O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Gray Hat C#

Gray Hat C#

by Brandon Perry
Publisher: No Starch Press
Release Date: June 2017
ISBN: 9781492023449
View table of contents
Start reading

Book Description

Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like fuzzing, performing vulnerability scans, and analyzing malware. With some help from Mono, you'll write your own practical security tools that will run on Windows, OS X, Linux, and even mobile devices.

After a crash course in C# and some of its advanced features, you'll learn how to:

  • Write fuzzers that use the HTTP and XML libraries to scan for SQL and XSS injections
  • Generate shellcode in Metasploit to create cross-platform and cross-architecture payloads
  • Automate Nessus, OpenVAS, and sqlmap to scan for vulnerabilities and exploit SQL injections
  • Write a .NET decompiler for OS X and Linux
  • Parse and read offline registry hives to dump system information
  • Automate the security tools Arachni and Metasploit using their MSGPACK RPCs
Streamline and simplify your workday by making the most of C#'s extensive repertoire of powerful tools and libraries with Gray Hat C#.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Brief Contents
  5. Contents in Detail
  6. Foreword by Matt Graeber
  7. Preface
    1. Why Should I Trust Mono?
    2. Who Is This Book For?
    3. Organization of This Book
    4. Acknowledgments
    5. A Final Note
  8. Chapter 1: C# Crash Course
    1. Choosing an IDE
    2. A Simple Example
    3. Introducing Classes and Interfaces
      1. Creating a Class
      2. Creating an Interface
      3. Subclassing from an Abstract Class and Implementing an Interface
      4. Tying Everything Together with the Main() Method
      5. Running the Main() Method
    4. Anonymous Methods
      1. Assigning a Delegate to a Method
      2. Updating the Firefighter Class
      3. Creating Optional Arguments
      4. Updating the Main() Method
      5. Running the Updated Main() Method
    5. Integrating with Native Libraries
    6. Conclusion
  9. Chapter 2: Fuzzing and Exploiting XSS and SQL Injection
    1. Setting Up the Virtual Machine
      1. Adding a Host-Only Virtual Network
      2. Creating the Virtual Machine
      3. Booting the Virtual Machine from the BadStore ISO
    2. SQL Injections
    3. Cross-Site Scripting
    4. Fuzzing GET Requests with a Mutational Fuzzer
      1. Tainting the Parameters and Testing for Vulnerabilities
      2. Building the HTTP Requests
      3. Testing the Fuzzing Code
    5. Fuzzing POST Requests
      1. Writing a POST Request Fuzzer
      2. The Fuzzing Begins
      3. Fuzzing Parameters
    6. Fuzzing JSON
      1. Setting Up the Vulnerable Appliance
      2. Capturing a Vulnerable JSON Request
      3. Creating the JSON Fuzzer
      4. Testing the JSON Fuzzer
    7. Exploiting SQL Injections
      1. Performing a UNION-Based Exploit by Hand
      2. Performing a UNION-Based Exploit Programmatically
      3. Exploiting Boolean-Blind SQL Vulnerabilities
    8. Conclusion
  10. Chapter 3: Fuzzing SOAP Endpoints
    1. Setting Up the Vulnerable Endpoint
    2. Parsing the WSDL
      1. Creating a Class for the WSDL Document
      2. Writing the Initial Parsing Methods
      3. Writing a Class for the SOAP Type and Parameters
      4. Creating the SoapMessage Class to Define Sent Data
      5. Implementing a Class for Message Parts
      6. Defining Port Operations with the SoapPortType Class
      7. Implementing a Class for Port Operations
      8. Defining Protocols Used in SOAP Bindings
      9. Compiling a List of Operation Child Nodes
      10. Finding the SOAP Services on Ports
    3. Automatically Fuzzing the SOAP Endpoint for SQL Injection Vulnerabilities
      1. Fuzzing Individual SOAP Services
      2. Fuzzing the HTTP POST SOAP Port
      3. Fuzzing the SOAP XML Port
      4. Running the Fuzzer
    4. Conclusion
  11. Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads
    1. Creating a Connect-Back Payload
      1. The Network Stream
      2. Running the Command
      3. Running the Payload
    2. Binding a Payload
      1. Accepting Data, Running Commands, and Returning Output
      2. Executing Commands from the Stream
    3. Using UDP to Attack a Network
      1. The Code for the Target’s Machine
      2. The Attacker’s Code
    4. Running x86 and x86-64 Metasploit Payloads from C#
      1. Setting Up Metasploit
      2. Generating Payloads
      3. Executing Native Windows Payloads as Unmanaged Code
      4. Executing Native Linux Payloads
    5. Conclusion
  12. Chapter 5: Automating Nessus
    1. REST and the Nessus API
    2. The NessusSession Class
      1. Making the HTTP Requests
      2. Logging Out and Cleaning Up
      3. Testing the NessusSession Class
    3. The NessusManager Class
    4. Performing a Nessus Scan
    5. Conclusion
  13. Chapter 6: Automating Nexpose
    1. Installing Nexpose
      1. Activation and Testing
      2. Some Nexpose Parlance
    2. The NexposeSession Class
      1. The ExecuteCommand() Method
      2. Logging Out and Disposing of Our Session
      3. Finding the API Version
      4. Driving the Nexpose API
    3. The NexposeManager Class
    4. Automating a Vulnerability Scan
      1. Creating a Site with Assets
      2. Starting a Scan
    5. Creating a PDF Site Report and Deleting the Site
    6. Putting It All Together
      1. Starting the Scan
      2. Generating a Report and Deleting the Site
      3. Running the Automation
    7. Conclusion
  14. Chapter 7: Automating OpenVAS
    1. Installing OpenVAS
    2. Building the Classes
    3. The OpenVASSession Class
      1. Authenticating with the OpenVAS Server
      2. Creating a Method to Execute OpenVAS Commands
      3. Reading the Server Message
      4. Setting Up the TCP Stream to Send and Receive Commands
      5. Certificate Validation and Garbage Collection
      6. Getting the OpenVAS Version
    4. The OpenVASManager Class
      1. Getting Scan Configurations and Creating Targets
      2. Wrapping Up the Automation
      3. Running the Automation
    5. Conclusion
  15. Chapter 8: Automating Cuckoo Sandbox
    1. Setting Up Cuckoo Sandbox
    2. Manually Running the Cuckoo Sandbox API
      1. Starting the API
      2. Checking Cuckoo’s Status
    3. Creating the CuckooSession Class
      1. Writing the ExecuteCommand() Methods to Handle HTTP Requests
      2. Creating Multipart HTTP Data with the GetMultipartFormData() Method
      3. Processing File Data with the FileParameter Class
      4. Testing the CuckooSession and Supporting Classes
    4. Writing the CuckooManager Class
      1. Writing the CreateTask() Method
      2. The Task Details and Reporting Methods
      3. Creating the Task Abstract Class
      4. Sorting and Creating Different Class Types
    5. Putting It Together
    6. Testing the Application
    7. Conclusion
  16. Chapter 9: Automating Sqlmap
    1. Running sqlmap
      1. The sqlmap REST API
      2. Testing the sqlmap API with curl
    2. Creating a Session for sqlmap
      1. Creating a Method to Execute a GET Request
      2. Executing a POST Request
      3. Testing the Session Class
    3. The SqlmapManager Class
      1. Listing sqlmap Options
      2. Making a Method to Perform Scans
      3. The New Main() Method
    4. Reporting on a Scan
    5. Automating a Full sqlmap Scan
    6. Integrating sqlmap with the SOAP Fuzzer
      1. Adding sqlmap GET Request Support to the SOAP Fuzzer
      2. Adding sqlmap POST Request Support
      3. Calling the New Methods
    7. Conclusion
  17. Chapter 10: Automating ClamAV
    1. Installing ClamAV
    2. The ClamAV Native Library vs. the clamd Network Daemon
    3. Automating with ClamAV’s Native Library
      1. Setting Up the Supporting Enumerations and Classes
      2. Accessing ClamAV’s Native Library Functions
      3. Compiling the ClamAV Engine
      4. Scanning Files
      5. Cleaning Up
      6. Testing the Program by Scanning the EICAR File
    4. Automating with clamd
      1. Installing the clamd Daemon
      2. Starting the clamd Daemon
      3. Creating a Session Class for clamd
      4. Creating a clamd Manager Class
      5. Testing with clamd
    5. Conclusion
  18. Chapter 11: Automating Metasploit
    1. Running the RPC Server
    2. Installing Metasploitable
    3. Getting the MSGPACK Library
      1. Installing the NuGet Package Manager for MonoDevelop
      2. Installing the MSGPACK Library
      3. Referencing the MSGPACK Library
    4. Writing the MetasploitSession Class
      1. Creating the Execute() Method for HTTP Requests and Interacting with MSGPACK
      2. Transforming Response Data from MSGPACK
    5. Testing the session Class
    6. Writing the MetasploitManager Class
    7. Putting It All Together
      1. Running the Exploit
      2. Interacting with the Shell
      3. Popping Shells
    8. Conclusion
  19. Chapter 12: Automating Arachni
    1. Installing Arachni
    2. The Arachni REST API
      1. Creating the ArachniHTTPSession Class
      2. Creating the ArachniHTTPManager Class
    3. Putting the Session and Manager Classes Together
    4. The Arachni RPC
      1. Manually Running the RPC
      2. The ArachniRPCSession Class
      3. The Supporting Methods for ExecuteCommand()
      4. The ExecuteCommand() Method
      5. The ArachniRPCManager Class
    5. Putting It All Together
    6. Conclusion
  20. Chapter 13: Decompiling and Reversing Managed Assemblies
    1. Decompiling Managed Assemblies
    2. Testing the Decompiler
    3. Using monodis to Analyze an Assembly
    4. Conclusion
  21. Chapter 14: Reading Offline Registry Hives
    1. The Registry Hive Structure
    2. Getting the Registry Hives
    3. Reading the Registry Hive
      1. Creating a Class to Parse a Registry Hive File
      2. Creating a Class for Node Keys
      3. Making a Class to Store Value Keys
    4. Testing the Library
    5. Dumping the Boot Key
      1. The GetBootKey() Method
      2. The GetValueKey() Method
      3. The GetNodeKey() Method
      4. The StringToByteArray() Method
      5. Getting the Boot Key
      6. Verifying the Boot Key
    6. Conclusion
  22. Index
  23. Resources
  24. The Electronic Frontier Foundation (EFF)
  25. Footnote
    1. Chapter 8: Automating Cuckoo Sandbox