Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell

Python in Firefox EXE

In this section, we will enhance our previous PoC script to match the following:

  1. Once you get a pass in the memory, print out the memory dump and stop debugging to minimize performance issues
  2. Export your script into a standalone EXE file, so it can be used in the postexploitation phase (using Py2exe)
  3. Test it against antivirus
  4. Try and make sure that it's fully functional by testing it while logging into Twitter, Gmail, PayPal, and Facebook accounts


In the callback function, add a new if statement to terminate the debugging once we get a pass keyword. It's always a good thing before sending this script to your target, to test it locally first. To do so, you may need to change the setting in the py2exe setup file to the console mode.

To test the script, we will log in to the Facebook account:

  1. Go to the login page of Facebook. As you will see, LastPass has entered our username and password for us.
  2. Run our script. You will get the Firefox process ID and the memory address for...