O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Gray Hat Python

Gray Hat Python

by Justin Seitz
Publisher: No Starch Press
Release Date: April 2009
ISBN: 9781593271923
View table of contents
Start reading

Book Description

Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.

Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it.

You'll learn how to:

  • Automate tedious reversing and security tasks

  • Design and program your own debugger

  • Learn how to fuzz Windows drivers and create powerful fuzzers from scratch

  • Have fun with code and library injection, soft and hard hooking techniques, and other software trickery

  • Sniff secure traffic out of an encrypted web browser session

  • Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more

The world's best hackers are using Python to do their handiwork. Shouldn't you?

Table of Contents

  1. Gray Hat Python
    1. FOREWORD
    2. ACKNOWLEDGMENTS
    3. INTRODUCTION
    4. 1. SETTING UP YOUR DEVELOPMENT ENVIRONMENT
      1. Operating System Requirements
      2. Obtaining and Installing Python 2.5
        1. Installing Python on Windows
        2. Installing Python for Linux
      3. Setting Up Eclipse and PyDev
        1. The Hacker's Best Friend: ctypes
        2. Using Dynamic Libraries
          1. chapter1-printf.py Code on Windows
          2. chapter1-printf.py Code on Linux
        3. Constructing C Datatypes
        4. Passing Parameters by Reference
        5. Defining Structures and Unions
          1. In C
          2. In Python
          3. In C
          4. In Python
          5. chapter1-unions.py
    5. 2. DEBUGGERS AND DEBUGGER DESIGN
      1. General-Purpose CPU Registers
      2. The Stack
        1. Function Call in C
          1. Function Call in C
          2. Function Call in x86 Assembly
      3. Debug Events
      4. Breakpoints
        1. Soft Breakpoints
          1. Opcode Before Breakpoint Is Set
          2. Modified Opcode After Breakpoint Is Set
        2. Hardware Breakpoints
        3. Memory Breakpoints
    6. 3. BUILDING A WINDOWS DEBUGGER
      1. Debuggee, Where Art Thou?
        1. my_debugger_defines.py
          1. my_debugger_defines.py
          2. my_debugger.py
          3. my_test.py
          4. my_debugger.py
          5. my_test.py
      2. Obtaining CPU Register State
        1. Thread Enumeration
        2. Putting It All Together
          1. my_debugger.py
          2. my_test.py
      3. Implementing Debug Event Handlers
        1. my_debugger.py
          1. my_debugger.py
          2. my_test.py
          3. my_debugger.py
      4. The Almighty Breakpoint
        1. Soft Breakpoints
          1. my_debugger.py
          2. my_debugger.py
          3. printf_loop.py
          4. my_test.py
        2. Hardware Breakpoints
          1. my_debugger.py
          2. my_debugger.py
          3. my_test.py
        3. Memory Breakpoints
          1. my_debugger.py
          2. my_debugger.py
      5. Conclusion
    7. 4. PYDBG—A PURE PYTHON WINDOWS DEBUGGER
      1. Extending Breakpoint Handlers
        1. printf_random.py
          1. printf_random.py
        2. Access Violation Handlers
          1. buffer_overflow.py
          2. access_violation_handler.py
      2. Process Snapshots
        1. Obtaining Process Snapshots
          1. snapshot.py
        2. Putting It All Together
          1. danger_track.py
    8. 5. IMMUNITY DEBUGGER—THE BEST OF BOTH WORLDS
      1. Installing Immunity Debugger
      2. Immunity Debugger 101
        1. PyCommands
        2. PyHooks
      3. Exploit Development
        1. Finding Exploit-Friendly Instructions
          1. findinstruction.py
        2. Bad-Character Filtering
          1. badchar.py
        3. Bypassing DEP on Windows
          1. findantidep.py
      4. Defeating Anti-Debugging Routines in Malware
        1. IsDebuggerPresent
        2. Defeating Process Iteration
    9. 6. HOOKING
      1. Soft Hooking with PyDbg
        1. firefox_hook.py
          1. firefox_hook.py
      2. Hard Hooking with Immunity Debugger
        1. hippie_easy.py
          1. hippie_easy.py
    10. 7. DLL AND CODE INJECTION
      1. Remote Thread Creation
        1. DLL Injection
          1. dll_injector.py
        2. Code Injection
          1. code_injector.py
      2. Getting Evil
        1. File Hiding
          1. file_hider.py
        2. Coding the Backdoor
          1. backdoor.py
          2. backdoor.py
          3. backdoor.py
        3. Compiling with py2exe
          1. setup.py
          2. backdoor_shell.py
    11. 8. FUZZING
      1. Bug Classes
        1. Buffer Overflows
        2. Integer Overflows
        3. Format String Attacks
      2. File Fuzzer
        1. file_fuzzer.py
          1. file_fuzzer.py
          2. file_fuzzer.py
          3. file_fuzzer.py
          4. file_fuzzer.py
      3. Future Considerations
        1. Code Coverage
        2. Automated Static Analysis
    12. 9. SULLEY
      1. Sulley Installation
      2. Sulley Primitives
        1. Strings
        2. Delimiters
        3. Static and Random Primitives
        4. Binary Data
        5. Integers
        6. Blocks and Groups
      3. Slaying WarFTPD with Sulley
        1. FTP 101
        2. Creating the FTP Protocol Skeleton
          1. ftp.py
        3. Sulley Sessions
          1. ftp_session.py
        4. Network and Process Monitoring
        5. Fuzzing and the Sulley Web Interface
    13. 10. FUZZING WINDOWS DRIVERS
      1. Driver Communication
      2. Driver Fuzzing with Immunity Debugger
        1. ioctl_fuzzer.py
          1. ioctl_fuzzer.py
      3. Driverlib—The Static Analysis Tool for Drivers
        1. Discovering Device Names
        2. Finding the IOCTL Dispatch Routine
      4. Determining Supported IOCTL Codes
      5. Building a Driver Fuzzer
        1. ioctl_dump.py
          1. ioctl_dump.py
          2. my_ioctl_fuzzer.py
    14. 11. IDAPYTHON—SCRIPTING IDA PRO
      1. IDAPython Installation
      2. IDAPython Functions
        1. Utility Functions
        2. Segments
        3. Functions
        4. Cross-References
        5. Debugger Hooks
      3. Example Scripts
        1. Finding Dangerous Function Cross-References
          1. cross_ref.py
        2. Function Code Coverage
          1. func_coverage.py
        3. Calculating Stack Size
          1. stack_calc.py
    15. 12. PYEMU—THE SCRIPTABLE EMULATOR
      1. Installing PyEmu
      2. PyEmu Overview
        1. PyCPU
        2. PyMemory
        3. PyEmu
        4. Execution
        5. Memory and Register Modifiers
        6. Handlers
        7. Register Handlers
        8. Library Handlers
        9. Exception Handlers
        10. Instruction Handlers
        11. Opcode Handlers
        12. Memory Handlers
        13. High-Level Memory Handlers
        14. Program Counter Handler
      3. IDAPyEmu
        1. addnum.cpp
          1. addnum.cpp
        2. Function Emulation
          1. addnum_function_call.py
          2. addnum_function_call.py
          3. addnum_function_call.py
          4. addnum_function_call.py
        3. PEPyEmu
        4. Executable Packers
        5. UPX Packer
        6. Unpacking UPX with PEPyEmu
          1. upx_unpacker.py
          2. upx_unpacker.py
          3. upx_unpacker.py
    16. Colophon