Book Image

Python for Offensive PenTest

By : Hussam Khrais
Book Image

Python for Offensive PenTest

By: Hussam Khrais

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.
Table of Contents (13 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Preface

Python is an easy-to-learn cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python and can be easily integrated within your script. This book is divided into clear bite-size chunks, so you can learn at your own pace and focus on the areas that are of most interest to you. You will learn how to code your own scripts and master ethical hacking from scratch.

Who this book is for

This book is for ethical hackers; penetration testers; students preparing for OSCP, OSCE, GPEN, GXPN, and CEH; information security professionals; cyber security consultants; system and network security administrators; and programmers who are keen on learning all about penetration testing.

What this book covers

Chapter 1, Warming up– Your First Antivirus-Free Persistence Shell, prepares our Kali Linux as the attacker machine. It also prepares out a target and gives a quick overview of the TCP reverse shell, the HTTP reverse shell, and how to assemble those.

Chapter 2, Advanced Scriptable Shell, covers evaluating dynamic DNS, interacting with Twitter, and the use of countermeasures to protect ourselves from attacks.

Chapter 3, Password Hacking, explains the usage of antivirus free loggers, hijacking the KeePass password manager, Firefox API hooking, and password phishing.

Chapter 4, Catch Me If You Can!, explains how to bypass a host-based firewall outline, hijack Internet Explorer, and bypass reputation filtering. We also interact with source forge and Google forms.

Chapter 5, Miscellaneous Fun in Windows, focus on exploiting vulnerable software in Windows and different techniques within privilege escalation. We'll also look into creating backdoors and covering our tracks. 

Chapter 6, Abuse of Cryptography by Malware, provides a quick introduction to encryption algorithms, protecting your tunnel with AES and RSA, and developing hybrid-encryption keys.

To get the most out of this book

You'll need an understanding of Kali Linux and the OSI model. Also, basic knowledge of penetration testing and ethical hacking would be beneficial.

You will also need a 64-bit Kali Linux and a 32-bit Windows 7 machine with Python installed, on Oracle VirtualBox. A system having a minimum of 8 GB RAM is recommended.

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

  1. Log in or register at www.packtpub.com.
  2. Select the SUPPORT tab.
  3. Click on Code Downloads & Errata.
  4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR/7-Zip for Windows
  • Zipeg/iZip/UnRarX for Mac
  • 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Python-for-Offensive-PenTest. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/PythonforOffensivePenTest_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Now, if you pay a close attention to the service name which gets created by Photodex software which is ScsiAccess."

A block of code is set as follows:

if 'terminate' in command: # If we got terminate command, inform the client and close the connect and break the loop
            conn.send('terminate')
            conn.close()
            break

Any command-line input or output is written as follows:

apt-get install idle

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Go to Advanced system settings | Environment Variables."

Note

Warnings or important notes appear like this.

Note

Tips and tricks appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.