Black Hat Python

Black Hat Python

by Justin Seitz
Released December 2014
Publisher(s): No Starch Press
ISBN: 9781593275907

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on ebooks.com
Start your free trial

Book description

When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. But just how does the magic happen?

In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You'll learn how to:

  • Create a trojan command-and-control using GitHub
  • Detect sandboxing and automate common malware tasks, like keylogging and screenshotting
  • Escalate Windows privileges with creative process control
  • Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine
  • Extend the popular Burp Suite web-hacking tool
  • Abuse Windows COM automation to perform a man-in-the-browser attack
  • Exfiltrate data from a network most sneakily
Insider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.

When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python.

Publisher resources

View/Submit Errata

Table of contents

  1. Black Hat Python: Python Programming for Hackers and Pentesters
  2. Dedication
  3. About the Author
  4. About the Technical Reviewers
  5. Foreword
  6. Preface
  7. Acknowledgments
  8. 1. Setting Up Your Python Environment
    1. Installing Kali Linux
    2. WingIDE
  9. 2. The Network: Basics
    1. Python Networking in a Paragraph
    2. TCP Client
    3. UDP Client
    4. TCP Server
    5. Replacing Netcat
      1. Kicking the Tires
    6. Building a TCP Proxy
      1. Kicking the Tires
    7. SSH with Paramiko
      1. Kicking the Tires
    8. SSH Tunneling
      1. Kicking the Tires
  10. 3. The Network: Raw Sockets and Sniffing
    1. Building a UDP Host Discovery Tool
    2. Packet Sniffing on Windows and Linux
      1. Kicking the Tires
    3. Decoding the IP Layer
      1. Kicking the Tires
    4. Decoding ICMP
      1. Kicking the Tires
  11. 4. Owning the Network with Scapy
    1. Stealing Email Credentials
      1. Kicking the Tires
    2. ARP Cache Poisoning with Scapy
      1. Kicking the Tires
    3. PCAP Processing
      1. Kicking the Tires
  12. 5. Web Hackery
    1. The Socket Library of the Web: urllib2
    2. Mapping Open Source Web App Installations
      1. Kicking the Tires
    3. Brute-Forcing Directories and File Locations
      1. Kicking the Tires
    4. Brute-Forcing HTML Form Authentication
      1. Kicking the Tires
  13. 6. Extending Burp Proxy
    1. Setting Up
    2. Burp Fuzzing
      1. Kicking the Tires
    3. Bing for Burp
      1. Kicking the Tires
    4. Turning Website Content into Password Gold
      1. Kicking the Tires
  14. 7. Github Command and Control
    1. Setting Up a GitHub Account
    2. Creating Modules
    3. Trojan Configuration
    4. Building a Github-Aware Trojan
      1. Hacking Python’s import Functionality
      2. Kicking the Tires
  15. 8. Common Trojaning Tasks on Windows
    1. Keylogging for Fun and Keystrokes
      1. Kicking the Tires
    2. Taking Screenshots
    3. Pythonic Shellcode Execution
      1. Kicking the Tires
    4. Sandbox Detection
  16. 9. Fun with Internet Explorer
    1. Man-in-the-Browser (Kind Of)
      1. Creating the Server
      2. Kicking the Tires
    2. IE COM Automation for Exfiltration
      1. Kicking the Tires
  17. 10. Windows Privilege Escalation
    1. Installing the Prerequisites
    2. Creating a Process Monitor
      1. Process Monitoring with WMI
      2. Kicking the Tires
    3. Windows Token Privileges
    4. Winning the Race
      1. Kicking the Tires
    5. Code Injection
      1. Kicking the Tires
  18. 11. Automating Offensive Forensics
    1. Installation
    2. Profiles
    3. Grabbing Password Hashes
    4. Direct Code Injection
      1. Kicking the Tires
  19. Updates
  20. Index
  21. Copyright

Product information

  • Title: Black Hat Python
  • Author(s): Justin Seitz
  • Release date: December 2014
  • Publisher(s): No Starch Press
  • ISBN: 9781593275907