Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell

Tips for preventing a shell breakdown

As we have explained earlier, We created a shell by creating a subprocess and passing the commands to this subprocess. Now, the point is that some commands cannot work properly using this technique, such as the cls and clear commands, both of which will not work in a shell. Now, for instance, let's say that we were able to get a shell to the client PC and later on we discovered some kind of Telnet or FTP server connected on the same internal network. Unfortunately, we cannot use the built-in Telnet client in the operating system from our shell and this is because once we do so, the server will prompt us with a username and password; this is called the interactive method and the shell will fail to handle these types of interaction.

One solution is to use a special Python library called Pexpect. Pexpect allows your script to interact with an application just as if a human were typing these commands. Now, last but not least, always test the command locally in a VirtualBox before sending it to your target.

There are couple of points to mention here. First, we have a problem with clear text. Now, all our traffic and file transfer was in clear text. This means that any IPS or network analyzer will easily pick up our commands and may block that connection or at least raise a flag to the system or the SOC team. Now, in Chapter 4Catch Me If You Can!, we will address this point by building a custom XOR encryption to encrypt all our traffic between the attacker and the target machine.

The second point is: What if the hacker IP address was dynamically changed? Let's say that the hacker is behind an ADSL or a proxy, where each time he connects to the internet his IP address will change. Remember that we configured our target to connect to a fixed IP address and eventually the connection will fail since that IP address will not be valid anymore.