Python: Penetration Testing for Developers

Book Image

Python: Penetration Testing for Developers

By : Christopher Duffy, Mohit , Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May

Book Image

Python: Penetration Testing for Developers

By: Christopher Duffy, Mohit , Cameron Buchanan, Andrew Mabbitt, Terry Ip, Dave Mound, Benjamin May

Overview of this book

Cybercriminals are always one step ahead, when it comes to tools and techniques. This means you need to use the same tools and adopt the same mindset to properly secure your software. This course shows you how to do just that, demonstrating how effective Python can be for powerful pentesting that keeps your software safe. Comprising of three key modules, follow each one to push your Python and security skills to the next level. In the first module, we’ll show you how to get to grips with the fundamentals. This means you’ll quickly find out how to tackle some of the common challenges facing pentesters using custom Python tools designed specifically for your needs. You’ll also learn what tools to use and when, giving you complete confidence when deploying your pentester tools to combat any potential threat. In the next module you’ll begin hacking into the application layer. Covering everything from parameter tampering, DDoS, XXS and SQL injection, it will build on the knowledge and skills you learned in the first module to make you an even more fluent security expert. Finally in the third module, you’ll find more than 60 Python pentesting recipes. We think this will soon become your trusted resource for any pentesting situation. This Learning Path combines some of the best that Packt has to offer in one complete, curated package. It includes content from the following Packt products: ? Learning Penetration Testing with Python by Christopher Duffy ? Python Penetration Testing Essentials by Mohit ? Python Web Penetration Testing Cookbook by Cameron Buchanan,Terry Ip, Andrew Mabbitt, Benjamin May and Dave Mound

Python: Penetration Testing for Developers

Python: Penetration Testing for Developers

Python: Penetration Testing for Developers

Python: Penetration Testing for Developers

Credits

Preface

Free Chapter

Understanding the Penetration Testing Methodology

Understanding the Penetration Testing Methodology

An overview of penetration testing

Understanding what penetration testing is not

Assessment methodologies

The penetration testing execution standard

Penetration testing tools

The Basics of Python Scripting

The Basics of Python Scripting

Understanding the difference between interpreted and compiled languages

Python – the good and the bad

A Python interactive interpreter versus a script

Environmental variables and PATH

Understanding dynamically typed languages

The first Python script

Developing scripts and identifying errors

Python formatting

Python variables

Compound statements

The Python style guide

Arguments and options

Your first assessor script

Identifying Targets with Nmap, Scapy, and Python

Identifying Targets with Nmap, Scapy, and Python

Understanding how systems communicate

Understanding Nmap

Nmap libraries for Python

The Scapy library for Python

Executing Credential Attacks with Python

Executing Credential Attacks with Python

The types of credential attacks

Identifying the target

Creating targeted usernames

Testing for users using SMTP VRFY

Exploiting Services with Python

Exploiting Services with Python

Understanding the new age of service exploitation

Understanding the chaining of exploits

Automating the exploit train with Python

Assessing Web Applications with Python

Assessing Web Applications with Python

Identifying live applications versus open ports

Identifying hidden files and directories with Python

Credential attacks with Burp Suite

Using twill to walk through the source

Understanding when to use Python for web assessments

Cracking the Perimeter with Python

Cracking the Perimeter with Python

Understanding today's perimeter

Understanding the link between accounts and services

Cracking inboxes with Burp Suite

Identifying the attack path

Gaining access through websites

Exploit Development with Python, Metasploit, and Immunity

Exploit Development with Python, Metasploit, and Immunity

Getting started with registers

Understanding the Windows memory structure

Understanding memory addresses and endianness

Understanding the manipulation of the stack

Understanding immunity

Understanding basic buffer overflow

Writing a basic buffer overflow exploit

Understanding stack adjustments

Understanding the purpose of local exploits

Understanding other exploit scripts

Reversing Metasploit modules

Understanding protection mechanisms

Automating Reports and Tasks with Python

Automating Reports and Tasks with Python

Understanding how to parse XML files for reports

Understanding how to create a Python class

Adding Permanency to Python Tools

Adding Permanency to Python Tools

Understanding logging within Python

Understanding the difference between multithreading and multiprocessing

Building industry-standard tools

Python with Penetration Testing and Networking

Python with Penetration Testing and Networking

Introducing the scope of pentesting

Approaches to pentesting

Introducing Python scripting

Understanding the tests and tools you'll need

Learning the common testing platforms with Python

Network sockets

Server socket methods

Client socket methods

General socket methods

Moving on to the practical

Scanning Pentesting

Scanning Pentesting

How to check live systems in a network and the concept of a live system

What are the services running on the target machine?

Sniffing and Penetration Testing

Sniffing and Penetration Testing

Introducing a network sniffer

Implementing a network sniffer using Python

Learning about packet crafting

Introducing ARP spoofing and implementing it using Python

Testing the security system using custom packet crafting and injection

Wireless Pentesting

Wireless Pentesting

Wireless SSID finding and wireless traffic analysis by Python

Wireless attacks

Foot Printing of a Web Server and a Web Application

Foot Printing of a Web Server and a Web Application

The concept of foot printing of a web server

Introducing information gathering

Information gathering of a website from SmartWhois by the parser BeautifulSoup

Banner grabbing of a website

Hardening of a web server

Client-side and DDoS Attacks

Client-side and DDoS Attacks

Introducing client-side validation

Tampering with the client-side parameter with Python

Effects of parameter tampering on business

Introducing DoS and DDoS

Pentesting of SQLI and XSS

Pentesting of SQLI and XSS

Introducing the SQL injection attack

Types of SQL injections

Understanding the SQL injection attack by a Python script

Learning about Cross-Site scripting

Gathering Open Source Intelligence

Gathering Open Source Intelligence

Gathering information using the Shodan API

Scripting a Google+ API search

Downloading profile pictures using the Google+ API

Harvesting additional results from the Google+ API using pagination

Getting screenshots of websites with QtWebKit

Screenshots based on a port list

Spidering websites

Enumeration

Performing a ping sweep with Scapy

Scanning with Scapy

Checking username validity

Brute forcing usernames

Enumerating files

Brute forcing passwords

Generating e-mail addresses from names

Finding e-mail addresses from web pages

Finding comments in source code

Vulnerability Identification

Vulnerability Identification

Automated URL-based Directory Traversal

Automated URL-based Cross-site scripting

Automated parameter-based Cross-site scripting

Automated fuzzing

jQuery checking

Header-based Cross-site scripting

Shellshock checking

SQL Injection

Checking jitter

Identifying URL-based SQLi

Exploiting Boolean SQLi

Exploiting Blind SQL Injection

Encoding payloads

Web Header Manipulation

Web Header Manipulation

Testing HTTP methods

Fingerprinting servers through HTTP headers

Testing for insecure headers

Brute forcing login through the Authorization header

Testing for clickjacking vulnerabilities

Identifying alternative sites by spoofing user agents

Testing for insecure cookie flags

Session fixation through a cookie injection

Image Analysis and Manipulation

Image Analysis and Manipulation

Hiding a message using LSB steganography

Extracting messages hidden in LSB

Hiding text in images

Extracting text from images

Enabling command and control using steganography

Encryption and Encoding

Encryption and Encoding

Generating an MD5 hash

Generating an SHA 1/128/256 hash

Implementing SHA and MD5 hashes together

Implementing SHA in a real-world scenario

Generating a Bcrypt hash

Cracking an MD5 hash

Encoding with Base64

Encoding with ROT13

Cracking a substitution cipher

Cracking the Atbash cipher

Attacking one-time pad reuse

Predicting a linear congruential generator

Identifying hashes

Payloads and Shells

Payloads and Shells

Extracting data through HTTP requests

Creating an HTTP C2

Creating an FTP C2

Creating an Twitter C2

Creating a simple Netcat shell

Reporting

Converting Nmap XML to CSV

Extracting links from a URL to Maltego

Extracting e-mails to Maltego

Parsing Sslscan into CSV

Generating graphs using plot.ly

Bibliography

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Understanding basic buffer overflow

The following C code lacks appropriate bound checking to enforce variable size restrictions on a copy. This is a rudimentary example of poor programming, but it is the basis for many exploits that are part of the Metasploit framework.

#include <string.h>
#include <stdio.h>
int main (int argc, char *argv[])
{
    if (argc!=2) return 1; 
    char copyto[12];
    strcpy(copyto, argv[1]);  // failure to enforce size restrictions
    printf("The username you provided is %s", copyto);
    return 0;
}

We take this code and place it into a file called username_test.cpp, and then compile it with MinGW, as shown following:

We can then run newly compiled program to see it returns whatever text we provide it.

Now, start Immunity and open the username_test.exe binary with the argument test, as seen below. This does functionally the same thing as both the Python script and running it from the command line, which means that you can monitor the output from the...