Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell

Interacting with Twitter

Now, we will discuss a technique that is used frequently these days: relying on well-known servers to perform certain tasks or transfer a piece of information. This technique has been used by a Russian malware. What the attackers did was they sent the data over their Twitter account and made the target parse it later on. So, on the attacker machine, we just send an order or command as a normal tweet to our Twitter account. Note that there is no direct communication between the attacker and its target, which is really evil here. Later on, the target will parse the tweet and execute that order. The benefits of doing this is are:

  • Twitter is a trusted website and it has a very good reputation; most likely, it's a whitelisted website
  • This type of attack is very hard to detect, where an unskilled security team would never have thought that this data could be malicious—and one of my goals here is to open your eyes to such malicious attacks

In the next section, from the Kali...