will encrypt that message using the target's public key and then we will send it over the tunnel in encrypted format. The target will grab that command or message, and using its private key it can decrypt it and extract it back to clear text. The reply, after executing the command, will be encrypted using the server's public key. After that, we will send it out in encrypted format to the network and...